SlideShare une entreprise Scribd logo

Analyse OpenLDAP logs with ELK

Clément OUDOT
Clément OUDOT

Some inputs to use ElasticSearch, Logstash and Kibana to parse OpenLDAP logs

Technologie
1  sur  34
Télécharger pour lire hors ligne
Analyse logs with ElasticSearch, Logstash and Kibana
2 Clément OUDOT @clementoudot ● Founded in 1999 ● >100 persons ● Montréal, Quebec City, Ottawa, Paris ● ISO 9001:2004 / ISO 14001:2008 ● contact@savoirfairelinux.com
3 Summary 11 22 33 The ELK stack Format of OpenLDAP logs OpenLDAP with ELK
4 The ELK Stack11
5 ELASTICSEARCH LOGTASH KIBANA
6 Elasticsearch ● Written in Java ● License Apache 2.0 ● Based on Lucene ● JSON ● REST ● Distributed ● Index and fields
7 clement@ader-sfl:~$ curl http://localhost:9200 { "status" : 200, "name" : "Mahkizmo", "cluster_name" : "elasticsearch", "version" : { "number" : "1.6.0", "build_hash" : "cdd3ac4dde4f69524ec0a14de3828cb95bbb86d0", "build_timestamp" : "2015-06-09T13:36:34Z", "build_snapshot" : false, "lucene_version" : "4.10.4" }, "tagline" : "You Know, for Search" }
8https://mobz.github.io/elasticsearch-head/
9 Logstash ● JRuby ● License Apache 2.0 ● Multiple inputs (file, syslog, ...) ● Multiple outputs (console, redis, elasticsearch, …) ● Filters
10 root@ader-sfl:~# /opt/logstash/bin/logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } }' Logstash startup completed RMLL 2015 { "message" => "RMLL 2015", "@version" => "1", "@timestamp" => "2015-07-02T08:29:09.363Z", "host" => "ader-sfl" }
11 Grok ● Grok allows to parse message and store content in fields ● Grok comes with standard patterns (Syslog, Apache, …) ● You can also define you own patterns ● Grok debugger: http://grokdebug.herokuapp.com/
12 Example of grok patterns # Log formats SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?% {SYSLOGHOST:logsource} %{SYSLOGPROG}: COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} [%{HTTPDATE:timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" % {NUMBER:response} (?:%{NUMBER:bytes}|-) COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
13 Using grok in logstash input { file { path => "/var/log/http.log" } } filter { grok { match => { "message" => "%{IP:client} %{WORD:method} % {URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } } } 55.3.244.1 GET /index.html 15824 0.043
14 Kibana ● Javascript ● License Apache 2.0 ● Connect to elasticsearch ● Lucene queries ● On the fly graphics
15
16 Working together
17 Format of OpenLDAP logs22
18 Logging in OpenLDAP ● Relies on syslog ● Log levels are cumulative ● Log level is configured in olcLogLevel parameter in cn=config dn: cn=config objectClass: olcGlobal cn: config olcLogLevel: stats
19 Level Keyword Description -1 any enable all debugging 0   no debugging 1 (0x1 trace) trace function calls 2 (0x2 packets) debug packet handling 4 (0x4 args) heavy trace debugging 8 (0x8 conns) connection management 16 (0x10 BER) print out packets sent and received 32 (0x20 filter) search filter processing 64 (0x40 config) configuration processing 128 (0x80 ACL) access control list processing 256 (0x100 stats) stats log connections/operations/results 512 (0x200 stats2) stats log entries sent 1024 (0x400 shell) print communication with shell backends 2048 (0x800 parse) print entry parsing debugging 16384 (0x4000 sync) syncrepl consumer processing 32768 (0x8000 none) only messages that get logged whatever log level is set
20 Information in the “stats” loglevel ● Connections (opening, closing, TLS, ...) ● Operations and results ● Errors and warnings: – Missing index – Connection lost – Password policy messages – ...
