Alexandr Slavov wrote: > Hello all. > We use CentOS 7 ,FreeIPA 4.4, Apache 2.4 > We installed audit system like > http://www.freeipa.org/page/Centralized_Logging for monitoring "Who's > What's Doing". > Audit system parsing /var/log/httpd/error_log and logging to Elasticsearch. > > Some string for Remove user from group in FreeIPA from > /var/log/httpd/error_log: > [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] ipa: INFO: > admin-u...@domain.com: batch: group_remove_member(u'somegroup', > user=u'someuser'): SUCCESS > > Parsed string loaded in Elasticsearch: > { > "_index": "logstash-2017.02.15", > "_type": "events", > "_id": "Uniq-ID", > "_score": null, > "_source": { > "timestamp": "2017-02-15T03:46:08-06:00", > "status": "SUCCESS", > "parameters": "'u'somegroup', user=u'someuser'", > "action": "group_remove_member", > "principal": "admin-u...@domain.com", > "pid": "31732", > "event.tags": [ > "ipa", > "ipa-call", > "batch" > ], > "host": "server-1", > "facility": "local0", > "severity": "notice", > "tag": "httpderror", > "message": " [Wed Feb 15 03:46:07.381231 2017] [:error] [pid 31732] > ipa: INFO: admin-u...@domain.com: batch: > group_remove_member(u'somegroup', user=u'someuser'): SUCCESS" > }, > "fields": { > "timestamp": [ > 1487151968000 > ] > }, > "sort": [ > 1487151968000 > ] > } > > > But we need add IP-address of admin-u...@domain.com outputting to > error_log. How can add IP-address to this error_log file ?
See https://httpd.apache.org/docs/2.4/mod/core.html#errorlogformat You'd have to manually configure this on each master and ensure that it survives IPA updates. Alternatively you can open a ticket asking IPA to add this. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project