[Freeipa-devel] [freeipa PR#174][comment] add log module
mbasti-rh
freeipa-github-notification at redhat.com
Fri Oct 21 10:27:17 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/174
Title: #174: add log module
mbasti-rh commented:
"""
> Yes. As you see, our use case is I'm admin and want to audit what commads were used.
>
In this case, if it is only for admins I endorse you to use centralized logging:
- http://www.freeipa.org/page/Centralized_Logging
> Because I use freeipa 4.3.1 version, adaptation through on this version, I saw the master branch source code structure is different from the ipa-4-3 branch, I am not sure if there is a problem after adding log module, so created pull request on the ipa-4-3 branch.
Yes, master differs from 4.3, and as I said, new features are merged only to master, 4.3.x is only for bugfixes
>
> We can set up the log file permissions. Currently only the admin can view the log information in web interface.
Where is this enforced in code? AFAIK you are accessing log as httpd user
> The log module adapted by freeipa 4.3.1 version, not sure if there is a problem in other versions. As for the replicated topology, I need to familiar with its function.
FreeIPA supports multimaster topology, your current implementation shows only history of commands from the server where a user is actually connected. It will not provide history from all servers.
> Parsing the log is to show more friendly in the web interface.
IMO Kibana and centralized logging shows log information in nice way too
> BTW, there is still no respond about joining Chinese translation organization in zanata https://fedora.zanata.org/language/view/zh-CN?dswid=2727
Have you tried others way how to get into? Maybe ask teamlead on IRC
https://fedoraproject.org/wiki/L10N_Teams
https://fedoraproject.org/wiki/L10N_Simplified_Chinese_Team
"""
See the full comment at https://github.com/freeipa/freeipa/pull/174#issuecomment-255347803
More information about the Freeipa-devel
mailing list