On 4/2/25 4:03 AM, Theodor Vallier via FreeIPA-users wrote:
Hello all,
I'm trying to log more details when there are operations on users, such as
modifications (MOD). The goal is to detect legitimate user modifications like
login or password changes, and differentiate them from non-legitimate ones such
as default shell modifications.
I attempted to change the access log level without success; the activation of
the audit plugin shows me the changes, but it is not usable (it's not syslog
compliant and can't be correlated to MOD requests).
Is anyone able to log which fields a MOD request changes?
I'm not sure if it's going to help you, but in newer versions of
389-ds-base (389-ds-base-2.5.x and up) there is an option for the audit
log to be in JSON which includes more information:
https://www.port389.org/docs/389ds/design/audit-json-logging-design.html
The access log has also updated to include a JSON format with more info:
https://www.port389.org/docs/389ds/design/accesslog-json-design.html
However, as of right now the access log JSON formatting will only be
available in 389-ds-base-3.x
HTH,
Mark
Thank you.
Best regards, Whidix
--
Identity Management Development Team
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