21 Connections Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162707 fd=12 ACCEPT from IP=127.0.0.1:44678 (IP=0.0.0.0:389) ... Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162707 fd=12 closed
22 Operation: BIND and UNBIND Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=3 BIND dn="cn=admin,dc=example,dc=com" method=128 Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=3 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=3 RESULT tag=97 err=0 text= Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162708 op=7 UNBIND
23 Operation: SEARCH Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=5 SRCH base="ou=users,dc=example,dc=com" scope=1 deref=0 filter="(objectClass=*)" Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=5 SRCH attr=uid Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=5 SEARCH RESULT tag=101 err=0 nentries=50 text=
24 Operation: MODIFY Jul 1 16:10:36 ader-sfl slapd[1377]: conn=162711 op=17 MOD dn="uid=user1,ou=users,dc=example,dc=com" Jul 1 16:10:36 ader-sfl slapd[1377]: conn=162711 op=17 MOD attr=userPassword Jul 1 16:10:36 ader-sfl slapd[1377]: conn=162711 op=17 RESULT tag=103 err=0 text=
25 Errors and warnings Jul 1 17:18:48 ader-sfl slapd[1377]: conn=162711 fd=12 closed (connection lost) Jul 1 09:28:40 ader-sfl slapd[1377]: connection_input: conn=93309 deferring operation: binding Jul 2 08:41:02 ader-sfl slapd[1377]: <= mdb_equality_candidates: (objectClass) not indexed Jul 1 16:23:46 ader-sfl slapd[1377]: ppolicy_bind: Setting warning for password expiry for uid=user1,ou=users,dc=example,dc=com = 589 seconds
26 Logfile alternatives ● Overlay accesslog : log events in an LDAP backend ● Overlay auditlog : log events in an LDIF file
27 OpenLDAP with ELK33
28 Configure logstash ● Input: – OpenLDAP logfile – Syslog ● Filters: – Syslog Grok pattern – Date – OpenLDAP specific log patterns ● Output: elasticsearch
29 Main grok pattern %{SYSLOGBASE} (?:(?:<= (?:b|m)db_% {DATA:index_error_filter_type}_candidates: (% {WORD:index_error_attribute_name}) not indexed)|(?:ppolicy_% {DATA:ppolicy_op}: %{DATA:ppolicy_data})|(?:connection_input: conn=% {INT:connection} deferring operation: %{DATA:deferring_op})| (?:connection_read(%{INT:fd_number}): no connection!)|(?:conn=% {INT:connection} (?:(?:fd=%{INT:fd_number} (?:(?:closed(?: (connection lost)|))|(?:ACCEPT from IP=%{IP:src_ip}:%{INT:src_port} (IP=% {IP:dst_ip}:%{INT:dst_port}))|(?:TLS established tls_ssf=% {INT:tls_ssf} ssf=%{INT:ssf})))|(?:op=%{INT:operation_number} (?:(?:(?: (?:SEARCH )|(?:))RESULT (?:tag=%{INT:tag}|oid=(?:%{DATA:oid}(?:))) err=% {INT:error_code}(?:(?: nentries=%{INT:nentries})|(?:)) text=(?:(?:% {DATA:error_text})|(?:)))|(?:%{WORD:operation_name}(?:(?: %{DATA:data})| (?:))))))))%{SPACE}$
30 Conditional grok pattern if [operation_name] == "SRCH" { grok { match => [ "data", "(?:(?:base="%{DATA:search_base}" scope=% {INT:search_scope} deref=%{INT:search_deref} filter="% {DATA:search_filter}")|(?:attr=%{DATA:search_attr}))%{SPACE}$" ] } } if [operation_name] == "ADD" { grok { match => [ "data", "dn="%{DATA:add_dn}"%{SPACE}$" ] } }
31 Display data in Kibana ● Access to all logged messages ● Query data, for example: – Follow a connection: connection=162738 – Find missing index: _exists_:index_error_attribute_name ● Create dashboards, for example: – LDAP operations – LDAP error codes
32
33 Use and improve! https://github.com/coudot/openldap-elk
34 Seems all clear Any question?

Recommandé

[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDNOpenStack Korea Community
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisTO THE NEW | Technology
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScaleMariaDB plc
 
InnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick FiguresInnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick FiguresKarwin Software Solutions LLC
 
Evolution of MySQL Parallel Replication
Evolution of MySQL Parallel Replication Evolution of MySQL Parallel Replication
Evolution of MySQL Parallel Replication Mydbops
 
NkSIP: The Erlang SIP application server
NkSIP: The Erlang SIP application serverNkSIP: The Erlang SIP application server
NkSIP: The Erlang SIP application serverCarlos González Florido
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance TuningPuneet Behl
 
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutOpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutSaju Madhavan
 

Recommandé

[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDN
[OpenStack 하반기 스터디] Interoperability with ML2: LinuxBridge, OVS and SDNOpenStack Korea Community
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to RedisTO THE NEW | Technology
 
MariaDB MaxScale
MariaDB MaxScaleMariaDB MaxScale
MariaDB MaxScaleMariaDB plc
 
InnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick FiguresInnoDB Locking Explained with Stick Figures
InnoDB Locking Explained with Stick FiguresKarwin Software Solutions LLC
 
Evolution of MySQL Parallel Replication
Evolution of MySQL Parallel Replication Evolution of MySQL Parallel Replication
Evolution of MySQL Parallel Replication Mydbops
 
NkSIP: The Erlang SIP application server
NkSIP: The Erlang SIP application serverNkSIP: The Erlang SIP application server
NkSIP: The Erlang SIP application serverCarlos González Florido
 
MongoDB Performance Tuning
MongoDB Performance TuningMongoDB Performance Tuning
MongoDB Performance TuningPuneet Behl
 
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutOpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and Fanout
OpenStack Oslo Messaging RPC API Tutorial Demo Call, Cast and FanoutSaju Madhavan
 
Logstash
LogstashLogstash
LogstashRajgourav Jain
 
MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0Mayank Prasad
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL AdministrationEDB
 
Database change management with Liquibase
Database change management with LiquibaseDatabase change management with Liquibase
Database change management with LiquibaseJarosław Szczepankiewicz
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
How to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemHow to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemInfluxData
 
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...Mydbops
 
Introduction to redis
Introduction to redisIntroduction to redis
Introduction to redisTanu Siwag
 
Tail f - Why ConfD
Tail f - Why ConfDTail f - Why ConfD
Tail f - Why ConfDTail-f Systems
 
An Introduction to REDIS NoSQL database
An Introduction to REDIS NoSQL databaseAn Introduction to REDIS NoSQL database
An Introduction to REDIS NoSQL databaseAli MasudianPour
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
Kathará - NOMS 2018
Kathará - NOMS 2018Kathará - NOMS 2018
Kathará - NOMS 2018Gaetano Bonofiglio
 
PostgreSql query planning and tuning
PostgreSql query planning and tuningPostgreSql query planning and tuning
PostgreSql query planning and tuningFederico Campoli
 
MariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB plc
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
OpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpen Gurukul
 
An Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerAn Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerMongoDB
 
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleThe Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleColin Charles
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101SUSE Labs Taipei
 
GlassFish in Production Environments
GlassFish in Production EnvironmentsGlassFish in Production Environments
GlassFish in Production EnvironmentsBruno Borges
 
KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideClément OUDOT
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect ProtocolClément OUDOT
 

Contenu connexe

Tendances

MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0Mayank Prasad
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL AdministrationEDB
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
How to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemHow to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemInfluxData
 
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...Mydbops
 
Introduction to redis
Introduction to redisIntroduction to redis
Introduction to redisTanu Siwag
 
An Introduction to REDIS NoSQL database
An Introduction to REDIS NoSQL databaseAn Introduction to REDIS NoSQL database
An Introduction to REDIS NoSQL databaseAli MasudianPour
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesSreenivas Makam
 
PostgreSql query planning and tuning
PostgreSql query planning and tuningPostgreSql query planning and tuning
PostgreSql query planning and tuningFederico Campoli
 
MariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB plc
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleMariaDB plc
 
OpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpen Gurukul
 
An Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerAn Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerMongoDB
 
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleThe Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleColin Charles
 
GlassFish in Production Environments
GlassFish in Production EnvironmentsGlassFish in Production Environments
GlassFish in Production EnvironmentsBruno Borges
 

Tendances (20)

Logstash
LogstashLogstash
Logstash
 
MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL Administration
 
Database change management with Liquibase
Database change management with LiquibaseDatabase change management with Liquibase
Database change management with Liquibase
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
 
How to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin EcosystemHow to Use Telegraf and Its Plugin Ecosystem
How to Use Telegraf and Its Plugin Ecosystem
 
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
PostgreSQL 15 and its Major Features -(Aakash M - Mydbops) - Mydbops Opensour...
 
