[Freeipa-users] Add IP-address client to error-log file
Alexandr Slavov
chek_chek at ukr.net
Thu Feb 16 15:05:44 UTC 2017
Thanks for your response.
I was added custom ErrorLogFormat , but not resolved.
I think this is python output information.
Can your have any idea?
Where can I open ticket about add this?
Alexandr Slavov wrote:
> Hello all.
> We use CentOS 7 ,FreeIPA 4.4, Apache 2.4
> We installed audit system like
> http://www.freeipa.org/page/Centralized_Logging for monitoring "Who's
> What's Doing".
> Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.
>
> Some string for Remove user from group in FreeIPA from
> /var/log/httpd/error_log:
> [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO:
> admin-user at DOMAIN.COM : batch: group_remove_member(u'somegroup',
> user=u'someuser'): SUCCESS
>
> Parsed string loaded in Elasticsearch:
> {
> "_index": "logstash-2017.02.15",
> "_type": "events",
> "_id": "Uniq-ID",
> "_score": null,
> "_source": {
> "timestamp": "2017-02-15T03:46:08-06:00",
> "status": "SUCCESS",
> "parameters": "'u'somegroup', user=u'someuser'",
> "action": "group_remove_member",
> "principal": "admin-user at DOMAIN.COM",
> "pid": "31732",
> "event.tags": [
> "ipa",
> "ipa-call",
> "batch"
> ],
> "host": "server-1",
> "facility": "local0",
> "severity": "notice",
> "tag": "httpderror",
> "message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732]
> ipa: INFO: admin-user at DOMAIN.COM : batch:
> group_remove_member(u'somegroup', user=u'someuser'): SUCCESS"
> },
> "fields": {
> "timestamp": [
> 1487151968000
> ]
> },
> "sort": [
> 1487151968000
> ]
> }
>
>
> But we need add IP-address of admin-user at DOMAIN.COM outputting to
> error_log. How can add IP-address to this error_log file ?
See https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat
You'd have to manually configure this on each master and ensure that it
survives IPA updates.
Alternatively you can open a ticket asking IPA to add this.
rob
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170216/3feaf8d5/attachment.htm>
More information about the Freeipa-users
mailing list