On 06/29/2015 06:34 PM, Andrew E. Bruno wrote:
On Mon, Jun 29, 2015 at 10:29:24AM -0600, Rich Megginson wrote:
On 06/29/2015 10:13 AM, Andrew E. Bruno wrote:
Our dirsrv access logs on our freeipa master server are getting flooded
[29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH
filter="(objectClass=*)" attrs="objectClass posixgroup cn userPassword
gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn uid"
[29/Jun/2015:12:08:08 -0400] conn=215758 op=1356545457 RESULT err=0
tag=101 nentries=0 etime=0 notes=P
All from the same conn=215758. Logs get rotated every minute.
logconv.pl is showing
Searches: 265803 (3322.54/sec) (199352.25/min)
How can I figure out which ip address this query is coming from? Is
there a way to fetch the ip using the connection id? conn=215758?
grep "conn=215758 fd=" /var/log/dirsrv/slapd-INST/access*
Unfortunately, if it has been rotated away, you won't be able to get the
information from the access log.
No luck .. looks like it has been rotated away. Any other thoughts?
Is it correct to assume this is all coming from a single host? My
thinking is that if I can kill the query coming from the host that it
would solve the problem.
This is looking like bug https://fedorahosted.org/389/ticket/48192.
Because a ldap client (likely SSSD ?) keeps sending page results
requests although 0 entries are returned.
A condition for this is that the search has been abandonned but it is
difficult to very this as the log file has rotated.
This is fixed in 6.7 and 7.1.z
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project