├── .gitignore
├── .travis.yml
├── LICENSE
├── README.md
├── lap.go
├── lap_test.go
└── test_data
    ├── input_1.txt
    ├── input_2.txt
    ├── input_3.txt
    ├── input_4.txt
    ├── input_5.txt
    ├── output_1_xml.txt
    ├── output_2_xml.txt
    ├── output_3_xml.txt
    ├── output_4_xml.txt
    └── output_5_xml.txt


/.gitignore:
--------------------------------------------------------------------------------
1 | *.log
2 | lap
3 | ldap_access_parser
4 | *.swp
5 | 


--------------------------------------------------------------------------------
/.travis.yml:
--------------------------------------------------------------------------------
1 | language: go
2 | 
3 | go:
4 |   - tip
5 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 Aidan Rowe
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | LDAP Access-log Parser [![Build Status](https://travis-ci.org/aidan-/ldap-access-parser.svg)](https://travis-ci.org/aidan-/ldap-access-parser/)
 2 | ======================
 3 | LDAP Access-log Parser (LAP) is a simple program designed to parse 389 Directory Server (also Fedora Directory Server, Red Hat Directory Server, etc) access logs into individual context aware events ready to be sent to upstream services like ElasticSearch for further analysis.
 4 | 
 5 | This application doesn't handle the sending of data to specific endpoints, but that can easily be achieved by piping to something like [log-courier](https://github.com/driskell/log-courier) or [logstash](https://www.elastic.co/products/logstash).
 6 | 
 7 | Usage
 8 | -----
 9 | Use the `-h` flag to view application usage.
10 | 
11 | ```
12 | Usage of ./lap:
13 |   -format string
14 |     	format to output log events.  possible values are 'json' or 'xml'. (default "json")
15 |   -tail
16 |     	tail the log file to receive future events
17 | ```
18 | 
19 | You can begin parsing logs with a simple command:
20 | ```
21 | ./lap -tail /path/to/access_log
22 | ```
23 | 
24 | This continue to parse the file even if it gets rotated.
25 | 
26 | Design
27 | ------
28 | The applications functionality and output format tries to follow the design specification laid out [here](http://directory.fedoraproject.org/docs/389ds/design/audit-events.html) as much as possible, however there are a few use-cases which were not covered in the design spec that needed to be defined.
29 | 
30 | More detailed information about the access log format is available in the [Red Hat Directory Server documentation](https://access.redhat.com/documentation/en-US/Red_Hat_Directory_Server/8.1/html/Configuration_and_Command_Reference/logs-reference.html).
31 | 
32 | Example Output
33 | --------------
34 | Given the raw access log input of:
35 | ```
36 | [21/Apr/2009:11:39:55 -0700] conn=14 fd=700 slot=700 connection from 207.1.153.51 to 192.18.122.139
37 | [21/Apr/2009:11:39:55 -0700] conn=14 op=0 BIND dn="" method=sasl version=3 mech=DIGEST-MD5
38 | [21/Apr/2009:11:39:55 -0700] conn=14 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
39 | [21/Apr/2009:11:39:55 -0700] conn=14 op=1 BIND dn="uid=jdoe,dc=example,dc=com" method=sasl version=3 mech=DIGEST-MD5
40 | [21/Apr/2009:11:39:55 -0700] conn=14 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=jdoe,dc=example,dc=com"
41 | ```
42 | 
43 | The JSON output would look like:
44 | ```json
45 | {"time":"21/Apr/2009:11:39:55 -0700","client":"207.1.153.51","server":"192.18.122.139","connection":14,"ssl":false,"operation":0,"authenticateddn":"__anonymous__","action":"BIND","requests":["BIND dn=\"\" method=sasl version=3 mech=DIGEST-MD5"],"responses":["RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress"]}
46 | {"time":"21/Apr/2009:11:39:55 -0700","client":"207.1.153.51","server":"192.18.122.139","connection":14,"ssl":false,"operation":1,"authenticateddn":"uid=jdoe,dc=example,dc=com","action":"BIND","requests":["BIND dn=\"uid=jdoe,dc=example,dc=com\" method=sasl version=3 mech=DIGEST-MD5"],"responses":["RESULT err=0 tag=97 nentries=0 etime=0 dn=\"uid=jdoe,dc=example,dc=com\""]}
47 | ```
48 | 
49 | and XML output would look like:
50 | ```xml
51 | <Event>
52 |     <DateTime>21/Apr/2009:11:39:55 -0700</DateTime>
53 |     <Client>207.1.153.51</Client>
54 |     <Server>192.18.122.139</Server>
55 |     <Connection>14</Connection>
56 |     <SSL>false</SSL>
57 |     <Operation>0</Operation>
58 |     <AuthenticatedDN>__anonymous__</AuthenticatedDN>
59 |     <Action>BIND</Action>
60 |     <Requests>
61 |         <Request>BIND dn=&#34;&#34; method=sasl version=3 mech=DIGEST-MD5</Request>
62 |     </Requests>
63 |     <Responses>
64 |         <Response>RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress</Response>
65 |     </Responses>
66 | </Event>
67 | <Event>
68 |     <DateTime>21/Apr/2009:11:39:55 -0700</DateTime>
69 |     <Client>207.1.153.51</Client>
70 |     <Server>192.18.122.139</Server>
71 |     <Connection>14</Connection>
72 |     <SSL>false</SSL>
73 |     <Operation>1</Operation>
74 |     <AuthenticatedDN>uid=jdoe,dc=example,dc=com</AuthenticatedDN>
75 |     <Action>BIND</Action>
76 |     <Requests>
77 |         <Request>BIND dn=&#34;uid=jdoe,dc=example,dc=com&#34; method=sasl version=3 mech=DIGEST-MD5</Request>
78 |     </Requests>
79 |     <Responses>
80 |         <Response>RESULT err=0 tag=97 nentries=0 etime=0 dn=&#34;uid=jdoe,dc=example,dc=com&#34;</Response>
81 |     </Responses>
82 | </Event>
83 | ```
84 | 
85 | TODO/Notes
86 | -----
87 | - If a connection was initialized before the log monitoring began, the events associated with that connection number will be skipped.  This should probably be a configurable option.
88 | - Connections that disconnect without any operations do not get outputted as an event.  Is this okay?
89 | 


--------------------------------------------------------------------------------
/lap.go:
--------------------------------------------------------------------------------
  1 | package main
  2 | 
  3 | import (
  4 | 	"encoding/json"
  5 | 	"encoding/xml"
  6 | 	"flag"
  7 | 	"fmt"
  8 | 	"io"
  9 | 	"os"
 10 | 	"regexp"
 11 | 	"strconv"
 12 | 	"time"
 13 | 
 14 | 	"github.com/hpcloud/tail"
 15 | )
 16 | 
 17 | const (
 18 | 	timeFormat = "02/Jan/2006:03:04:05 -0700"
 19 | 	version    = "v1.0"
 20 | )
 21 | 
 22 | //Event (request(s) paired with response) to be output in either
 23 | //JSON or XML depending on user preference.
 24 | type Event struct {
 25 | 	OppTime         string   `json:"time" xml:"DateTime"`
 26 | 	Client          string   `json:"client" xml:"Client"`
 27 | 	Server          string   `json:"server" xml:"Server"`
 28 | 	Connection      int      `json:"connection" xml:"Connection"`
 29 | 	SSL             bool     `json:"ssl" xml:"SSL"`
 30 | 	SSLCipher       string   `json:"sslcipher,omitempty" xml:"SSLCipher,omitempty"`
 31 | 	SSLStrength     string   `json:"sslstrength,omitempty" xml:"SSLStrength,omitempty"`
 32 | 	Operation       int      `json:"operation" xml:"Operation"`
 33 | 	AuthenticatedDN string   `json:"authenticateddn,omitempty" xml:"AuthenticatedDN,omitempty"`
 34 | 	Action          string   `json:"action" xml:"Action"`
 35 | 	Requests        []string `json:"requests" xml:"Requests>Request"`
 36 | 	Responses       []string `json:"responses" xml:"Responses>Response"`
 37 | 	Duration        int      `json:"duration,omitempty" xml:"Duration,omitempty"`
 38 | 	ConnTime        string   `json:"-" xml:"-"`
 39 | }
 40 | 
 41 | type config struct {
 42 | 	Version      *bool
 43 | 	TailFile     *bool
 44 | 	OutputFormat *string
 45 | 	LogFiles     *[]string
 46 | 	Output       io.Writer
 47 | }
 48 | 
 49 | //holds config
 50 | var c config
 51 | 
 52 | //regexes to extract relevant fields from log lines
 53 | var lineMatch = `^\[(?P<time>.*)\] conn=(?P<conn_num>\d+) (?P<event>.*)`
 54 | var connectionMatch = `(?P<ssl>SSL)? connection from (?P<client_ip>.*) to (?P<server_ip>.*)`
 55 | var operationMatch = `op=(?P<opnum>\-?\d+) (?P<operation>\w+)(?P<details>.+)?`
 56 | var bindDNMatch = `dn=\"(?P<dn>.+)\"`
 57 | var connectionClosedMatch = ` closed `
 58 | var sslCipherMatch = `SSL (?P<strength>.*)-bit (?P<cipher>.*)`
 59 | 
 60 | var lineRe *regexp.Regexp
 61 | var connectionOpenRe *regexp.Regexp
 62 | var operationRe *regexp.Regexp
 63 | var bindDNRe *regexp.Regexp
 64 | var connectionClosedRe *regexp.Regexp
 65 | var sslCipherRe *regexp.Regexp
 66 | 
 67 | func check(e error) {
 68 | 	if e != nil {
 69 | 		panic(e)
 70 | 	}
 71 | }
 72 | 
 73 | func matchLine(re *regexp.Regexp, line string) (map[string]string, bool) {
 74 | 	matches := re.FindStringSubmatch(line)
 75 | 	if len(matches) < 1 {
 76 | 		return map[string]string{}, false
 77 | 	}
 78 | 
 79 | 	kvmap := make(map[string]string)
 80 | 	for n, k := range re.SubexpNames() {
 81 | 		kvmap[k] = matches[n]
 82 | 	}
 83 | 
 84 | 	return kvmap, true
 85 | }
 86 | 
 87 | func timeDuration(start string, end string) (int, error) {
 88 | 	startTime, err := time.Parse(timeFormat, start)
 89 | 	if err != nil {
 90 | 		return -1, err
 91 | 	}
 92 | 	endTime, err := time.Parse(timeFormat, end)
 93 | 	if err != nil {
 94 | 		return -1, err
 95 | 	}
 96 | 
 97 | 	duration := endTime.Sub(startTime)
 98 | 
 99 | 	return int(duration / time.Second), nil
100 | }
101 | 
102 | func init() {
103 | 	c.Version = flag.Bool("V", false, "prints version information")
104 | 	c.TailFile = flag.Bool("tail", false, "tail the log file to receive future events")
105 | 	c.OutputFormat = flag.String("format", "json", "format to output log events.  possible values are 'json' or 'xml'.")
106 | 	c.Output = os.Stdout //configurable to help with unit testing
107 | 
108 | 	flag.Usage = func() {
109 | 		fmt.Fprintf(os.Stderr, "Usage of %s:\n", os.Args[0])
110 | 		flag.PrintDefaults()
111 | 		os.Exit(1)
112 | 	}
113 | }
114 | 
115 | func (c config) printEvent(event Event) {
116 | 	var output []byte
117 | 	var err error
118 | 	if format := *c.OutputFormat; format == "xml" {
119 | 		output, err = xml.MarshalIndent(event, "", "    ")
120 | 	} else {
121 | 		output, err = json.Marshal(event)
