Category: Snippet
-
How to parse a log file for unique krb5 basic authentications
April 6, 2022
A handy one-liner for parsing krb5 basic auth attempts from an apache log file.
Deprecated: mb_convert_encoding(): Handling HTML entities via mbstring is deprecated; use htmlspecialchars, htmlentities, or mb_encode_numericentity/mb_decode_numericentity instead in /usr/src/wordpress/wp-content/themes/ashdavies/functions.php on line 120The below command will parse a series of historic apache2 log files and present back a list of unique, fully-qualified, alphabetically sorted, Kerberos usernames that logged in using Basic HTTP authentication. It’s assumed that you have the
krb5
module installed for Apache.zcat error.log*gz | grep '$DATE' | grep 'kerb_authenticate_user_krb5pwd' | awk '{ print $14 }' | sort -u | sed -E 's/user=//
Results in:
userA@DOMAIN userB@DOMAIN userC@DOMAIN userD@DOMAIN userE@DOMAIN