<html><body><span class="xfm_39260446">Hello all.<br/>We use CentOS 7 ,FreeIPA 4.4, Apache 2.4<br/>We installed audit system like http://www.freeipa.org/page/Centralized_Logging for monitoring "Who's What's Doing".<br/>Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.<br/><br/>Some string for Remove user from group in FreeIPA from /var/log/httpd/error_log:<br/>[Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-user@DOMAIN.COM: batch:
group_remove_member(u'somegroup', user=u'someuser'): SUCCESS<br/><br/>Parsed string loaded in Elasticsearch:<br/>{<br/> "_index": "logstash-2017.02.15",<br/> "_type": "events",<br/> "_id": "Uniq-ID",<br/> "_score": null,<br/> "_source": {<br/> "timestamp": "2017-02-15T03:46:08-06:00",<br/> "status": "SUCCESS",<br/> "parameters": "'u'somegroup', user=u'someuser'",<br/> "action": "group_remove_member",<br/> "principal": "admin-user@DOMAIN.COM",<br/> "pid": "31732",<br/> "event.tags": [<br/> "ipa",<br/> "ipa-call",<br/> "batch"<br/> ],<br/> "host": "server-1",<br/> "facility": "local0",<br/> "severity": "notice",<br/> "tag": "httpderror",<br/> "message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-user@DOMAIN.COM: batch:
group_remove_member(u'somegroup', user=u'someuser'): SUCCESS"<br/> },<br/> "fields": {<br/> "timestamp": [<br/> 1487151968000<br/> ]<br/> },<br/> "sort": [<br/> 1487151968000<br/> ]<br/>}<br/><br/><br/>But we need add IP-address of admin-user@DOMAIN.COM outputting to error_log. How can add IP-address to this error_log file ?<br/></span></body></html>