122 | 	}
123 | 
124 | 	if err == nil {
125 | 		fmt.Fprintln(c.Output, string(output))
126 | 	}
127 | }
128 | 
129 | func (c config) parseFile(ac map[int]Event, f string) map[int]Event {
130 | 	tc := tail.Config{}
131 | 	if *c.TailFile {
132 | 		tc.Follow = true
133 | 		tc.ReOpen = true
134 | 	}
135 | 
136 | 	//open file for parsing
137 | 	t, err := tail.TailFile(f, tc)
138 | 	check(err)
139 | 
140 | 	//loop through file contents
141 | 	for line := range t.Lines {
142 | 		var lineMap map[string]string
143 | 		var ok bool
144 | 		if lineMap, ok = matchLine(lineRe, line.Text); !ok {
145 | 			continue
146 | 		}
147 | 
148 | 		connum, err := strconv.Atoi(lineMap["conn_num"])
149 | 		if err != nil {
150 | 			fmt.Printf("failed to parse '%s' into int\n", lineMap["conn_num"])
151 | 		}
152 | 
153 | 		if connectionMap, ok := matchLine(connectionOpenRe, lineMap["event"]); ok {
154 | 			//new connection made
155 | 			ssl := false
156 | 			if connectionMap["ssl"] == "SSL" {
157 | 				ssl = true
158 | 			}
159 | 
160 | 			ac[connum] = Event{
161 | 				Client:     connectionMap["client_ip"],
162 | 				Server:     connectionMap["server_ip"],
163 | 				Connection: connum,
164 | 				Operation:  -2, //number that shouldn't exist in logs
165 | 				ConnTime:   lineMap["time"],
166 | 				SSL:        ssl,
167 | 			}
168 | 
169 | 			continue
170 | 		}
171 | 
172 | 		if _, exists := ac[connum]; !exists {
173 | 			//skip operation if no connection exists
174 | 			// this is caused by connections that were created before we started
175 | 			// parsing the log file.
176 | 			continue
177 | 		}
178 | 
179 | 		conn := ac[connum]
180 | 
181 | 		if sslMap, ok := matchLine(sslCipherRe, lineMap["event"]); ok {
182 | 			conn.SSLCipher = sslMap["cipher"]
183 | 			conn.SSLStrength = sslMap["strength"]
184 | 			ac[connum] = conn
185 | 		}
186 | 
187 | 		if operationMap, ok := matchLine(operationRe, lineMap["event"]); ok {
188 | 			//new operation
189 | 			opnum, err := strconv.Atoi(operationMap["opnum"])
190 | 			if err != nil {
191 | 				fmt.Printf("failed to parse '%s' into int\n", operationMap["opnum"])
192 | 			}
193 | 
194 | 			if opnum != conn.Operation {
195 | 				if conn.Operation != -2 {
196 | 					c.printEvent(conn)
197 | 				}
198 | 				if operationMap["operation"] == "BIND" {
199 | 					if bindDN, ok := matchLine(bindDNRe, lineMap["event"]); ok {
200 | 						conn.AuthenticatedDN = bindDN["dn"]
201 | 					} else {
202 | 						conn.AuthenticatedDN = "__anonymous__"
203 | 					}
204 | 				}
205 | 
206 | 				conn.OppTime = lineMap["time"]
207 | 				conn.Operation = opnum
208 | 				conn.Action = operationMap["operation"]
209 | 				conn.Requests = make([]string, 0)
210 | 				conn.Responses = make([]string, 0)
211 | 				conn.Requests = append(conn.Requests, operationMap["operation"]+operationMap["details"])
212 | 			} else {
213 | 				if operationMap["operation"] == "SORT" || operationMap["operation"] == "VLV" {
214 | 					conn.Requests = append(conn.Requests, operationMap["operation"]+operationMap["details"])
215 | 				} else {
216 | 					conn.Responses = append(conn.Responses, operationMap["operation"]+operationMap["details"])
217 | 
218 | 					c.printEvent(conn)
219 | 					conn.Operation = -2
220 | 				}
221 | 			}
222 | 
223 | 			ac[connum] = conn
224 | 		}
225 | 
226 | 		if connectionClosedRe.MatchString(lineMap["event"]) {
227 | 			delete(ac, connum)
228 | 		}
229 | 	}
230 | 	return ac
231 | }
232 | 
233 | func compileRegexes() {
234 | 	lineRe = regexp.MustCompile(lineMatch)
235 | 	connectionOpenRe = regexp.MustCompile(connectionMatch)
236 | 	operationRe = regexp.MustCompile(operationMatch)
237 | 	bindDNRe = regexp.MustCompile(bindDNMatch)
238 | 	connectionClosedRe = regexp.MustCompile(connectionClosedMatch)
239 | 	sslCipherRe = regexp.MustCompile(sslCipherMatch)
240 | }
241 | 
242 | func main() {
243 | 	//prepare regex's
244 | 	compileRegexes()
245 | 	activeConnections := map[int]Event{}
246 | 
247 | 	flag.Parse()
248 | 
249 | 	if *c.Version {
250 | 		fmt.Printf("%s %s\n", os.Args[0], version)
251 | 		os.Exit(0)
252 | 	}
253 | 
254 | 	if len(flag.Args()) < 1 {
255 | 		fmt.Println("ERROR: You must specify at least one log file.")
256 | 		flag.Usage()
257 | 	}
258 | 
259 | 	c.parseFile(activeConnections, flag.Args()[0])
260 | 
261 | }
262 | 


--------------------------------------------------------------------------------
/lap_test.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"bytes"
 5 | 	//"fmt"
 6 | 	"io/ioutil"
 7 | 	"strings"
 8 | 	"testing"
 9 | )
10 | 
11 | func TestTruth(t *testing.T) {
12 | 	if true != true {
13 | 		t.Error("everything I know is wrong")
14 | 	}
15 | }
16 | 
17 | func TestEventPrintJSON(t *testing.T) {
18 | 	var b bytes.Buffer
19 | 	format := "json"
20 | 	c := config{Output: &b, OutputFormat: &format}
21 | 
22 | 	events := []Event{}
23 | 	eventJSON := []string{`{"time":"","client":"","server":"","connection":0,"ssl":false,"operation":0,"action":"","requests":null,"responses":null}`}
24 | 
25 | 	for n, e := range events {
26 | 		c.printEvent(e)
27 | 		if strings.TrimRight(b.String(), "\n") != eventJSON[n] {
28 | 			t.Errorf("TestEventPrintJSON %d failed: \n\texpected : '%s' \n\tgot: '%s'\n", n, eventJSON[n], b.String())
29 | 		}
30 | 	}
31 | }
32 | 
33 | func TestDuration(t *testing.T) {
34 | 	data := []struct{ start, stop string }{
35 | 		{"21/Apr/2009:11:39:55 -0700", "21/Apr/2010:11:39:55 -0700"},
36 | 		{"21/Apr/2010:11:39:55 -0700", "21/Apr/209:11:39:55 -0700"}}
37 | 	durations := []int{31536000, -1}
38 | 
39 | 	for n, input := range data {
40 | 		res, _ := timeDuration(input.start, input.stop)
41 | 
42 | 		if res != durations[n] {
43 | 			t.Errorf("TestDuration %d failed: %d didn't match %d\n", n+1, res, durations[n])
44 | 		}
45 | 	}
46 | 
47 | }
48 | 
49 | func TestParseFileXML(t *testing.T) {
50 | 	compileRegexes()
51 | 	var b bytes.Buffer
52 | 	format := "xml"
53 | 	tail := false
54 | 
55 | 	c := config{Output: &b,
56 | 		OutputFormat: &format,
57 | 		TailFile:     &tail}
58 | 
59 | 	testInput := []string{"test_data/input_1.txt", "test_data/input_2.txt", "test_data/input_3.txt", "test_data/input_4.txt", "test_data/input_5.txt"}
60 | 	testOutput := []string{"test_data/output_1_xml.txt", "test_data/output_2_xml.txt", "test_data/output_3_xml.txt", "test_data/output_4_xml.txt", "test_data/output_5_xml.txt"}
61 | 
62 | 	for n, file := range testInput {
63 | 		ac := map[int]Event{}
64 | 		c.parseFile(ac, file)
65 | 
66 | 		if expected, err := ioutil.ReadFile(testOutput[n]); err == nil {
67 | 			if b.String() != string(expected) {
68 | 				t.Errorf("TestParseFileXML %d failed: got %s\nexpected: %s\n", n+1, b.String(), string(expected))
69 | 			}
70 | 		}
71 | 		b.Reset()
72 | 	}
73 | }
74 | 


