[Freeipa-users] Centralized logging/audit - looking for use cases or experience
Martin Kosek
mkosek at redhat.com
Mon Mar 30 15:36:29 UTC 2015
Hello list!
I have recently started investigating FreeIPA and centralized logging/audit,
capturing, processing and visualization of the logs centrally in an ELK
instance or similar.
This is a pretty loaded topic, audit/centralized log processing is a big task
beyond IPA itself, which is also one of the reasons why IPA does not have it's
A part yet... Before I go further in the investigation, I wanted to check with
you - admins and users of FreeIPA - what would you expect or what are your use
cases for the centralized logging/audit of FreeIPA?
So far, I had following use cases in mind:
* As Admin or Auditor, I want to see all calls to FreeIPA API so that I can
audit administrative changes to FreeIPA servers (source - apache log)
* As Security Administrator, I want to see all logins in the network so that I
can track both successful attempts for audit, but also failed attempts for
brute-force attack detection (source - audit log)
* As Network Administrator, I want to see replication status of all my FreeIPA
replicas so that I can amend the issue in a timely manner and avoid using
out-of-sync data (source - dirsrv errors log)
* As Infrastructure Administrator, I want to see broken AD Trusts so that I can
restore the functionality (source - correlation between different logs,
especially SSSD server mode logs)
Does this make sense to you? Or do you have any more use cases for centralized
FreeIPA logging/audit in mind? Or do you even have some infrastructure in place
that you would like to share?
Any feedback is highly welcome! Thanks for help.
--
Martin Kosek <mkosek at redhat.com>
Supervisor, Software Engineering - Identity Management Team
Red Hat Inc.
More information about the Freeipa-users
mailing list