| Grepping failed connections from OpenLDAP log | ||
|---|---|---|
 | Part I. Miscellaneous subjects (and those still to be sorted) |  |
| Grepping failed connections from OpenLDAP log | ||
|---|---|---|
| | Part I. Miscellaneous subjects (and those still to be sorted) | |
Connections lost are shown in the OpenLDAP log on lines of their own, not showing the IP of the host at the other end. They do show the connection number, and it has a corresponding line telling the server ACCEPTed it, and that line does show the IP. Now to get the IPs of hosts losing their connections...
Grep the connection numbers of failed connection into patterns
user@host:~$grep -o 'conn=[0-9]* fd=[0-9]* closed (connection lost)' ldap.log|awk '{print $1}'|sort > patterns
patterns now looks like:
<snip> conn=15381 conn=22922 conn=15378 conn=24178 <snip>
Grep the connection ACCEPTs into ACCEPTS
user@host:~$ grep -o 'conn=[0-9]* fd=[0-9]* ACCEPT from IP=[0-9.]*' ldap.log > ACCEPTS
(Throw away part of the line to make subsequent greps faster.)
Grep and sort (number of) failed connections from ACCEPTS using patterns
user@host:~$ for LINE in $(cat patterns) ; do grep $LINE ACCEPTS ; done|grep -o 'IP=[0-9.]*'|awk -F= '{print $2}'|sort|uniq -c|sort -rn > lost
![[Note]](http://jurjenbokma.com/ApprenticesNotes/images/admon/note.png) | Note |
|---|---|
Using a loop like this appears to be many orders of magnitude faster than using the -f option of grep. |
| |  | |
| Marking files for delete from within MPlayer |  | RW filesystem overlay with UnionFS |