If Encryption Management Server has the Keyserver service enabled and inbound LDAP and/or LDAPS connections are permitted, external hosts can perform key lookups on Encryption Management Server.
Such lookups are recorded in log files on Encryption Management Server. However, depending on the configuration of your firewall, the public IP addresses of the remote hosts may not be recorded.
Symantec Encryption Management Server 3.4.2 and above.
To view the IP addresses that connect to the Encryption Management Keyserver service over LDAP, please do the following from the administration console:
To view the IP addresses that connect to the Encryption Management Keyserver service over LDAPS, ssh to Encryption Management Server and search the /var/log/ovid/stunnel.log file. For example, this shows an LDAPS connection from IP 192.168.1.62:
# grep 'ldaps2] accepted' /var/log/ovid/stunnel.log
2021.05.17 16:03:22 LOG5[2359:139665009559296]: Service [ldaps2] accepted connection from 192.168.1.62:61088
To view the LDAP or LDAPS queries performed against Encryption Management Server, ssh to Encryption Management Server and search the /var/log/ldap file. For example, this shows a search for the public key associated with the email address [email protected]:
# grep pgpUserID /var/log/ldap
May 17 16:03:22 +01:00 keys slapd slapd: conn=1007 op=2 SRCH base="o=PGP keys" scope=2 deref=0 filter="(&(pgpUserID=*<[email protected]>*)(pgpDisabled=0))"