[Freeipa-users] Logging of Who does What on IPA Server

Peter Brown rendhalver at gmail.com
Thu Feb 14 23:36:44 UTC 2013


On 14 February 2013 19:37, Petr Spacek <pspacek at redhat.com> wrote:

> On 14.2.2013 09:49, Martin Kosek wrote:
>
>> On 02/14/2013 08:20 AM, Rajnesh Kumar Siwal wrote:
>>
>>> IPA is going to be very critical Server for any environment.
>>> Do we have proper logging of who as locked whom, Who has created a
>>> sudo policy, who has allowed access to whom etc ?
>>>
>>>
>> Hello Rajnesh,
>>
>> the audit component of IPA collecting and processing audit information is
>> not
>> there yet. There is some information about our future direction in our
>> wiki:
>> http://freeipa.org/page/**Roadmap <http://freeipa.org/page/Roadmap>
>>
>> As for logging who did what, you can check existing logs on your IPA
>> server(s)
>> which may have information you need for audit:
>>
>> LDAP access log (LDAP calls): /var/log/dirsrv/slapd-$INST/**access
>>
> Also note 389 audit capabilities!


If it can log to auditd I would just use that...
Is that possible?


>
>
>  http error log (IPA framework calls): /var/log/httpd/error_log
>>
>
> --
> Petr^2 Spacek
>
>
> ______________________________**_________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/**mailman/listinfo/freeipa-users<https://www.redhat.com/mailman/listinfo/freeipa-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130215/be83034a/attachment.htm>


More information about the Freeipa-users mailing list