--------------------------------------------------------------------------------
/test_data/input_1.txt:
--------------------------------------------------------------------------------
1 | [21/Apr/2009:11:39:51 -0700] conn=11 fd=608 slot=608 connection from 207.1.153.57 to 192.18.122.139
2 | [21/Apr/2009:11:39:51 -0700] conn=11 op=0 BIND dn="cn=Directory Manager" method=128 version=3
3 | [21/Apr/2009:11:39:51 -0700] conn=11 op=0 RESULT err=0 tag=97 nentries=0 etime=0
4 | [21/Apr/2009:11:39:51 -0700] conn=11 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(mobile=+1 123 456-7890)"
5 | [21/Apr/2009:11:39:51 -0700] conn=11 op=1 RESULT err=0 tag=101 nentries=1 etime=3 notes=U
6 | [21/Apr/2009:11:39:51 -0700] conn=11 op=2 UNBIND
7 | [21/Apr/2009:11:39:51 -0700] conn=11 op=2 fd=608 closed - U1
8 | 


--------------------------------------------------------------------------------
/test_data/input_2.txt:
--------------------------------------------------------------------------------
1 | [07/May/2009:11:43:28 -0700] conn=877 fd=608 slot=608 connection from 207.1.153.32 to 192.18.122.139
2 | [07/May/2009:11:43:28 -0700] conn=877 op=0 BIND dn="cn=Directory Manager" method=128 version=3
3 | [07/May/2009:11:43:28 -0700] conn=877 op=0 RESULT err=0 tag=97 nentries=0 etime=0
4 | [07/May/2009:11:43:29 -0700] conn=877 op=1 SRCH base="(ou=People)" scope=2 filter="(uid=*)"
5 | [07/May/2009:11:43:29 -0700] conn=877 op=1 SORT uid
6 | [07/May/2009:11:43:29 -0700] conn=877 op=1 VLV 0:5:0210 10:5397 (0)
7 | [07/May/2009:11:43:29 -0700] conn=877 op=1 RESULT err=0 tag=101 nentries=1 etime=0
8 | 


