[Freeipa-devel] Suggestion for the A part of IPA

Wed Apr 29 08:18:35 UTC 2015

On 28/04/2015 19:08 PM, Young, Adam wrote:
>
> I think  I am in alignment with what you are saying.  
> 
> I like  rsyslogd as the basic "ship the log off the server" tool.
Let's use what the platform support first
> natively and formost;  We want something native, not Ruby, not even
Python if we can avoid it, for the normal 
> case.  Bumping up to logstash for more complex host-side rules might
be fine.  Remember, the Hosts side of
> integration with FreeIPA is sssd.
> 
> Logstash can be the server side of the audit collection as well, and
then it puts fewer demands on the server.
> 
> We need to ensure that the audit data can be sent over a GSSAPI
protected pathway.  

Absolutely - this is something I need to get round to.  Concentrated on
getting the data back and in a good state
for a start.  Figured I'd get round to securing stuff at a later point.

> On the IPA side, I would think we would register the audit server as a
host, and have  specific service entires
> for the protocols supported.  
> 
> Would you see IPA owning the audit server, or just integrating in with
an existing one?

I've built mine completely separately and then brought them closer
together by running Logstash on the IPA server.
Not sure if there should be an exclusive ownership going on.  IPA could
create an initial setup, but there's huge
room for creating more complex systems that IPA might want to leave well
alone.

> I don't think the IPA server itself should be the ELK server for
obvious reasons. I would love to see the ELK
> server supported along the lines of how we do a replica setup.

ELK is trivial to set up as a simple cluster.  It gets more complicated
to do it "properly", but what I've got
going at the moment fits along the trivial lines, but provides an
extremely robust database.

This message has been checked for viruses and spam by the Virgin Money email scanning system powered by Messagelabs.

This e-mail is intended to be confidential to the recipient. If you receive a copy in error, please inform the sender and then delete this message.

Virgin Money plc - Registered in England and Wales (Company no. 6952311). Registered office - Jubilee House, Gosforth, Newcastle upon Tyne NE3 4PL. Virgin Money plc is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.

The following companies also trade as Virgin Money. They are both authorised and regulated by the Financial Conduct Authority, are registered in England and Wales and have their registered office at Jubilee House, Gosforth, Newcastle upon Tyne NE3 4PL: Virgin Money Personal Financial Service Limited (Company no. 3072766) and Virgin Money Unit Trust Managers Limited (Company no. 3000482).

For further details of Virgin Money group companies please visit our website at virginmoney.com