Hi,
As part of auditing certain activities such as "User Add" "Group Add" and other modifications, we are trying to setup a tool such as Splunk. When a user gets added or any modification is made in FreeIPA we need to Audit who made that change.
But FreeIPA seems to be not logging that particular information, Would like to know if any one here have achieved that here. I noticed the following option, https://github.com/pschiffe/rsyslog-elasticsearch-kibana
My understanding is this is a preconfigured Kibana setup where we need to forward all the FreeIPA related logs to this Kibana docker through rsyslog. As per the following image, https://github.com/pschiffe/rsyslog-elasticsearch-kibana/blob/master/doc/ima...
The user who is making the change also is getting logged. For example, we can see that the action "user_add" was committed by the user, admin@KVM. From my research this does not seem to be a Kibana Action as such, but something that is present in the FreeIPA log file.
How ever I could not find the string user_add itself anywhere in the log after adding the user. I checked the logs such as, slapd-$REALM/access Is it because the FreeIPA logs have changed over the years and this solution is no longer usable, or is it something entirely generated by Kibana and we can use it with the newer FreeIPA versions as well>
Sorry for the long post.
Thanks in advance!
freeipa-users@lists.fedorahosted.org