[Freeipa-devel] FreeIPA Logging (Not Auditing... <yet>)
Dmitri Pal
dpal at redhat.com
Fri Jan 28 18:43:31 UTC 2011
JR,
Thank you for bringing it up.
I think it would be beneficial to have something for logging. I am not
sure that this is exactly it.
I suggest you log a ticket and we put it into 2.1 bucket so when we are
done with 2.0 we will triage and think about it.
Right now is not the best time to start the discussion. Sorry we have
tough couple weeks ahead before Fedora testing date on Feb 10th.
Thanks
Dmitri
On 01/27/2011 09:36 PM, JR Aquino wrote:
> I have been working with the project for a while now and it has dawned on me that the FreeIPA ipalib plugins, don't really have a syslog library that they output with.
>
> So far I've really just been troubleshooting and getting around with:
> /var/log/httpd/access_log
> /var/log/httpd/error_log
> /var/log/dirsrv/slapd-DOMAIN/access
> /var/log/dirsrv/slapd-DOMAIN/error
>
> This is useful, but it is verbose and doesn't quite capture the cli/webui interactions in 1 line.
>
> [27/Jan/2011:17:46:59 -0800] conn=40 op=7 ADD dn="fqdn=test1.example.com,cn=computers,cn=accounts,dc=example,dc=com"
> [27/Jan/2011:17:46:59 -0800] conn=40 op=7 RESULT err=0 tag=105 nentries=0 etime=0
>
> Etc, etc, etc…
>
> The cli does a good job of expressing itself to standard out when a command is successfully/unsuccessfully run.
>
> I am wondering what the group thinks about the idea of a library that can be loaded either by the api or the plugin itself, to pass the relevant bits of data that end up going to standard out, into a format that would be sane to send to a syslog stream.
>
> I'm thinking of something that shows: <time/date> authenticated_user plugin usage / modification
>
> Something like:
> kinit admin
> ipa host-add test1.example.com
>
> <std out>
> -----------------------------------
> Added host "test1.example.com"
> -----------------------------------
> Host name: test1.example.com
> Principal name: host/test1.example.com at EXAMPLE.COM
> Managed by: test1.example.com
>
> <syslog>
> Jan 26 17:46:45 auth1.example.com FreeIPA: user=admin cmd=host-add hostname=test1.example.com principal=host/test1.example.com at EXAMPLE.COM managedby=test1.example.com
>
> It feels like a this should be fairly straight forward to address as a library at either the api level or at the plugin level. Python actually has a very competent syslog library <I helped to contribute the patch that brought tcp support>
>
> What does everyone else think?
>
> Am I thinking too simplistically? Is the output from standard out much more complex to lasso around? Is there a better approach to capturing the user input and interaction?
>
> -JR
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list