Kathy Zhu via FreeIPA-users wrote:
> Thanks Mark and Florence for your replies!
>
> I will check directory389 list to see if there is any useful information.
>
> By turning on audit logging, we'd like to have a record of what was
> changed, when and by whom. For example, we should be able to answer when
> and who added the user XYZ. Unfortunately, IPA's audit logging isn't
> great to serve that purpose, it provides information of what and when,
> not by whom (modifiersname field is useless).
The IPA audit log is the apache error log.
Adding a user you'll see something like:
[Wed Jan 26 13:38:57.762988 2022] [wsgi:error] [pid 1475984:tid 1476323]
[remote 192.168.166.203:46788] ipa: INFO: [jsonserver_session]
tu...@example.test: user_add/1('suser', givenname='some', sn='user',
version='2.245'): SUCCESS
So user tuser added user suser successfully today at 1:30pm.
rob
>
> For others facing similar situations, I found filebeat does the track,
> it can combine multiple lines of logs to a single line before forwarding
> the logs, which is searchable.
>
> Thanks.
>
> Kathy.
>
> On Wed, Jan 26, 2022 at 8:21 AM Mark Reynolds <marey...@redhat.com
> <mailto:marey...@redhat.com>> wrote:
>
> The audit log is essentially just a list of LDIF commands. If you
> remove the "time" and "result" lines you can redirect the log
> straight to ldapmodify:
>
>
> time: 20220126111500
> dn: cn=config,cn=ldbm database,cn=plugins,cn=config
> result: 0
> changetype: modify
> replace: nsslapd-lookthroughlimit
> nsslapd-lookthroughlimit: 5001
> -
> replace: modifiersname
> modifiersname: cn=dm
> -
> replace: modifytimestamp
> modifytimestamp: 20220126161500Z
> -
>
>
> I'm not sure this log is worth "parsing" since it's just describing
> the exact changes made to the server, and I'm not sure there are
> that many any useful "stats" that could be gained by parsing it.
> What exactly are you hoping to get out of it?
>
> Mark
>
> On 1/26/22 11:05 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
>> Hi,
>> You should try with 389-us...@lists.fedoraproject.org
>>
>> <https://lists.fedoraproject.org/admin/lists/389-users.lists.fedoraproject.org>,
>> other users may have found a solution to your problem.
>> flo
>>
>> On Fri, Jan 21, 2022 at 6:45 PM Kathy Zhu <k...@nuro.ai
>> <mailto:k...@nuro.ai>> wrote:
>>
>> Yes, correct, Florence.
>>
>> BTW, Florence, I'd like to take this opportunity to let you
>> know that I benefit from your blog, especially the one about
>> certificates.
>>
>> Thanks!
>>
>> Kathy.
>>
>> On Fri, Jan 21, 2022 at 1:17 AM Florence Blanc-Renaud
>> <f...@redhat.com <mailto:f...@redhat.com>> wrote:
>>
>> Hi Kathy,
>> which log file are you referring to? 389-ds audit log in
>> /var/log/dirsrv/slapd-xxx/audit?
>>
>> flo
>>
>> On Thu, Jan 20, 2022 at 6:43 PM Kathy Zhu via
>> FreeIPA-users <freeipa-users@lists.fedorahosted.org
>> <mailto:freeipa-users@lists.fedorahosted.org>> wrote:
>>
>> Hello list,
>>
>> I had FreeIPA audit log on. I feed audit logs to
>> Graylog. Since there are multiple lines of logs for
>> each event, I could not find a suitable extractor to
>> parse the logs. Therefore, the logs are very hard to
>> read. Could anyone in the list share how you process
>> the logs if you are in a similar situation?
>>
>> Thanks!
>>
>> Kathy.
>>
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list --
>> freeipa-users@lists.fedorahosted.org
>> <mailto:freeipa-users@lists.fedorahosted.org>
>> To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
>> <mailto:freeipa-users-le...@lists.fedorahosted.org>
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines:
>> https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>>
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>>
>>
>> _______________________________________________
>> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
>> <mailto:freeipa-users@lists.fedorahosted.org>
>> To unsubscribe send an email to
>> freeipa-users-le...@lists.fedorahosted.org
>> <mailto:freeipa-users-le...@lists.fedorahosted.org>
>> Fedora Code of Conduct:
>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
>> List Archives:
>> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
>> Do not reply to spam on the list, report it:
>> https://pagure.io/fedora-infrastructure
>
> --
> Directory Server Development Team
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
