Created
October 18, 2016 15:46
-
-
Save lisa/712e72e6f2152683b722f0f75b9b12ea to your computer and use it in GitHub Desktop.
Splunk Goal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 2016-10-18T15:44:32.065382+00:00 ldap01 slapd[9665]: conn=1127 fd=36 ACCEPT from IP=192.168.101.34:43658 (IP=0.0.0.0:389) | |
| 2016-10-18T15:44:32.065677+00:00 ldap01 slapd[9665]: conn=1127 op=0 EXT oid=1.3.6.1.4.1.1466.20037 | |
| 2016-10-18T15:44:32.065688+00:00 ldap01 slapd[9665]: conn=1127 op=0 STARTTLS | |
| 2016-10-18T15:44:32.065692+00:00 ldap01 slapd[9665]: conn=1127 op=0 RESULT oid= err=0 text= | |
| 2016-10-18T15:44:32.146895+00:00 ldap01 slapd[9665]: conn=1127 fd=36 TLS established tls_ssf=256 ssf=256 | |
| 2016-10-18T15:44:33.219780+00:00 ldap01 slapd[9665]: conn=1127 op=1 BIND dn="cn=test_account,ou=people,dc=example,dc=com" method=128 | |
| 2016-10-18T15:44:33.286399+00:00 ldap01 slapd[9665]: conn=1127 op=2 UNBIND | |
| 2016-10-18T15:44:33.286751+00:00 ldap01 slapd[9665]: conn=1127 op=1 RESULT tag=97 err=49 text= | |
| 2016-10-18T15:44:33.298605+00:00 ldap01 slapd[9665]: conn=1127 fd=36 closed | |
| Goal: Notice the err=49 for (host=ldap01, conn=1127, op=1) on line 8 and then go back to the BIND attempt on line 6 to find the dn associated with the BIND. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment