admingit
/
Deploiement_Server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0745d48db2'
${ noResults }
Deploiement_Server/deployment-apps/SA-ldapsearch/default/data/ui/views/ldapgroup.xml

120 lines
4.2 KiB
Raw Blame History

<form version="1.1">
<label>ldapgroup</label>
<description></description>
<row>
<panel>
<html><div style="max-width: 860px;">
<h1>The ldapgroup command</h1>
<p>
The ldapgroup command filters and augments events with information from Active Directory. It follows a <b>search</b>
or similar command in the search pipeline. A sample usage follows:</p>
<pre>
| ldapsearch search="(objectClass=group)" attrs=distinguishedName
| ldapgroup
</pre>
<p>
On return, it adds the following additional fields to each event:
<table cellpadding="2" style="margin-left: 12px; margin-top: 2px">
<tr>
<td><b>member_dn</b></td>
<td>List of Member Distinguished Names (DNs).</td>
</tr>
<tr>
<td><b>member_domain</b></td>
<td>NetBIOS domains for the member DNs.</td>
</tr>
<tr>
<td><b>member_name</b></td>
<td>The sAMAccountName for the member DNs.</td>
</tr>
<tr>
<td><b>member_type</b></td>
<td>The type of membership (one of PRIMARY, DIRECT or NESTED with the group DN).</td>
</tr>
<tr>
<td><b>mv_combo</b></td>
<td>All of the above, combined into a single field separated by '###'.</td>
</tr>
<tr>
<td><b>errors</b></td>
<td>Any circular references that were found.</td>
</tr>
</table>
</p>
<h2>Options</h2>
<!-- groupdn -->
<p style="margin-bottom: 0; margin-left: 6px;"><b>groupdn=</b><i>&lt;field-name&gt;</i></p>
<p style="margin-left: 45px; margin-top: 2px;">
Specifies the name of the field that holds the Distinguished Name (DN) of the group to expand. If you do not specify
the <b>groupdn</b> option, then the command uses the <b>distinguishedName</b> field name.
</p>
<!-- domain -->
<p style="margin-bottom: 0; margin-left: 6px;"><b>domain=</b><i>&lt;domain-specifier&gt;</i></p>
<p style="margin-left: 45px; margin-top: 2px;">
Specifies the name of a configuration stanza in ldap.conf. If you do not specify a domain, the command uses the
default stanza.
</p>
<!-- debug -->
<p style="margin-bottom: 0; margin-left: 6px;"><b>debug=</b><i>&lt;bool&gt;</i></p>
<p style="margin-left: 45px; margin-top: 2px;">
If set to true, debug logging is in effect. This is a short-hand for <b>logging_level=DEBUG</b>.
</p>
<!-- decode -->
<p style="margin-bottom: 0; margin-left: 6px;"><b>decode=</b><i>&lt;bool&gt;</i></p>
<p style="margin-left: 45px; margin-top: 2px;">
If set to true, Active Directory formatting rules are applied to attributes. The default is the value of decode as
specified in the configuration stanza for domain.
</p>
<!-- logging_level -->
<p style="margin-bottom: 0; margin-left: 6px;"><b>logging_level=</b><b>critical</b>|<b>error</b>|<b>warning</b>|<b>info</b>|<b>debug</b></p>
<p style="margin-bottom: 2px; margin-left: 45px; margin-top: 2px;">
Specifies the logging level for the $SPLUNK_HOME/var/log/splunk/SA-ldapsearch.log file. Splunk can access this file
with the "index=_internal sourcetype=SA-ldapsearch" search and exposes the following fields:
<table cellpadding="2" style="margin-left: 43px; margin-top: 2px">
<tr>
<td><b>File</b></td>
<td>Full pathname of the source file where the logging call was made.</td>
</tr>
<tr>
<td><b>Level</b></td>
<td>
Level of the logging call that was made; one of <b>critical</b>, <b>error</b>, <b>warning</b>,
<b>info</b>, or <b>debug</b>.
</td>
</tr>
<tr>
<td><b>Line</b></td>
<td>Line number in the source file where the logging call was made.</td>
</tr>
<tr>
<td><b>Pid</b></td>
<td>ID of the process that made the logging call.</td>
</tr>
<tr>
<td><b>log_source</b></td>
<td>
String of the form "<b>Pid=</b><i>&lt;Pid&gt;</i><b>, File=</b><i>&lt;File&gt;</i><b>,
Line=</b><i>&lt;Line&gt;</i>".
</td>
</tr>
<tr>
<td><b>message</b></td>
<td>Full text of the logged message.</td>
</tr>
</table>
</p>
<h2>Examples</h2>
<p>
To display a table of all groups with their members and membership type:
</p>
<pre>
| ldapsearch search="(objectClass=group)" attrs="cn,distinguishedName"
| table cn,distinguishedName
| ldapgroup
| table cn,member_dn,member_type
</pre></div>
</html>
</panel>
</row>
</form>
Reference in new issue View Git Blame Copy Permalink