[Freeipa-users] Add IP-address client to error-log file
Alexandr Slavov
chek_chek at ukr.net
Wed Feb 15 12:10:57 UTC 2017
Hello all.
We use CentOS 7 ,FreeIPA 4.4, Apache 2.4
We installed audit system like http://www.freeipa.org/page/Centralized_Logging for monitoring "Who's What's Doing".
Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.
Some string for Remove user from group in FreeIPA from /var/log/httpd/error_log:
[Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-user at DOMAIN.COM: batch: group_remove_member(u'somegroup', user=u'someuser'): SUCCESS
Parsed string loaded in Elasticsearch:
{
"_index": "logstash-2017.02.15",
"_type": "events",
"_id": "Uniq-ID",
"_score": null,
"_source": {
"timestamp": "2017-02-15T03:46:08-06:00",
"status": "SUCCESS",
"parameters": "'u'somegroup', user=u'someuser'",
"action": "group_remove_member",
"principal": "admin-user at DOMAIN.COM",
"pid": "31732",
"event.tags": [
"ipa",
"ipa-call",
"batch"
],
"host": "server-1",
"facility": "local0",
"severity": "notice",
"tag": "httpderror",
"message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: admin-user at DOMAIN.COM: batch: group_remove_member(u'somegroup', user=u'someuser'): SUCCESS"
},
"fields": {
"timestamp": [
1487151968000
]
},
"sort": [
1487151968000
]
}
But we need add IP-address of admin-user at DOMAIN.COM outputting to error_log. How can add IP-address to this error_log file ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170215/ed8dd694/attachment.htm>
More information about the Freeipa-users
mailing list