--------------------------------------------------------------------------------
/test_data/input_3.txt:
--------------------------------------------------------------------------------
1 | [21/Apr/2009:11:39:55 -0700] conn=14 fd=700 slot=700 connection from 207.1.153.51 to 192.18.122.139
2 | [21/Apr/2009:11:39:55 -0700] conn=14 op=0 BIND dn="" method=sasl version=3 mech=DIGEST-MD5
3 | [21/Apr/2009:11:39:55 -0700] conn=14 op=0 RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress
4 | [21/Apr/2009:11:39:55 -0700] conn=14 op=1 BIND dn="uid=jdoe,dc=example,dc=com" method=sasl version=3 mech=DIGEST-MD5
5 | [21/Apr/2009:11:39:55 -0700] conn=14 op=1 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=jdoe,dc=example,dc=com"
6 | 


--------------------------------------------------------------------------------
/test_data/input_4.txt:
--------------------------------------------------------------------------------
 1 | [02/Sep/2014:11:05:56 -0400] conn=35 op=1 fd=64 closed - U1
 2 | [02/Sep/2014:11:05:56 -0400] conn=36 fd=64 slot=64 connection from 127.0.0.1 to 127.0.0.1
 3 | [02/Sep/2014:11:05:56 -0400] conn=36 op=0 BIND dn="" method=128 version=3
 4 | [02/Sep/2014:11:05:56 -0400] conn=36 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn=""
 5 | [02/Sep/2014:11:05:56 -0400] conn=36 op=1 SRCH base="dc=example,dc=com" scope=2 filter="(uid=scarter)" attrs="c"
 6 | [02/Sep/2014:11:05:56 -0400] conn=36 op=1 RESULT err=0 tag=101 nentries=1 etime=0
 7 | [02/Sep/2014:11:05:56 -0400] conn=36 op=2 BIND dn="uid=scarter,ou=people,dc=example,dc=com" method=128 version=3
 8 | [02/Sep/2014:11:05:56 -0400] conn=36 op=2 RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=scarter,ou=people,dc=example,dc=com"
 9 | [02/Sep/2014:11:05:56 -0400] conn=36 op=3 UNBIND
10 | [02/Sep/2014:11:05:56 -0400] conn=36 op=3 fd=64 closed - U1
11 | 


--------------------------------------------------------------------------------
/test_data/input_5.txt:
--------------------------------------------------------------------------------
1 | [30/Sep/2015:01:04:21 +1000] conn=21782900 fd=196 slot=196 SSL connection from 130.1.10.4 to 130.3.1.40
2 | [30/Sep/2015:01:04:21 +1000] conn=21782900 op=-1 fd=196 closed - Encountered end of file.
3 | 


--------------------------------------------------------------------------------
/test_data/output_1_xml.txt:
--------------------------------------------------------------------------------
 1 | <Event>
 2 |     <DateTime>21/Apr/2009:11:39:51 -0700</DateTime>
 3 |     <Client>207.1.153.57</Client>
 4 |     <Server>192.18.122.139</Server>
 5 |     <Connection>11</Connection>
 6 |     <SSL>false</SSL>
 7 |     <Operation>0</Operation>
 8 |     <AuthenticatedDN>cn=Directory Manager</AuthenticatedDN>
 9 |     <Action>BIND</Action>
10 |     <Requests>
11 |         <Request>BIND dn=&#34;cn=Directory Manager&#34; method=128 version=3</Request>
12 |     </Requests>
13 |     <Responses>
14 |         <Response>RESULT err=0 tag=97 nentries=0 etime=0</Response>
15 |     </Responses>
16 | </Event>
17 | <Event>
18 |     <DateTime>21/Apr/2009:11:39:51 -0700</DateTime>
19 |     <Client>207.1.153.57</Client>
20 |     <Server>192.18.122.139</Server>
21 |     <Connection>11</Connection>
22 |     <SSL>false</SSL>
23 |     <Operation>1</Operation>
24 |     <AuthenticatedDN>cn=Directory Manager</AuthenticatedDN>
25 |     <Action>SRCH</Action>
26 |     <Requests>
27 |         <Request>SRCH base=&#34;dc=example,dc=com&#34; scope=2 filter=&#34;(mobile=+1 123 456-7890)&#34;</Request>
28 |     </Requests>
29 |     <Responses>
30 |         <Response>RESULT err=0 tag=101 nentries=1 etime=3 notes=U</Response>
31 |     </Responses>
32 | </Event>
33 | <Event>
34 |     <DateTime>21/Apr/2009:11:39:51 -0700</DateTime>
35 |     <Client>207.1.153.57</Client>
36 |     <Server>192.18.122.139</Server>
37 |     <Connection>11</Connection>
38 |     <SSL>false</SSL>
39 |     <Operation>2</Operation>
40 |     <AuthenticatedDN>cn=Directory Manager</AuthenticatedDN>
41 |     <Action>UNBIND</Action>
42 |     <Requests>
43 |         <Request>UNBIND</Request>
44 |     </Requests>
45 |     <Responses>
46 |         <Response>fd=608 closed - U1</Response>
47 |     </Responses>
48 | </Event>
49 | 


--------------------------------------------------------------------------------
/test_data/output_2_xml.txt:
--------------------------------------------------------------------------------
 1 | <Event>
 2 |     <DateTime>07/May/2009:11:43:28 -0700</DateTime>
 3 |     <Client>207.1.153.32</Client>
 4 |     <Server>192.18.122.139</Server>
 5 |     <Connection>877</Connection>
 6 |     <SSL>false</SSL>
 7 |     <Operation>0</Operation>
 8 |     <AuthenticatedDN>cn=Directory Manager</AuthenticatedDN>
 9 |     <Action>BIND</Action>
10 |     <Requests>
11 |         <Request>BIND dn=&#34;cn=Directory Manager&#34; method=128 version=3</Request>
12 |     </Requests>
13 |     <Responses>
14 |         <Response>RESULT err=0 tag=97 nentries=0 etime=0</Response>
15 |     </Responses>
16 | </Event>
17 | <Event>
18 |     <DateTime>07/May/2009:11:43:29 -0700</DateTime>
19 |     <Client>207.1.153.32</Client>
20 |     <Server>192.18.122.139</Server>
21 |     <Connection>877</Connection>
22 |     <SSL>false</SSL>
23 |     <Operation>1</Operation>
24 |     <AuthenticatedDN>cn=Directory Manager</AuthenticatedDN>
25 |     <Action>SRCH</Action>
26 |     <Requests>
27 |         <Request>SRCH base=&#34;(ou=People)&#34; scope=2 filter=&#34;(uid=*)&#34;</Request>
28 |         <Request>SORT uid</Request>
29 |         <Request>VLV 0:5:0210 10:5397 (0)</Request>
30 |     </Requests>
31 |     <Responses>
32 |         <Response>RESULT err=0 tag=101 nentries=1 etime=0</Response>
33 |     </Responses>
34 | </Event>
35 | 


--------------------------------------------------------------------------------
/test_data/output_3_xml.txt:
--------------------------------------------------------------------------------
 1 | <Event>
 2 |     <DateTime>21/Apr/2009:11:39:55 -0700</DateTime>
 3 |     <Client>207.1.153.51</Client>
 4 |     <Server>192.18.122.139</Server>
 5 |     <Connection>14</Connection>
 6 |     <SSL>false</SSL>
 7 |     <Operation>0</Operation>
 8 |     <AuthenticatedDN>__anonymous__</AuthenticatedDN>
 9 |     <Action>BIND</Action>
10 |     <Requests>
11 |         <Request>BIND dn=&#34;&#34; method=sasl version=3 mech=DIGEST-MD5</Request>
12 |     </Requests>
13 |     <Responses>
14 |         <Response>RESULT err=14 tag=97 nentries=0 etime=0, SASL bind in progress</Response>
15 |     </Responses>
16 | </Event>
17 | <Event>
18 |     <DateTime>21/Apr/2009:11:39:55 -0700</DateTime>
19 |     <Client>207.1.153.51</Client>
20 |     <Server>192.18.122.139</Server>
21 |     <Connection>14</Connection>
22 |     <SSL>false</SSL>
23 |     <Operation>1</Operation>
24 |     <AuthenticatedDN>uid=jdoe,dc=example,dc=com</AuthenticatedDN>
25 |     <Action>BIND</Action>
26 |     <Requests>
27 |         <Request>BIND dn=&#34;uid=jdoe,dc=example,dc=com&#34; method=sasl version=3 mech=DIGEST-MD5</Request>
28 |     </Requests>
29 |     <Responses>
30 |         <Response>RESULT err=0 tag=97 nentries=0 etime=0 dn=&#34;uid=jdoe,dc=example,dc=com&#34;</Response>
31 |     </Responses>
32 | </Event>
33 | 


