user authentication errors are usually recorded on the client end.

On Thu, Oct 13, 2016 at 4:47 PM, Jason Nielsen <hib0...@gmail.com> wrote:
> Im looking for ways to pull a number of audit events from 389. Such as:
>
> -User authentication success and failures.
> -Group additions, removals and changes.
> -User additions, removals and possibly changes.
>
> Details in each of these would include items such as:
>
> username
> groupname
> attribute changed
> timestamp of event
> action
>
> Sending these out via syslog formatted messages is the preferred route.
>
> I have not been able to find anything definitive in how to do this. Debug
> logs seem to lack much of this or contain far too much information making
> the prohibitive to use. They are also formatted in such a way making it
> extremely difficult to process in any practical way. For example, you would
> probably need a full LDIF interpreter to reformat them on the fly. I assume
> I either have not dug far enough or simply digging in the wrong direction.
>
> Is anyone out there doing something similar and pulling the above data into
> a SIEM? If so would you be willing to share your experience on the topic or
> point me in the right direction?
>
> Thanks!
>
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
>
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org

Reply via email to