Overview

You may want to export a list of IP addresses and the usernames for all the connection requests sent by client applications to ScaleArc cluster(s) over a certain duration in the past.

Solution

The following steps only work for log files that have entries in the format shown below so validate this before proceeding.

2021-02-08 09:02:05 #!#30#!#1#!#10.XX.XXX.XXX#!#SCALEARC#!#ISSP3#!#0#!#10.XXX.XXX.XXX#!#-1#!#-1#!#0#!#127301#!#20210208090204#!#ScaleArc: VERSION Request#!##!#1050137#!#184#!#0#!#0#!#0#!#19#!#0#!#0#!##!#231990061#!##!#-1#!#3#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!#0#!##!##!##!##!##!##!##!#0#!#-1#!##!#-1#!#0#!#0#!#0#!#0#!#110#!#-1

The requested information of IP Address & username pairs can be retrieved from the compressed idb logs with the following command

zcat -f /data/logs/<date-prefix>*/cid_<clusterid>/idb.log.* | awk -F  ',' '{print $2 $3}' | grep User | sort -u

where <date-prefix> can be for example 2021 to search through the current year logs, or 202104 for the logs of the fourth month(April) of 2021.

The output would be as follows, yielding a unique line for each Client IP - User value pair:

Client IP: 192.xx.xx.xx User: userA
Client IP: 192.xx.xx.xx User: unknown
Client IP: 192.xx.xx.yy User: userA
Client IP: 192.xx.xx.yy User: unknown
Client IP: 192.zz.zz.zz User: userB
Client IP: 192.zz.zz.zz User: unknown

You may see the user unknown which is for connection requests where the connection has been received but it wasn't authenticated.