Find out LDAP client IPs

ips.pl is a simple perl filter that processes SunONE Directory Server 5.2 access logs to find out the IP addresses that queries are coming from. It’s very useful to evaluate the impact for migrating LDAP infrastructures. Most comments and variable names are in spanish but the code should be clear enough to any SODS sysadmin. Or drop me a line if you absolutely need an all-english version.

#!/usr/bin/perl
# ips.pl $Revision: 1.1 $
# Analiza archivos access de Sun ONE Directory Server 5.2 para generar
# reporte de IPs de clientes y servidores
# Copyright (C) 2005 Javier Arturo Rodriguez
use strict;
my($acceso);
my $filename = shift @ARGV;
die("Usage:\t$0 <filename>\n\tbunzip2 -c <filename.bz2> | $0 –\n") unless $file
name;
open(FILE,"<$filename");
while(<FILE>) {
        chomp;
        if($_=~m,^\[(.*?)\].*?connection from ([\d\.]+) to ([\d\.]+),) {
                $acceso->{$3}->{$2}->{TS}=$1;
                ++$acceso->{$3}->{$2}->{CNT};
        }
}
close(FILE);
foreach my $dst (sort keys %{$acceso||{}}) {
        print "Acceden a traves de $dst\n";
        foreach my $src (
                reverse sort { $acceso->{$dst}->{$a}->{CNT} <=> $acceso->{$dst}
->{$b}->{CNT} }
                keys %{$acceso->{$dst}||{}}
        ) {
                printf("  %-15s (last seen on %s; %d hit%s)\n",
                        $src,
                        $acceso->{$dst}->{$src}->{TS},
                        $acceso->{$dst}->{$src}->{CNT},
                        $acceso->{$dst}->{$src}->{CNT}==1?:‘s’,
                );
        }
}

(Download)

Posted in Code, General, Perl, SysAdmin