<html><body><span class="xfm_18895476"><div style="height:1px;"></div>Thanks   for your response.<br/>I was added custom ErrorLogFormat  , but not resolved.<br/>I think this is python output information.<br/><br/>Can your have any idea?<br/><br/>Where can I open ticket about add this?<br/><br/><blockquote class="xfmc1" style="border-left:1px solid rgb(204, 204, 204);margin:0px 0px 0px 0.8ex;padding-left:1ex;"><pre>Alexandr Slavov wrote:
> Hello all.
> We use CentOS 7 ,FreeIPA 4.4, Apache 2.4
> We installed audit system like
> <a href="http://www.freeipa.org/page/Centralized_Logging" target="_blank" rel="noreferrer noopener">http://www.freeipa.org/page/Centralized_Logging</a>  for monitoring "Who's
> What's Doing".
> Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch.
> 
> Some string for Remove user from group in FreeIPA from
> /var/log/httpd/error_log:
> [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO:
> <a href="mailto:admin-user@DOMAIN.COM" target="_blank" rel="noreferrer noopener">admin-user@DOMAIN.COM</a>: batch: group_remove_member(u'somegroup',
> user=u'someuser'): SUCCESS
> 
> Parsed string loaded in Elasticsearch:
> {
>   "_index": "logstash-2017.02.15",
>   "_type": "events",
>   "_id": "Uniq-ID",
>   "_score": null,
>   "_source": {
>     "timestamp": "2017-02-15T03:46:08-06:00",
>     "status": "SUCCESS",
>     "parameters": "'u'somegroup', user=u'someuser'",
>     "action": "group_remove_member",
>     "principal": "admin-user@DOMAIN.COM",
>     "pid": "31732",
>     "event.tags": [
>       "ipa",
>       "ipa-call",
>       "batch"
>     ],
>     "host": "server-1",
>     "facility": "local0",
>     "severity": "notice",
>     "tag": "httpderror",
>     "message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732]
> ipa: INFO: <a href="mailto:admin-user@DOMAIN.COM" target="_blank" rel="noreferrer noopener">admin-user@DOMAIN.COM</a>: batch:
> group_remove_member(u'somegroup', user=u'someuser'): SUCCESS"
>   },
>   "fields": {
>     "timestamp": [
>       1487151968000
>     ]
>   },
>   "sort": [
>     1487151968000
>   ]
> }
> 
> 
> But we need add IP-address of <a href="mailto:admin-user@DOMAIN.COM" target="_blank" rel="noreferrer noopener">admin-user@DOMAIN.COM</a>  outputting to
> error_log.  How can  add IP-address to this error_log file ?

See <a href="https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat" target="_blank" rel="noreferrer noopener">https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat</a>

You'd have to manually configure this on each master and ensure that it
survives IPA updates.

Alternatively you can open a ticket asking IPA to add this.

rob
</pre>
</blockquote>   </span></body></html>