• 0

Tracking down LDAP Bindings


Question

As a continuation to @Kerry DeVilbiss's datasource to track DC's that are getting unsigned LDAP bindings, we have been thinking about making a datasource that will track the incoming connections. Our thought was to take a page from this article and query our event log every X minutes and output the response of found events to the datasource. My question is a two-parter: 

1) Does anyone have experience using a datasource to output large amounts of data to the wildvalue? If so, is there a character limit? We were thinking once we found the event we could narrow down the relevant data inside of a scripted method, but are worried about performance on the collector. 

2) Aside from a some performance improvements on the collector, is there a benefit for adding this as a datasource rather than an eventsource? We often find the event module clunky and cumbersome. 

 

Thanks! 

Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0
  • Administrators

Datasources can only store numbers, not strings or log entries. So, while you technically could output the string as part of the datasource script, LM would choke on it giving you a "NaN" (not a number) response. Technically, it would be possible to treat each instance of the offending log entry as a resource instance, making the name of the instance be the first x characters of the log entry, but that would get very cumbersome, very quickly and you'd be using active discovery to do your monitoring, which wouldn't give you very real time statistics, nor graphability.

Event source is the way to go. Is there perhaps some light we can shed on the event module to make it less clunky and cumbersome for you?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.