<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 09/01/2014 09:08 AM, alireza baghery
wrote:<br>
</div>
<blockquote
cite="mid:CAPyvVhy7QHH-C9M3z7dtuX7fr8tDy=bc0VzaAYnG-tPJ5fc+ow@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>activity that users perform on client (ipa client)<br>
</div>
</div>
</blockquote>
<br>
There are several parts:<br>
1) Authentication. If the authentication happens using kerberos
which is the default ipa-client configuration then you will see the
authentication attempts in the KDC logs on the server. If the system
is offline and you enabled offline authentication the authentication
will happen on the client side without contacting the server so the
sssd logs will reflect this activity.<br>
2) Identity lookups are trickier. SSSD will fetch and cache
information about different identity objects and serve and refresh
them following different configuration rules and timeouts. So SSSD
logs will give you the full picture of the local activity.<br>
3) SUDO - look at the sudo logs on the client as the client just
fetches data to make a policy decision but the actual decision is
made on the client based on what the user wants to do and what
central policies say about it.<br>
4) If you want to capture what the user is actually typing you need
to use something like a keystroke logger. Then you would know what
the user actually did.<br>
<br>
To get then a consolidated and correlated picture you need to
aggregate logs from different systems and process them. There are
good open source solutions like Logstash or commertial like Splunk
to process logs centrally.<br>
<br>
HTH<br>
<br>
Thanks<br>
Dmitri<br>
<br>
<blockquote
cite="mid:CAPyvVhy7QHH-C9M3z7dtuX7fr8tDy=bc0VzaAYnG-tPJ5fc+ow@mail.gmail.com"
type="cite">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Mon, Sep 1, 2014 at 11:12 AM, Dmitri
Pal <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>
<div class="h5">
<div>On 09/01/2014 08:29 AM, alireza baghery wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>hi<br>
</div>
i have configured ipa (ipa on centos 6.5) but
the problesm is i dont know where the logs
activity users stored?<br>
</div>
i meens logs activity users must stored in ipa
server, but where?<br>
</div>
thanks every body<br>
<div>
<div><br>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</blockquote>
</div>
</div>
Which activity you are looking for?<br>
The administrating activity will be stored in the apache
httpd logs, authentication activity will be stored in
Kerberos logs, DS binds and changes will be stored in the
DS logs, etc.. There is no consolidated logging yet. There
are plans to normalize components to start logging into
journald but this will take some time to materialize.<span
class="HOEnZb"><font color="#888888"><br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</font></span></div>
<br>
--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a moz-do-not-send="true"
href="https://www.redhat.com/mailman/listinfo/freeipa-users"
target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-users</a><br>
Go To <a moz-do-not-send="true" href="http://freeipa.org"
target="_blank">http://freeipa.org</a> for more info on
the project<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>