Ingesting openLDAP logs

Hi All,
Is anyone ingesting openldap logs in a way that makes it easy to analyse what was done by a certain client, find all the clients failing TLS handshakes or binding as a certain user for example.

client transactions are linked by servername, connectionID pairs but ingesting logs via logstash means
each transaction goes into it's own document and searching is a matter of looking for an IP or bind DN or TLS handshake result, then searching for each returned connectionID individually to see the full set of transaction logs for that client / connection.

Thanks,
Duncan

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.