[Date Prev][Date Next] [Chronological] [Thread] [Top]

Tools for parsing/monitoring/graphing slapd logs



Dear folks,

We use OpenLDAP 2.0.23 to authenticate student/staff access to laboratory
computers.  Recently a DOS attack has been launched (probably unwittingly) that
sent hundreds of search requests per second to our server, which brought the
CPU load average to 7 and above, making the system almost unusable.  To catch
the culprit, I just wrote a Perl program that runs tail -f on the slapd log, and
categorises the requests by filter, and sends email to technical staff if the
attack begins again.

I was thinking of enhancing/rewriting this to create a general directory
monitoring tool, feeding Cricket to graph various request categories, perhaps
integrating with Mon, or providing other other alerts besides email, such as
SMS.

But surely some of you must have already written such a tool.  I do not want to
waste time reinventing the wheel.  Please let me know if you have written/are
writing/are using such a tool.  Or if you want a copy of my little effort.

--
Nick Urbanik   RHCE                                  nicku@vtc.edu.hk
Dept. of Information & Communications Technology
Hong Kong Institute of Vocational Education (Tsing Yi)
Tel:   (852) 2436 8576, (852) 2436 8713          Fax: (852) 2436 8526
PGP: 53 B6 6D 73 52 EE 1F EE EC F8 21 98 45 1C 23 7B     ID: 7529555D
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24   ID: BB9D2C24