[33072] in Kerberos
Re: krb5kdc log analysis tool/script
daemon@ATHENA.MIT.EDU (Russ Allbery)
Fri Jan 7 17:37:42 2011
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <728464.87867.qm@web161304.mail.bf1.yahoo.com> (Kevin
Longfellow's message of "Fri, 7 Jan 2011 11:52:56 -0800 (PST)")
Date: Fri, 07 Jan 2011 13:35:27 -0800
Message-ID: <87tyhke6sg.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Kevin Longfellow <klongfel@yahoo.com> writes:
> We are using MIT Kerberos 1.7.1 on a linux server and have a lot of kdc
> log entries (100k+ in a 9 hour span) in the kdc logfile krb5kdc.log. I
> figured it can't hurt to ask but does anyone have or know of a
> tool/script to parse the log and summarize the activity?
git clone git://git.eyrie.org/system/metrics.git will give you the stuff
that we use. This is not even remotely a distributed or polished bit of
software; it's a box full of loose pieces that you have to assemble
yourself. But it may be helpful as pointers in the right direction.
This software was originally written for MIT Kerberos but we now use
Heimdal, so recent changes haven't been tested with MIT Kerberos. I think
it should still work, but some tweaks may be required.
A sample monthly report:
Kerberos authentications from 2010-12-01 to 2010-12-31
Initial authentications: 138,017,218
Service tickets: 29,423,229
Total tickets issued: 167,440,447
Unique users in 2010-12: 45,237
Unique services in 2010-12: 2,302
Unique servers in 2010-12: 1,247
where a user is a human user, a service is an initial authentication for a
non-human principal, and a server is something to which a Kerberos
principal authenticated (a service ticket request).
Breakdown of initial authentications:
Type Count Percent
-------- ----------- -------
Users 110,497,742 80.1%
CGI 14,910,569 10.8%
Services 12,608,907 9.1%
-------- ----------- -------
TOTAL: 138,017,218
Breakdown of service tickets:
Type Count Percent
-------- ---------- -------
Users 7,849,867 26.7%
CGI 14,919,865 50.7%
Services 6,653,497 22.6%
-------- ---------- -------
TOTAL: 29,423,229
Top five service tickets:
Service Principal Count
-------------------------------------- ----------
afs/ir.stanford.edu@stanford.edu 15,656,734
ldap/ldap-lb.stanford.edu@stanford.edu 5,371,003
krbtgt/stanford.edu@stanford.edu 3,771,356
service/webkdc@stanford.edu 1,500,145
host/pobox00.stanford.edu@stanford.edu 577,766
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
