Skip to content
This repository has been archived by the owner on Apr 12, 2023. It is now read-only.
/ LDAP2CEF Public archive
forked from mobjack/LDAP2CEF

DEPRECATED - This script parses openldap logs and converts them to CEF pulling relevant data.

0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mozilla-it/LDAP2CEF

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
.gitignore
.gitignore
 
 
README
README
 
 
ldap2cef.py
ldap2cef.py
 
 

Repository files navigation

Hi Thanks for checking out my ldap log parser.  If you are looking at this 
you realize that openldap logs are a pain to parse to gain any useful information.

Well I hope you can get some use out of this script.  Big thanks to biocode for the
assistance.  biocode++

What does it do?
This script converts multiple lines of openldap logs into the cef format.

Usage:
ldap2cef.py -i <filename>

Parameters you may need, see globals:
* out_dir - is the directory where you want the cef files to be placed
* domain - this parameter sets what domain to look for when scanning for login/logout
* secsbefore - since I am scanning the log files every 5 minutes I set this to look back
that time frame.
 

ArcSight Connector Stuff:
You can use a syslog connector or a flex connector.  I use a batch mode with a 
"Regex Multiple Folder Follower".  There you will find a CEF file option.  

Still to fix:
I still have to fix the server name who is reporting the login.

About

DEPRECATED - This script parses openldap logs and converts them to CEF pulling relevant data.

Topics

abandoned unmaintained

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

9 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published