Introduction to redis
Introduction to redisIntroduction to redis
Introduction to redis
 
Tail f - Why ConfD
Tail f - Why ConfDTail f - Why ConfD
Tail f - Why ConfD
 
An Introduction to REDIS NoSQL database
An Introduction to REDIS NoSQL databaseAn Introduction to REDIS NoSQL database
An Introduction to REDIS NoSQL database
 
Docker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting TechniquesDocker Networking - Common Issues and Troubleshooting Techniques
Docker Networking - Common Issues and Troubleshooting Techniques
 
Kathará - NOMS 2018
Kathará - NOMS 2018Kathará - NOMS 2018
Kathará - NOMS 2018
 
PostgreSql query planning and tuning
PostgreSql query planning and tuningPostgreSql query planning and tuning
PostgreSql query planning and tuning
 
MariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & OptimizationMariaDB Server Performance Tuning & Optimization
MariaDB Server Performance Tuning & Optimization
 
How to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScaleHow to Manage Scale-Out Environments with MariaDB MaxScale
How to Manage Scale-Out Environments with MariaDB MaxScale
 
OpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQLOpenGurukul : Database : PostgreSQL
OpenGurukul : Database : PostgreSQL
 
An Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops ManagerAn Introduction to MongoDB Ops Manager
An Introduction to MongoDB Ops Manager
 
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleThe Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
 
eBPF maps 101
eBPF maps 101eBPF maps 101
eBPF maps 101
 
GlassFish in Production Environments
GlassFish in Production EnvironmentsGlassFish in Production Environments
GlassFish in Production Environments
 

En vedette

KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideClément OUDOT
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect ProtocolClément OUDOT
 
Bq121 g formation-ibm-security-qradar-siem-administration-et-configuration
Bq121 g formation-ibm-security-qradar-siem-administration-et-configurationBq121 g formation-ibm-security-qradar-siem-administration-et-configuration
Bq121 g formation-ibm-security-qradar-siem-administration-et-configurationCERTyou Formation
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnClément OUDOT
 
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et GitRMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et GitClément OUDOT
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security JerkClément OUDOT
 
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNICMatinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNICClément OUDOT
 
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...Clément OUDOT
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect ProtocolClément OUDOT
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Clément OUDOT
 
Le Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel LibreLe Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel LibreClément OUDOT
 
RMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization ConnectorRMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization ConnectorClément OUDOT
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overviewClément OUDOT
 
난공불락세미나 Ldap
난공불락세미나 Ldap난공불락세미나 Ldap
난공불락세미나 Ldapsprdd
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGClément OUDOT
 
Revista IM Farmacias. Distribución farmacéutica
Revista IM Farmacias. Distribución farmacéutica Revista IM Farmacias. Distribución farmacéutica
Revista IM Farmacias. Distribución farmacéutica Marcos Alonso Espada
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnClément OUDOT
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnectClément OUDOT
 

En vedette (20)

KR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard GuideKR2016 The Free Software Bastard Guide
KR2016 The Free Software Bastard Guide
 
[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol[LDAPCon 2015] The OpenID Connect Protocol
[LDAPCon 2015] The OpenID Connect Protocol
 
Bq121 g formation-ibm-security-qradar-siem-administration-et-configuration
Bq121 g formation-ibm-security-qradar-siem-administration-et-configurationBq121 g formation-ibm-security-qradar-siem-administration-et-configuration
Bq121 g formation-ibm-security-qradar-siem-administration-et-configuration
 
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOnRMLL 2014 - LemonLDAP::NG - What's new under the SSOn
RMLL 2014 - LemonLDAP::NG - What's new under the SSOn
 
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et GitRMLL 2014 - Site statique avec Templer, Bootstrap et Git
RMLL 2014 - Site statique avec Templer, Bootstrap et Git
 
The guide of Security Jerk
The guide of Security JerkThe guide of Security Jerk
The guide of Security Jerk
 
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNICMatinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
Matinée Pour Comprendre LinID - Retour d'expérience de l'AFNIC
 
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
Matinée Pour Comprendre LinID - Intégration du serveur Active Directory avec ...
 
The OpenID Connect Protocol
The OpenID Connect ProtocolThe OpenID Connect Protocol
The OpenID Connect Protocol
 
Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016Présentation de LemonLDAP::NG aux Journées Perl 2016
Présentation de LemonLDAP::NG aux Journées Perl 2016
 
Le Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel LibreLe Guide du Connard du Logiciel Libre
Le Guide du Connard du Logiciel Libre
 
RMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization ConnectorRMLL 2014 - LDAP Synchronization Connector
RMLL 2014 - LDAP Synchronization Connector
 
[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview[OW2Con 2015] LemonLDAP::NG 2.0 overview
[OW2Con 2015] LemonLDAP::NG 2.0 overview
 
난공불락세미나 Ldap
난공불락세미나 Ldap난공불락세미나 Ldap
난공불락세미나 Ldap
 
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NGS2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
S2LQ - Authentification unique sur le Web avec le logiciel libre LemonLDAP::NG
 
Revista IM Farmacias. Distribución farmacéutica
Revista IM Farmacias. Distribución farmacéutica Revista IM Farmacias. Distribución farmacéutica
Revista IM Farmacias. Distribución farmacéutica
 
Recull premsa
Recull premsaRecull premsa
Recull premsa
 
Tweetbook de (re)tuiteos por @exilioyregreso: "El Barco del Exilio en Twitter"
Tweetbook de (re)tuiteos por @exilioyregreso: "El Barco del Exilio en Twitter"Tweetbook de (re)tuiteos por @exilioyregreso: "El Barco del Exilio en Twitter"
Tweetbook de (re)tuiteos por @exilioyregreso: "El Barco del Exilio en Twitter"
 
The wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign OnThe wonderful story of Web Authentication and Single-Sign On
The wonderful story of Web Authentication and Single-Sign On
 
[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect[JDLL 2016] OpenID Connect et FranceConnect
[JDLL 2016] OpenID Connect et FranceConnect
 

Similaire à Analyse OpenLDAP logs with ELK

Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨flyinweb
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkmarkdgray
 
Oracle Basics and Architecture
Oracle Basics and ArchitectureOracle Basics and Architecture
Oracle Basics and ArchitectureSidney Chen
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPFIvan Babrou
 
DOAG 2016 Oracle Logon Security
DOAG 2016 Oracle Logon SecurityDOAG 2016 Oracle Logon Security
DOAG 2016 Oracle Logon SecurityLoopback.ORG
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversSatpal Parmar
 
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Jagadisha Maiya
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationAPNIC
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part IIIAlkin Tezuysal
 
Mod03 linking and accelerating
Mod03 linking and acceleratingMod03 linking and accelerating
Mod03 linking and acceleratingPeter Haase
 
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation Center
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation CenterDUG'20: 12 - DAOS in Lenovo’s HPC Innovation Center
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation CenterAndrey Kudryavtsev
 
Build a DataWarehouse for your logs with Python, AWS Athena and Glue
Build a DataWarehouse for your logs with Python, AWS Athena and GlueBuild a DataWarehouse for your logs with Python, AWS Athena and Glue
Build a DataWarehouse for your logs with Python, AWS Athena and GlueMaxym Kharchenko
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyTim Bunce
 
Streaming huge databases using logical decoding
Streaming huge databases using logical decodingStreaming huge databases using logical decoding
Streaming huge databases using logical decodingAlexander Shulgin
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
Nginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with LuaNginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with LuaTony Fabeen
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scriptingTony Fabeen
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловAnthony Marchenko
 

Similaire à Analyse OpenLDAP logs with ELK (20)

Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨Nodejs性能分析优化和分布式设计探讨
Nodejs性能分析优化和分布式设计探讨
 
Hotsos Advanced Linux Tools
Hotsos Advanced Linux ToolsHotsos Advanced Linux Tools
Hotsos Advanced Linux Tools
 
The n00bs guide to ovs dpdk
The n00bs guide to ovs dpdkThe n00bs guide to ovs dpdk
The n00bs guide to ovs dpdk
 
Oracle Basics and Architecture
Oracle Basics and ArchitectureOracle Basics and Architecture
Oracle Basics and Architecture
 
Debugging linux issues with eBPF
Debugging linux issues with eBPFDebugging linux issues with eBPF
Debugging linux issues with eBPF
 
DOAG 2016 Oracle Logon Security
DOAG 2016 Oracle Logon SecurityDOAG 2016 Oracle Logon Security
DOAG 2016 Oracle Logon Security
 
Troubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device DriversTroubleshooting Linux Kernel Modules And Device Drivers
Troubleshooting Linux Kernel Modules And Device Drivers
 
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
Troubleshooting linux-kernel-modules-and-device-drivers-1233050713693744-1
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
Event-driven Network Automation and Orchestration
Event-driven Network Automation and OrchestrationEvent-driven Network Automation and Orchestration
Event-driven Network Automation and Orchestration
 
Percona Live UK 2014 Part III
Percona Live UK 2014 Part IIIPercona Live UK 2014 Part III
Percona Live UK 2014 Part III
 
Mod03 linking and accelerating
Mod03 linking and acceleratingMod03 linking and accelerating
Mod03 linking and accelerating
 
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation Center
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation CenterDUG'20: 12 - DAOS in Lenovo’s HPC Innovation Center
DUG'20: 12 - DAOS in Lenovo’s HPC Innovation Center
 
Build a DataWarehouse for your logs with Python, AWS Athena and Glue
Build a DataWarehouse for your logs with Python, AWS Athena and GlueBuild a DataWarehouse for your logs with Python, AWS Athena and Glue
Build a DataWarehouse for your logs with Python, AWS Athena and Glue
 
Application Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.keyApplication Logging in the 21st century - 2014.key
Application Logging in the 21st century - 2014.key
 
Streaming huge databases using logical decoding
Streaming huge databases using logical decodingStreaming huge databases using logical decoding
Streaming huge databases using logical decoding
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 
Nginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with LuaNginx Scripting - Extending Nginx Functionalities with Lua
Nginx Scripting - Extending Nginx Functionalities with Lua
 
Devinsampa nginx-scripting
Devinsampa nginx-scriptingDevinsampa nginx-scripting
Devinsampa nginx-scripting
 
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир КирилловПроблемы использования TCP в мобильных приложениях. Владимир Кириллов
Проблемы использования TCP в мобильных приложениях. Владимир Кириллов
 

Plus de Clément OUDOT

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0Clément OUDOT
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...Clément OUDOT
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM projectClément OUDOT
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...Clément OUDOT
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libreClément OUDOT
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...Clément OUDOT
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libreClément OUDOT
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017Clément OUDOT
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !Clément OUDOT
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NGClément OUDOT
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel LibreClément OUDOT
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect ProtocolClément OUDOT
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyClément OUDOT
 
JDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPJDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPClément OUDOT
 
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...Clément OUDOT
 

Plus de Clément OUDOT (16)

[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0[FOSDEM 2019] LemonLDAP::NG 2.0
[FOSDEM 2019] LemonLDAP::NG 2.0
 
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
[FLOSSCON 2019] Gestion des authentifications et des accès avec LemonLDAP::NG...
 
[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project[OW2Con 2018] The FusionIAM project
[OW2Con 2018] The FusionIAM project
 
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
[JDLL 2018] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir l...
 
[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre[OSSPARIS17] Le guide du connard du logiciel libre
[OSSPARIS17] Le guide du connard du logiciel libre
 
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités ![OSSPARIS17] Des logiciels libres pour la gestion des identités !
[OSSPARIS17] Des logiciels libres pour la gestion des identités !
 
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
[RMLL2017] Templer, Git, Bootstrap, PHP : des outils libres pour concevoir le...
 
[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre[RMLL2017] le guide du connard du logiciel libre
[RMLL2017] le guide du connard du logiciel libre
 
[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017[RMLL2017] LDAPCon 2017
[RMLL2017] LDAPCon 2017
 
[RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités ![RMLL2017] Des logiciels libres pour la gestion des identités !
[RMLL2017] Des logiciels libres pour la gestion des identités !
 
[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG[OW2Con 2017] News from LemonLDAP::NG
[OW2Con 2017] News from LemonLDAP::NG
 
[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre[JDLL 2017] Le Guide du Connard du Logiciel Libre
[JDLL 2017] Le Guide du Connard du Logiciel Libre
 
[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol[OSSParis 2015] The OpenID Connect Protocol
[OSSParis 2015] The OpenID Connect Protocol
 
RMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policyRMLL 2014 - OpenLDAP - Manage password policy
RMLL 2014 - OpenLDAP - Manage password policy
 
JDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAPJDLL 2014 - Introduction aux annuaires LDAP
JDLL 2014 - Introduction aux annuaires LDAP
 
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
Matinée Pour Comprendre LinID - Mise en place de la fédération des identités...
 

Dernier

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 

Dernier (20)

Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 

Analyse OpenLDAP logs with ELK

  • 1. Analyse logs with ElasticSearch, Logstash and Kibana
  • 2. 2 Clément OUDOT @clementoudot ● Founded in 1999 ● >100 persons ● Montréal, Quebec City, Ottawa, Paris ● ISO 9001:2004 / ISO 14001:2008 ● contact@savoirfairelinux.com
  • 3. 3 Summary 11 22 33 The ELK stack Format of OpenLDAP logs OpenLDAP with ELK
  • 6. 6 Elasticsearch ● Written in Java ● License Apache 2.0 ● Based on Lucene ● JSON ● REST ● Distributed ● Index and fields
  • 7. 7 clement@ader-sfl:~$ curl http://localhost:9200 { "status" : 200, "name" : "Mahkizmo", "cluster_name" : "elasticsearch", "version" : { "number" : "1.6.0", "build_hash" : "cdd3ac4dde4f69524ec0a14de3828cb95bbb86d0", "build_timestamp" : "2015-06-09T13:36:34Z", "build_snapshot" : false, "lucene_version" : "4.10.4" }, "tagline" : "You Know, for Search" }
  • 9. 9 Logstash ● JRuby ● License Apache 2.0 ● Multiple inputs (file, syslog, ...) ● Multiple outputs (console, redis, elasticsearch, …) ● Filters
  • 10. 10 root@ader-sfl:~# /opt/logstash/bin/logstash -e 'input { stdin { } } output { stdout { codec => rubydebug } }' Logstash startup completed RMLL 2015 { "message" => "RMLL 2015", "@version" => "1", "@timestamp" => "2015-07-02T08:29:09.363Z", "host" => "ader-sfl" }
  • 11. 11 Grok ● Grok allows to parse message and store content in fields ● Grok comes with standard patterns (Syslog, Apache, …) ● You can also define you own patterns ● Grok debugger: http://grokdebug.herokuapp.com/
  • 12. 12 Example of grok patterns # Log formats SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?% {SYSLOGHOST:logsource} %{SYSLOGPROG}: COMMONAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} [%{HTTPDATE:timestamp}] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" % {NUMBER:response} (?:%{NUMBER:bytes}|-) COMBINEDAPACHELOG %{COMMONAPACHELOG} %{QS:referrer} %{QS:agent}
  • 13. 13 Using grok in logstash input { file { path => "/var/log/http.log" } } filter { grok { match => { "message" => "%{IP:client} %{WORD:method} % {URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" } } } 55.3.244.1 GET /index.html 15824 0.043
  • 14. 14 Kibana ● Javascript ● License Apache 2.0 ● Connect to elasticsearch ● Lucene queries ● On the fly graphics
  • 15. 15
  • 18. 18 Logging in OpenLDAP ● Relies on syslog ● Log levels are cumulative ● Log level is configured in olcLogLevel parameter in cn=config dn: cn=config objectClass: olcGlobal cn: config olcLogLevel: stats
  • 19. 19 Level Keyword Description -1 any enable all debugging 0   no debugging 1 (0x1 trace) trace function calls 2 (0x2 packets) debug packet handling 4 (0x4 args) heavy trace debugging 8 (0x8 conns) connection management 16 (0x10 BER) print out packets sent and received 32 (0x20 filter) search filter processing 64 (0x40 config) configuration processing 128 (0x80 ACL) access control list processing 256 (0x100 stats) stats log connections/operations/results 512 (0x200 stats2) stats log entries sent 1024 (0x400 shell) print communication with shell backends 2048 (0x800 parse) print entry parsing debugging 16384 (0x4000 sync) syncrepl consumer processing 32768 (0x8000 none) only messages that get logged whatever log level is set
  • 20. 20 Information in the “stats” loglevel ● Connections (opening, closing, TLS, ...) ● Operations and results ● Errors and warnings: – Missing index – Connection lost – Password policy messages – ...
  • 21. 21 Connections Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162707 fd=12 ACCEPT from IP=127.0.0.1:44678 (IP=0.0.0.0:389) ... Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162707 fd=12 closed
  • 22. 22 Operation: BIND and UNBIND Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=3 BIND dn="cn=admin,dc=example,dc=com" method=128 Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=3 BIND dn="cn=admin,dc=example,dc=com" mech=SIMPLE ssf=0 Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=3 RESULT tag=97 err=0 text= Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162708 op=7 UNBIND
  • 23. 23 Operation: SEARCH Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=5 SRCH base="ou=users,dc=example,dc=com" scope=1 deref=0 filter="(objectClass=*)" Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=5 SRCH attr=uid Jul 1 15:27:39 ader-sfl slapd[1377]: conn=162709 op=5 SEARCH RESULT tag=101 err=0 nentries=50 text=
  • 24. 24 Operation: MODIFY Jul 1 16:10:36 ader-sfl slapd[1377]: conn=162711 op=17 MOD dn="uid=user1,ou=users,dc=example,dc=com" Jul 1 16:10:36 ader-sfl slapd[1377]: conn=162711 op=17 MOD attr=userPassword Jul 1 16:10:36 ader-sfl slapd[1377]: conn=162711 op=17 RESULT tag=103 err=0 text=
  • 25. 25 Errors and warnings Jul 1 17:18:48 ader-sfl slapd[1377]: conn=162711 fd=12 closed (connection lost) Jul 1 09:28:40 ader-sfl slapd[1377]: connection_input: conn=93309 deferring operation: binding Jul 2 08:41:02 ader-sfl slapd[1377]: <= mdb_equality_candidates: (objectClass) not indexed Jul 1 16:23:46 ader-sfl slapd[1377]: ppolicy_bind: Setting warning for password expiry for uid=user1,ou=users,dc=example,dc=com = 589 seconds
  • 26. 26 Logfile alternatives ● Overlay accesslog : log events in an LDAP backend ● Overlay auditlog : log events in an LDIF file
  • 28. 28 Configure logstash ● Input: – OpenLDAP logfile – Syslog ● Filters: – Syslog Grok pattern – Date – OpenLDAP specific log patterns ● Output: elasticsearch
  • 29. 29 Main grok pattern %{SYSLOGBASE} (?:(?:<= (?:b|m)db_% {DATA:index_error_filter_type}_candidates: (% {WORD:index_error_attribute_name}) not indexed)|(?:ppolicy_% {DATA:ppolicy_op}: %{DATA:ppolicy_data})|(?:connection_input: conn=% {INT:connection} deferring operation: %{DATA:deferring_op})| (?:connection_read(%{INT:fd_number}): no connection!)|(?:conn=% {INT:connection} (?:(?:fd=%{INT:fd_number} (?:(?:closed(?: (connection lost)|))|(?:ACCEPT from IP=%{IP:src_ip}:%{INT:src_port} (IP=% {IP:dst_ip}:%{INT:dst_port}))|(?:TLS established tls_ssf=% {INT:tls_ssf} ssf=%{INT:ssf})))|(?:op=%{INT:operation_number} (?:(?:(?: (?:SEARCH )|(?:))RESULT (?:tag=%{INT:tag}|oid=(?:%{DATA:oid}(?:))) err=% {INT:error_code}(?:(?: nentries=%{INT:nentries})|(?:)) text=(?:(?:% {DATA:error_text})|(?:)))|(?:%{WORD:operation_name}(?:(?: %{DATA:data})| (?:))))))))%{SPACE}$
  • 30. 30 Conditional grok pattern if [operation_name] == "SRCH" { grok { match => [ "data", "(?:(?:base="%{DATA:search_base}" scope=% {INT:search_scope} deref=%{INT:search_deref} filter="% {DATA:search_filter}")|(?:attr=%{DATA:search_attr}))%{SPACE}$" ] } } if [operation_name] == "ADD" { grok { match => [ "data", "dn="%{DATA:add_dn}"%{SPACE}$" ] } }
  • 31. 31 Display data in Kibana ● Access to all logged messages ● Query data, for example: – Follow a connection: connection=162738 – Find missing index: _exists_:index_error_attribute_name ● Create dashboards, for example: – LDAP operations – LDAP error codes
  • 32. 32