Created
August 22, 2018 17:01
-
-
Save gswallow/22cec9093ddb5337dac6ccb38e2b6f70 to your computer and use it in GitHub Desktop.
Find LDAP clients from HAProxy connection logs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/local/bin/bash | |
| pfx=$(basename $0) | |
| tempdir=$(mktemp -d /tmp/$pfx.$$) | |
| for i in /var/log/messages*; do | |
| case $i in | |
| *.bz2 ) | |
| bunzip2 -c $i | egrep '(51|62)(:389|:636)' | awk '{print $8" "$10}' | awk -F':' '{print $1" "$3}' >> $tempdir/clients | |
| ;; | |
| * ) | |
| cat $i | egrep '(51|62)(:389|:636)' | awk '{print $8" "$10}' | awk -F':' '{print $1" "$3}' >> $tempdir/clients | |
| ;; | |
| esac | |
| done | |
| sort $tempdir/clients | uniq -c | sort -k1n | while read COUNT HOST PORT; do | |
| res=$(host $HOST) | |
| if [ $? -gt 0 ]; then | |
| echo $COUNT $HOST $PORT >> $tempdir/sorted | |
| else | |
| hostname=$(echo $res | awk '{print $NF}') | |
| echo $COUNT $hostname $PORT >> $tempdir/sorted | |
| fi | |
| done | |
| cat $tempdir/sorted | |
| rm $tempdir/clients $tempdir/sorted | |
| rmdir $tempdir |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment