Hello list! I have recently started investigating FreeIPA and centralized logging/audit, capturing, processing and visualization of the logs centrally in an ELK instance or similar.
This is a pretty loaded topic, audit/centralized log processing is a big task beyond IPA itself, which is also one of the reasons why IPA does not have it's A part yet... Before I go further in the investigation, I wanted to check with you - admins and users of FreeIPA - what would you expect or what are your use cases for the centralized logging/audit of FreeIPA? So far, I had following use cases in mind: * As Admin or Auditor, I want to see all calls to FreeIPA API so that I can audit administrative changes to FreeIPA servers (source - apache log) * As Security Administrator, I want to see all logins in the network so that I can track both successful attempts for audit, but also failed attempts for brute-force attack detection (source - audit log) * As Network Administrator, I want to see replication status of all my FreeIPA replicas so that I can amend the issue in a timely manner and avoid using out-of-sync data (source - dirsrv errors log) * As Infrastructure Administrator, I want to see broken AD Trusts so that I can restore the functionality (source - correlation between different logs, especially SSSD server mode logs) Does this make sense to you? Or do you have any more use cases for centralized FreeIPA logging/audit in mind? Or do you even have some infrastructure in place that you would like to share? Any feedback is highly welcome! Thanks for help. -- Martin Kosek <mko...@redhat.com> Supervisor, Software Engineering - Identity Management Team Red Hat Inc. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project