<html><body><span class="xfm_39260446">Hello all.<br/>We use CentOS 7 ,FreeIPA 4.4, Apache 2.4<br/>We installed audit system like http://www.freeipa.org/page/Centralized_Logging  for monitoring "Who's What's Doing".<br/>Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.<br/><br/>Some string for Remove user from group in FreeIPA from /var/log/httpd/error_log:<br/>[Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-user@DOMAIN.COM: batch: 
group_remove_member(u'somegroup', user=u'someuser'): SUCCESS<br/><br/>Parsed string loaded in Elasticsearch:<br/>{<br/>  "_index": "logstash-2017.02.15",<br/>  "_type": "events",<br/>  "_id": "Uniq-ID",<br/>  "_score": null,<br/>  "_source": {<br/>    "timestamp": "2017-02-15T03:46:08-06:00",<br/>    "status": "SUCCESS",<br/>    "parameters": "'u'somegroup', user=u'someuser'",<br/>    "action": "group_remove_member",<br/>    "principal": "admin-user@DOMAIN.COM",<br/>    "pid": "31732",<br/>    "event.tags": [<br/>      "ipa",<br/>      "ipa-call",<br/>      "batch"<br/>    ],<br/>    "host": "server-1",<br/>    "facility": "local0",<br/>    "severity": "notice",<br/>    "tag": "httpderror",<br/>    "message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-user@DOMAIN.COM: batch: 
group_remove_member(u'somegroup', user=u'someuser'): SUCCESS"<br/>  },<br/>  "fields": {<br/>    "timestamp": [<br/>      1487151968000<br/>    ]<br/>  },<br/>  "sort": [<br/>    1487151968000<br/>  ]<br/>}<br/><br/><br/>But we need add IP-address of admin-user@DOMAIN.COM  outputting to error_log.  How can  add IP-address to this error_log file ?<br/></span></body></html>