On 05/27/2013 08:38 PM, Aly Khimji wrote:
> Hey Guys,
You are touching on the areas that are dear to our interests too.
Unfortunately we have not had time to do the research.
What you are asking about should be possible but have not been tried by
us, at least we are not aware.
Here are some thoughts:
1. It should be possible to configure rsyslog to process logs emitted by
other applications (389, Dogtag, MIT KDC, httpd etc.). You need to
research the documentation on how to do it by Rainer (farther of
rsyslog) assured that it is possible.
2. Issue (or use exiting) kerberos principal for the GSS API to secure
rsyslog to rsyslog communication. I know of one deployment that planned
to do it but I do not know the results.
3. Use GSS proxy to do rsyslog to rsyslog communication so that the
tickets acquired and renewed as needed.
I think to do this you need to install gss-proxy package and add couple
env vars to the rsyslog systemd profile:
||There is not much documentation about GSS proxy so do not hesitate to ask.
(Honza, Gunther, please add any other pointers)
4. Use logstash with grok and elastic search at the end point to process
the logs and provide a nice correlation tool.
5. Come back with your findings :-)
> Quick question, is it possible to have all components of FreeIPA send
> logs to a central log source, or even better to the FreeIPA's local
> rsyslogd and then I will have rsyslod send all logs to a central
> logging server?
> As per the link, each component logs to a separate location
> 16.1.3. Checking FreeIPA Server Logs
> FreeIPA unifies several different Linux services, so it relies on
> those services' native logs for tracking and debugging those
> services. The other services (Apache, 389 Directory Server, and Dogtag
> Certificate System) all have detailed logs and log levels.
> Just wondering as its for audit purposes and will be sent to a
> centeral logger/alerter.
> Freeipa-users mailing list
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list