[Freeipa-users] log activity users ipa

Dmitri Pal dpal at redhat.com
Mon Sep 1 08:21:46 UTC 2014 

On 09/01/2014 09:08 AM, alireza baghery wrote:
> activity that users perform on client (ipa client)

There are several parts:
1) Authentication. If the authentication happens using kerberos which is 
the default ipa-client configuration then you will see the 
authentication attempts in the KDC logs on the server. If the system is 
offline and you enabled offline authentication the authentication will 
happen on the client side without contacting the server so the sssd logs 
will reflect this activity.
2) Identity lookups are trickier. SSSD will fetch and cache information 
about different identity objects and serve and refresh them following 
different configuration rules and timeouts. So SSSD logs will give you 
the full picture of the local activity.
3) SUDO - look at the sudo logs on the client as the client just fetches 
data to make a policy decision but the actual decision is made on the 
client based on what the user wants to do and what central policies say 
about it.
4) If you want to capture what the user is actually typing you need to 
use something like a keystroke logger. Then you would know what the user 
actually did.

To get then a consolidated and correlated picture you need to aggregate 
logs from different systems and process them. There are good open source 
solutions like Logstash or commertial like Splunk to process logs centrally.

HTH

Thanks
Dmitri

>
>
> On Mon, Sep 1, 2014 at 11:12 AM, Dmitri Pal <dpal at redhat.com 
> <mailto:dpal at redhat.com>> wrote:
>
>     On 09/01/2014 08:29 AM, alireza baghery wrote:
>>     hi
>>     i have configured ipa (ipa on centos 6.5) but the problesm is i
>>     dont know where the logs activity users stored?
>>     i meens logs activity users must stored in ipa server, but where?
>>     thanks every body
>>
>>
>>
>     Which activity you are looking for?
>     The administrating activity will be stored in the apache httpd
>     logs, authentication activity will be stored in Kerberos logs, DS
>     binds and changes will be stored in the DS logs, etc.. There is no
>     consolidated logging yet. There are plans to normalize components
>     to start logging into journald but this will take some time to
>     materialize.
>
>     -- 
>     Thank you,
>     Dmitri Pal
>
>     Sr. Engineering Manager IdM portfolio
>     Red Hat, Inc.
>
>
>     --
>     Manage your subscription for the Freeipa-users mailing list:
>     https://www.redhat.com/mailman/listinfo/freeipa-users
>     Go To http://freeipa.org for more info on the project
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20140901/e5a53951/attachment.htm>

More information about the Freeipa-users mailing list