[Freeipa-users] dirsrv access logs flooded from single connection id
Rich Megginson
rmeggins at redhat.com
Mon Jun 29 16:29:24 UTC 2015
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
> Our dirsrv access logs on our freeipa master server are getting flooded
> with this:
>
> [29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH
> base="cn=u2,cn=groups,cn=accounts,dc=ccr,dc=buffalo,dc=edu" scope=0
> filter="(objectClass=*)" attrs="objectClass posixgroup cn userPassword
> gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn uid"
>
> [29/Jun/2015:12:08:08 -0400] conn=215758 op=1356545457 RESULT err=0
> tag=101 nentries=0 etime=0 notes=P
>
> All from the same conn=215758. Logs get rotated every minute.
>
> logconv.pl is showing
>
> Searches: 265803 (3322.54/sec) (199352.25/min)
>
>
> How can I figure out which ip address this query is coming from? Is
> there a way to fetch the ip using the connection id? conn=215758?
grep "conn=215758 fd=" /var/log/dirsrv/slapd-INST/access*
Unfortunately, if it has been rotated away, you won't be able to get the
information from the access log.
>
> Thanks in advance.
>
> --Andrew
>
More information about the Freeipa-users
mailing list