search-logs

Use the search-logs tool to search for content in log files. This tool provides grep-like support for searching log files, but it offers the a number of additional benefits, including:

  • It can automatically trace backward through rotated log files to find matching records in older log files.
  • It supports searching log files that are compressed and encrypted.
  • It can handle multi-line messages.
  • It allows you to specify start and end times for the messages to match.

summarize-access-log

Use the summarize-access-log tool to examine one or more access log files and produce a plain-text report of the log data that they contain. The output can include:

  • The length of time covered by the log files that were examined
  • The number of connections that were established and disconnected
  • The addresses of the clients that most frequently connected to the server
  • The average rate of connects and disconnects per second
  • The most common TLS protocols and cipher suites
  • The number of operations processed, both overall and by operation type
  • The average rate of operations processed per second, both overall and by operation type
  • The average duration of operations processed, both overall and by operation type
  • The breakdown of operation processing times into sets of predefined buckets, ranging from less than one millisecond to over one minute
  • A breakdown of the most common result codes for each type of operation and their relative frequencies
  • The most common authentication mechanisms
  • The most common bind distinguished names (DNs) for successful and failed bind attempts
  • The most common types of extended operations processed and their relative frequencies
  • The number of unindexed search operations processed and the most common types of filters used when processing unindexed searches
  • The most common base DNs for searches with non-baseObject scopes
  • The relative frequencies for each search scope
  • The most common types of search filters used and their relative frequencies
  • The most common types of filters for searches returning zero, one, and multiple entries
  • Filters used for searches that took the longest to complete

The summarize-access-log tool supports operating on log files that are compressed and encrypted. It also attempts to anonymize sensitive information in the output by replacing attribute values with placeholders.