I have a similar question, should the audit logs be enabled on the master or replicas? If it's only enabled on replicas would the date be consistent with the actual date of change or just the "date" replication happens? 

On Wed, Aug 29, 2018 at 7:05 AM Joshua Ruybal via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote:

This is more a question than a problem, however I was unable to find the answer anywhere in the documentation.

I've enabled audit logs on one of my three replicated IPA servers. I noticed that Audit logs are not enabled on either of the other two servers. 

In order to cover all changes to LDAP for auditing purposes, do I need to enable and collect audit logs on all three servers?

Joshua Ruybal 
Systems Engineer
o: 206.607.4944 c: 206.724.4549
e: jruyba@owneriq.com

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org


Quan Zhou