[Freeipa-users] Add IP-address client to error-log file

Alexandr Slavov chek_chek at ukr.net
Thu Feb 16 15:05:44 UTC 2017 

Thanks   for your response. 
I was added custom ErrorLogFormat  , but not resolved. 
I think this is python output information. 

Can your have any idea? 

Where can I open ticket about add this? 

Alexandr Slavov wrote:
> Hello all.
> We use CentOS 7 ,FreeIPA 4.4, Apache 2.4
> We installed audit system like
> http://www.freeipa.org/page/Centralized_Logging   for monitoring "Who's
> What's Doing".
> Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.
> 
> Some string for Remove user from group in FreeIPA from
> /var/log/httpd/error_log:
> [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO:
> admin-user at DOMAIN.COM : batch: group_remove_member(u'somegroup',
> user=u'someuser'): SUCCESS
> 
> Parsed string loaded in Elasticsearch:
> {
>   "_index": "logstash-2017.02.15",
>   "_type": "events",
>   "_id": "Uniq-ID",
>   "_score": null,
>   "_source": {
>     "timestamp": "2017-02-15T03:46:08-06:00",
>     "status": "SUCCESS",
>     "parameters": "'u'somegroup', user=u'someuser'",
>     "action": "group_remove_member",
>     "principal": "admin-user at DOMAIN.COM",
>     "pid": "31732",
>     "event.tags": [
>       "ipa",
>       "ipa-call",
>       "batch"
>     ],
>     "host": "server-1",
>     "facility": "local0",
>     "severity": "notice",
>     "tag": "httpderror",
>     "message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732]
> ipa: INFO: admin-user at DOMAIN.COM : batch:
> group_remove_member(u'somegroup', user=u'someuser'): SUCCESS"
>   },
>   "fields": {
>     "timestamp": [
>       1487151968000
>     ]
>   },
>   "sort": [
>     1487151968000
>   ]
> }
> 
> 
> But we need add IP-address of admin-user at DOMAIN.COM   outputting to
> error_log.  How can  add IP-address to this error_log file ?

See https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat 

You'd have to manually configure this on each master and ensure that it
survives IPA updates.

Alternatively you can open a ticket asking IPA to add this.

rob
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170216/3feaf8d5/attachment.htm>

More information about the Freeipa-users mailing list