SIEM Audit Data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Im looking for ways to pull a number of audit events from 389. Such as:

-User authentication success and failures.
-Group additions, removals and changes.
-User additions, removals and possibly changes.

Details in each of these would include items such as:

username
groupname
attribute changed
timestamp of event
action

Sending these out via syslog formatted messages is the preferred route.

I have not been able to find anything definitive in how to do this. Debug logs seem to lack much of this or contain far too much information making the prohibitive to use. They are also formatted in such a way making it extremely difficult to process in any practical way. For example, you would probably need a full LDIF interpreter to reformat them on the fly. I assume I either have not dug far enough or simply digging in the wrong direction.

Is anyone out there doing something similar and pulling the above data into a SIEM? If so would you be willing to share your experience on the topic or point me in the right direction?

Thanks!
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux