20.4. Getting Access Log Statistics

The logconv.pl script parses the access log and returns summary information on different users and operations that have been run on the server.
At its simplest, the script simply parses the access log (or logs):
# logconv.pl /relative/path/to/accessLog
The script can accept wildcards to parse multiple access logs, which is useful if log rotation is used.
# logconv.pl /var/log/dirsrv/slapd-instance/access*
The different options for logconv.pl are covered in the manpage and in the Configuration, Command, and File Reference.
There are several different ways that logconv.pl can be used to pull general usage information from the access logs.
At its simplest, logconv.pl prints a list of total operations, total number of connections, counts per each operation type, counts for some extended operations like persistent searches, and bind information.
# logconv.pl /var/log/dirsrv/slapd-instance/access
Access Log Analyzer 8.2
Command: logconv.pl /var/log/dirsrv/slapd-instance/access
Processing 1 Access Log(s)...

[001] /var/log/dirsrv/slapd-instance/access	size (bytes):        77532

Total Log Lines Analysed:  527

Start of Logs:    14/Oct/2017:16:15:22.452909568
End of Logs:      14/Oct/2017:16:39:50.157790196

Processed Log Time:  0 Hours, 24 Minutes, 27.704877056 Seconds

Restarts:                     10
Secure Protocol Versions:
  - TLS1.2 client bound as uid=user_name,ou=people,o=example.com (11 connections)
  - TLS1.2 128-bit AES; client CN=CA Subsystem,O=example.com; issuer CN=Certificate Authority,O=example.com (11 connections)
  - TLS1.2 128-bit AES-GCM (2 connections)
  - TLS1.2 128-bit AES (3 connections)

Peak Concurrent Connections:  38
Total Operations:             4771
Total Results:                4653
Overall Performance:          97.5%

Total Connections:            249           (0.17/sec)  (10.18/min)
 - LDAP Connections:          107           (0.07/sec)  (4.37/min)
 - LDAPI Connections:         128           (0.09/sec)  (5.23/min)
 - LDAPS Connections:         14            (0.01/sec)  (0.57/min)
 - StartTLS Extended Ops:     2             (0.00/sec)  (0.08/min)

Searches:                     2963          (2.02/sec)  (121.13/min)
Modifications:                649           (0.44/sec)  (26.53/min)
Adds:                         785           (0.53/sec)  (32.09/min)
Deletes:                      10            (0.01/sec)  (0.41/min)
Mod RDNs:                     6             (0.00/sec)  (0.25/min)
Compares:                     0             (0.00/sec)  (0.00/min)
Binds:                        324           (0.22/sec)  (13.25/min)

Proxied Auth Operations:      0
Persistent Searches:          17
Internal Operations:          0
Entry Operations:             0
Extended Operations:          4
Abandoned Requests:           0
Smart Referrals Received:     0

VLV Operations:               30
VLV Unindexed Searches:       0
VLV Unindexed Components:     20
SORT Operations:              22

Entire Search Base Queries:   12
Paged Searches:               2
Unindexed Searches:           0
Unindexed Components:         149

FDs Taken:                    249
FDs Returned:                 212
Highest FD Taken:             107

Broken Pipes:                 0
Connections Reset By Peer:    0
Resource Unavailable:         0
Max BER Size Exceeded:        0

Binds:                        324
Unbinds:                      155
---------------------------------
 - LDAP v2 Binds:             41
 - LDAP v3 Binds:             180
 - AUTOBINDs(LDAPI):          103
 - SSL Client Binds:          0
 - Failed SSL Client Binds:   0
 - SASL Binds:                134
   - EXTERNAL: 114
   - GSSAPI: 20
 - Directory Manager Binds:   10
 - Anonymous Binds:           1

Cleaning up temp files...
Done.
In addition to the summary information for operations and connections, more detailed summary information for all of the connections to the server. This information includes things like most common IP addresses used to connect to the server, DNs with the most failed login attempts, total bind DNs used to access the server, and the most common error or return codes.
Additional connection summaries are passed as a single option. For example, listing the number of DNs used to connect to the server (b) and the total connection codes returned by the server (c) are passed as -bc.
# logconv.pl -bc /var/log/dirsrv/slapd-instance/access
...
----- Total Connection Codes -----

U1              3    Cleanly Closed Connections
B1              1    Bad Ber Tag Encountered

----- Top 20 Bind DN's -----

Number of Unique Bind DN's: 212

1801            cn=Directory Manager
1297            Anonymous Binds
311             uid=jsmith,ou=people...
87              uid=bjensen,ou=peopl...
85              uid=mreynolds,ou=peo...
69              uid=jrockford,ou=peo...
55              uid=sspencer,ou=peop...
...
The data can be limited to entries after a certain start time (-S), before a certain end time (-E), or within a range. When start and end times are set, the logconv.pl first prints the time range given, then the summary for that period.
# logconv.pl -S "[01/Jul/2016:16:11:47.000000000 -0400]" -E "[01/Jul/2016:17:23:08.999999999 -0400]" /var/log/dirsrv/slapd-instance/access
...
----------- Access Log Output ------------

Start of Logs:    01/Jul/2016:16:11:47
End of Logs:      01/Jul/2016:17:23:08
...
The start and end period only sets time limits for the data used to generate the total summary counts. It still shows aggregated, or total, counts. To get a view of the patterns in connections and operations to the Directory Server, it is possible to output data with counts per minute (-M) or per second (-m). In this case, the data are printed, in time unit increments, to a specified CSV output file.
# logconv.pl -m|-M outputFile accessLogFile
For example:
# logconv.pl -M /home/output/statsPerMin.txt /var/log/dirsrv/slapd-instance/access*
The -M|-m options can also be used with the -S and -E arguments, to get per-minute or per-second counts within a specific time period.
Each row in the file represents one unit of time, either minute or second, with total counts for that time period. The CSV file (for both per-minute and per-second statistics) contains the following columns, in order:
Time,time_t,Results,Search,Add,Mod,Modrdn,Delete,Abandon,Connections,SSL Conns,Bind,Anon Bind,Unbind,Unindexed
The CSV file can be manipulated in any spreadsheet program, like LibreOffice Calc, and in many other business applications. The procedures for importing the CSV data and generating charts or other metrics depends on the application itself.
For example, to create a chart in LibreOffice Calc:
  1. Open the CSV file.
  2. Click the Insert menu, and select Chart.
  3. In the Chart Type area, set the chart type to XY (Scatter).
    1. Set the subtype to lines only.
    2. Select the option to sort by X values.
  4. Accept the defaults in the other screens (particularly, to use the data series in columns and to set the first row and first column as labels), and create the chart.