I had been meaning to update ldap-stats.pl for quite some time, and finally got the updates completed this afternoon. The new version contains usage breakdowns by hour of day, day of month, and months in the year:
$ ldap-stats.pl /var/log/openldap openldap
Report Generated on Sun Sep 25 16:30:36 2005
--------------------------------------------
Processed "/var/log/openldap": Sep 18 00:29:35 - Sep 23 23:13:51
Processed "openldap1": Dec 26 19:20:50 - Dec 29 12:22:00
Processed "openldap2": Dec 26 19:20:50 - Dec 31 12:51:02
Processed "openldap3": Dec 26 19:20:50 - Dec 29 12:22:00
Operation totals
------------------
Total operations : 116424
Total connections : 22176
Total authentication failures : 0
Total binds : 15708
Total unbinds : 15708
Total searches : 85008
Total compares : 0
Total modifications : 0
Total modrdns : 0
Total additions : 0
Total deletions : 0
Unindexed attribute requests : 0
Operations per connection : 5.25
Hostname Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels
------------- ----------- -------- ------ ------- -------- ---- ---- ------- ----
192.168.1.3 19404 0 12936 12936 82236 0 0 0 0
192.168.1.8 2772 0 2772 2772 2772 0 0 0 0
Hour of Day Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels
------------- ----------- -------- ------ ------- -------- ---- ---- ------- ----
01:00 - 01:59 3696 0 3696 3696 3696 0 0 0 0
02:00 - 02:59 3696 0 3696 3696 3696 0 0 0 0
12:00 - 12:59 924 0 924 924 924 0 0 0 0
13:00 - 13:59 3696 0 3696 3696 3696 0 0 0 0
15:00 - 15:59 1848 0 1848 1848 1848 0 0 0 0
17:00 - 17:59 3696 0 0 0 55440 0 0 0 0
18:00 - 18:59 924 0 0 0 13860 0 0 0 0
21:00 - 21:59 924 0 924 924 924 0 0 0 0
23:00 - 23:59 2772 0 924 924 924 0 0 0 0
Day of Month Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels
------------- ----------- -------- ------ ------- -------- ---- ---- ------- ----
18 8316 0 924 3696 72996 0 0 0 0
19 924 0 0 924 924 0 0 0 0
21 6468 0 0 6468 6468 0 0 0 0
22 3696 0 3696 3696 3696 0 0 0 0
23 2772 0 924 924 924 0 0 0 0
Month Connections Failures Binds Unbinds Searches Adds Mods ModRDNs Dels
------- ----------- -------- ------ ------- -------- ---- ---- ------- ----
Sep 22176 0 15708 15708 85008 0 0 0 0
Unindexed attribute References to attribute
------------------- -----------------------
sn 46
givenName 46
# Searches Search base referenced by # searches
---------- -----------------------------------------------------------
15708 ou=contacts,dc=synack,dc=com
9240 cn=operations,cn=monitor
4620 cn=add,cn=operations,cn=monitor
4620 cn=read,cn=waiters,cn=monitor
4620 cn=search,cn=operations,cn=monitor
4620 cn=compare,cn=operations,cn=monitor
4620 cn=modify,cn=operations,cn=monitor
4620 cn=bind,cn=operations,cn=monitor
4620 cn=delete,cn=operations,cn=monitor
4620 cn=write,cn=waiters,cn=monitor
4620 cn=total,cn=connections,cn=monitor
4620 cn=entries,cn=statistics,cn=monitor
4620 cn=referrals,cn=statistics,cn=monitor
4620 cn=bytes,cn=statistics,cn=monitor
4620 cn=unbind,cn=operations,cn=monitor
# Binds Bind DN
------- --------------------------------------------------------------
10164 anonymous
5544 cn=email,dc=synack,dc=com
The time breakdowns can be useful for finding bootleg cron jobs, and attempts to illegally access the directory server. Let me know if you find any problems!