Our dirsrv access logs on our freeipa master server are getting flooded with this:
[29/Jun/2015:12:02:09 -0400] conn=215758 op=1355326784 SRCH base="cn=u2,cn=groups,cn=accounts,dc=ccr,dc=buffalo,dc=edu" scope=0 filter="(objectClass=*)" attrs="objectClass posixgroup cn userPassword gidNumber member ipaNTSecurityIdentifier modifyTimestamp entryusn uid" [29/Jun/2015:12:08:08 -0400] conn=215758 op=1356545457 RESULT err=0 tag=101 nentries=0 etime=0 notes=P All from the same conn=215758. Logs get rotated every minute. logconv.pl is showing Searches: 265803 (3322.54/sec) (199352.25/min) How can I figure out which ip address this query is coming from? Is there a way to fetch the ip using the connection id? conn=215758? Thanks in advance. --Andrew -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project