--------------------------------------------------------------------------------
/test_data/output_4_xml.txt:
--------------------------------------------------------------------------------
 1 | <Event>
 2 |     <DateTime>02/Sep/2014:11:05:56 -0400</DateTime>
 3 |     <Client>127.0.0.1</Client>
 4 |     <Server>127.0.0.1</Server>
 5 |     <Connection>36</Connection>
 6 |     <SSL>false</SSL>
 7 |     <Operation>0</Operation>
 8 |     <AuthenticatedDN>__anonymous__</AuthenticatedDN>
 9 |     <Action>BIND</Action>
10 |     <Requests>
11 |         <Request>BIND dn=&#34;&#34; method=128 version=3</Request>
12 |     </Requests>
13 |     <Responses>
14 |         <Response>RESULT err=0 tag=97 nentries=0 etime=0 dn=&#34;&#34;</Response>
15 |     </Responses>
16 | </Event>
17 | <Event>
18 |     <DateTime>02/Sep/2014:11:05:56 -0400</DateTime>
19 |     <Client>127.0.0.1</Client>
20 |     <Server>127.0.0.1</Server>
21 |     <Connection>36</Connection>
22 |     <SSL>false</SSL>
23 |     <Operation>1</Operation>
24 |     <AuthenticatedDN>__anonymous__</AuthenticatedDN>
25 |     <Action>SRCH</Action>
26 |     <Requests>
27 |         <Request>SRCH base=&#34;dc=example,dc=com&#34; scope=2 filter=&#34;(uid=scarter)&#34; attrs=&#34;c&#34;</Request>
28 |     </Requests>
29 |     <Responses>
30 |         <Response>RESULT err=0 tag=101 nentries=1 etime=0</Response>
31 |     </Responses>
32 | </Event>
33 | <Event>
34 |     <DateTime>02/Sep/2014:11:05:56 -0400</DateTime>
35 |     <Client>127.0.0.1</Client>
36 |     <Server>127.0.0.1</Server>
37 |     <Connection>36</Connection>
38 |     <SSL>false</SSL>
39 |     <Operation>2</Operation>
40 |     <AuthenticatedDN>uid=scarter,ou=people,dc=example,dc=com</AuthenticatedDN>
41 |     <Action>BIND</Action>
42 |     <Requests>
43 |         <Request>BIND dn=&#34;uid=scarter,ou=people,dc=example,dc=com&#34; method=128 version=3</Request>
44 |     </Requests>
45 |     <Responses>
46 |         <Response>RESULT err=0 tag=97 nentries=0 etime=0 dn=&#34;uid=scarter,ou=people,dc=example,dc=com&#34;</Response>
47 |     </Responses>
48 | </Event>
49 | <Event>
50 |     <DateTime>02/Sep/2014:11:05:56 -0400</DateTime>
51 |     <Client>127.0.0.1</Client>
52 |     <Server>127.0.0.1</Server>
53 |     <Connection>36</Connection>
54 |     <SSL>false</SSL>
55 |     <Operation>3</Operation>
56 |     <AuthenticatedDN>uid=scarter,ou=people,dc=example,dc=com</AuthenticatedDN>
57 |     <Action>UNBIND</Action>
58 |     <Requests>
59 |         <Request>UNBIND</Request>
60 |     </Requests>
61 |     <Responses>
62 |         <Response>fd=64 closed - U1</Response>
63 |     </Responses>
64 | </Event>
65 | 


--------------------------------------------------------------------------------
/test_data/output_5_xml.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/aidan-/ldap-access-parser/c6c71585bc8666faf7d5bf4a04db8662fa917c45/test_data/output_5_xml.txt


--------------------------------------------------------------------------------