user authentication errors are usually recorded on the client end.
On Thu, Oct 13, 2016 at 4:47 PM, Jason Nielsen <hib0...@gmail.com> wrote:
> Im looking for ways to pull a number of audit events from 389. Such as:
> -User authentication success and failures.
> -Group additions, removals and changes.
> -User additions, removals and possibly changes.
> Details in each of these would include items such as:
> attribute changed
> timestamp of event
> Sending these out via syslog formatted messages is the preferred route.
> I have not been able to find anything definitive in how to do this. Debug
> logs seem to lack much of this or contain far too much information making
> the prohibitive to use. They are also formatted in such a way making it
> extremely difficult to process in any practical way. For example, you would
> probably need a full LDIF interpreter to reformat them on the fly. I assume
> I either have not dug far enough or simply digging in the wrong direction.
> Is anyone out there doing something similar and pulling the above data into
> a SIEM? If so would you be willing to share your experience on the topic or
> point me in the right direction?
> 389-users mailing list -- firstname.lastname@example.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
389-users mailing list -- email@example.com
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org