Hello, We've an application with logs looks like following. See below for some sample cases of single connection. With some characteristics of the logs: * same ID (conn) for the same connection. ...
See more...
Hello, We've an application with logs looks like following. See below for some sample cases of single connection. With some characteristics of the logs: * same ID (conn) for the same connection. * the search is to check login result (BIND and RESULT pair) * same connection can have more than 1 login operation at the same time or different time. * events of different connection are interleaving * the only assuming is the RESULT event comes after the BIND event of same login We use transaction to do that but also want to see if it's possible to use more efficient way like using streamstats/eventstats (still studying) as the log size is large. Would anyone please shed some light ? Thanks a lot. Best Rgds /stwong ====== basic case
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - BIND dn="uid=123456,dc=mydomain,dc=hk" method=128 version=3
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=123456,dc=mydomain,dc=hk"
======
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - BIND dn="uid=123456,dc=mydomain,dc=hk" method=128 version=3
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - RESULT err=49 tag=97 nentries=0 etime=0
[04/Aug/2023:15:26:22 +0800] conn=3497880 op=0 msgId=1 - BIND dn="uid=123456,dc=mydomain,dc=hk" method=128 version=3
[04/Aug/2023:15:26:22 +0800] conn=3497880 op=0 msgId=1 - RESULT err=49 tag=97 nentries=0 etime=0
====== can only assume the first RESULT is for the first BIND operation.
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - BIND dn="uid=123456,dc=mydomain,dc=hk" method=128 version=3
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - BIND dn="uid=123457,dc=mydomain,dc=hk" method=128 version=3
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - RESULT err=49 tag=97 nentries=0 etime=0
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - RESULT err=48 tag=97 nentries=0 etime=0
======
[04/Aug/2023:15:26:21 +0800] conn=3497880 op=0 msgId=1 - BIND dn="uid=123456,dc=mydomain,dc=hk" method=128 version=3
[04/Aug/2023:15:26:21 +0800] conn=3498439 op=1 msgId=2 - SRCH base="dc=mydomain,dc=hk" scope=2 filter="(myId=a12345)" attrs="uidNumber"
[04/Aug/2023:15:26:23 +0800] conn=3498439 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0
[04/Aug/2023:15:26:22 +0800] conn=3497880 op=0 msgId=1 - BIND dn="uid=123457,dc=mydomain,dc=hk" method=128 version=3
[04/Aug/2023:15:26:22 +0800] conn=3497880 op=0 msgId=1 - RESULT err=49 tag=97 nentries=0 etime=0
[04/Aug/2023:15:26:23 +0800] conn=3497880 op=0 msgId=1 - RESULT err=49 tag=97 nentries=0 etime=0