This repository has been archived by the owner on Apr 12, 2023. It is now read-only.
forked from mobjack/LDAP2CEF
-
Notifications
You must be signed in to change notification settings - Fork 0
mozilla-it/LDAP2CEF
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Hi Thanks for checking out my ldap log parser. If you are looking at this you realize that openldap logs are a pain to parse to gain any useful information. Well I hope you can get some use out of this script. Big thanks to biocode for the assistance. biocode++ What does it do? This script converts multiple lines of openldap logs into the cef format. Usage: ldap2cef.py -i <filename> Parameters you may need, see globals: * out_dir - is the directory where you want the cef files to be placed * domain - this parameter sets what domain to look for when scanning for login/logout * secsbefore - since I am scanning the log files every 5 minutes I set this to look back that time frame. ArcSight Connector Stuff: You can use a syslog connector or a flex connector. I use a batch mode with a "Regex Multiple Folder Follower". There you will find a CEF file option. Still to fix: I still have to fix the server name who is reporting the login.
About
DEPRECATED - This script parses openldap logs and converts them to CEF pulling relevant data.
Topics
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published