log incoming IPs on ldap server
by vinmansbrew from LinuxQuestions.org on (#504ZZ)
Rhel 6.10
I have 2 ldap servers, both using Oracle directory services for ldap, so no Openldap.
We have a few usernames that are continuously trying to authenticate, and afaik, the oracle software hasn't been set up to monitor the IP of incoming attempts.
Right now, I am trying tcpdump -n -i eth0 -w file.cap "port ****" to see if I can capture something. But, I am wondering if there might not be a better way? I assume there is, but I haven't found it yet.
I thought about an iptables filter, but the ldap servers are currently not running iptables(other firewalls in effect).
I've tried playing with netstat, but haven't got it to work, from what I can tell.
netstat -tn 2>/dev/null | grep :389 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head
Would something like tcpspy do the trick?
Thanks
I have 2 ldap servers, both using Oracle directory services for ldap, so no Openldap.
We have a few usernames that are continuously trying to authenticate, and afaik, the oracle software hasn't been set up to monitor the IP of incoming attempts.
Right now, I am trying tcpdump -n -i eth0 -w file.cap "port ****" to see if I can capture something. But, I am wondering if there might not be a better way? I assume there is, but I haven't found it yet.
I thought about an iptables filter, but the ldap servers are currently not running iptables(other firewalls in effect).
I've tried playing with netstat, but haven't got it to work, from what I can tell.
netstat -tn 2>/dev/null | grep :389 | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -nr | head
Would something like tcpspy do the trick?
Thanks