pschiffe / ipa-log-config Goto Github PK
View Code? Open in Web Editor NEWTool for log forwarding configuration on IPA servers and clients
Home Page: https://www.freeipa.org/page/Centralized_Logging
License: GNU General Public License v2.0
Tool for log forwarding configuration on IPA servers and clients
Home Page: https://www.freeipa.org/page/Centralized_Logging
License: GNU General Public License v2.0
Trying to execute the script on FreeIPA server running on CentOS 7.4:
Setting SSSD debug level to 2
Condrestarting SSSD
Enabling audisp syslog plugin
sed: can't read /etc/audisp/plugins.d/syslog.conf: No such file or directory
Failed to execute external command: Failed to run sed on file: /etc/audisp/plugins.d/syslog.conf
Installing audit and audispd-plugins did not help, but the problem was with starting audit, I did not investigate it further. Instead I removed the stuff related to audit from the script and it worked.
CentOS 7.6.1810
# ./ipa_log_config.py --target syslog
Setting SSSD debug level to 2
Condrestarting SSSD
Enabling audisp syslog plugin
Reloading auditd
Failed to reload auditd.service: Job type reload is not applicable for unit auditd.service.
See system logs and 'systemctl status auditd.service' for details.
Failed to execute external command: Failed to reload auditd
Workaround: remove self._restart from auditd portion of the code.
+++ ipa_log_config-new.py 2019-04-11 07:05:16.489209718 -0400
@@ -123,7 +123,7 @@
self._AUDITD_SYSLOG_CONF]) != 0:
raise ExternalCommandError(
'Failed to run sed on file: ' + self._AUDITD_SYSLOG_CONF)
- self._restart()
+ # self._restart()
def revert(self):
print 'Disabling audisp syslog plugin'
@@ -131,7 +131,7 @@
self._AUDITD_SYSLOG_CONF]) != 0:
raise ExternalCommandError(
'Failed to run sed on file: ' + self._AUDITD_SYSLOG_CONF)
- self._restart()
+ # self._restart()
class RequirementError(Exception):
Fails on Fedora 26 (system default Python 2.7.13):
[root@fedora26 ~]# python --version Python 2.7.13 [root@fedora26 ~]# ipa-log-config/ipa_log_config.py Traceback (most recent call last): File "ipa-log-config/ipa_log_config.py", line 28, in from SSSDConfig import SSSDConfig ImportError: No module named SSSDConfig
Workaround:
dnf install python2-sssdconfig
The command gives an error.
./ipa_log_config.py --revert
Setting SSSD debug level to 1
Condrestarting SSSD
Disabling audisp syslog plugin
Reloading auditd
Failed to reload auditd.service: Job type reload is not applicable for unit auditd.service.
See system logs and 'systemctl status auditd.service' for details.
Failed to execute external command: Failed to reload auditd
to solve simply change the line:
line 117 to
if call(['/usr/sbin/service','auditd', 'reload']) != 0:
Hi there.. I'm trying to search for user logins using the searches / dashboards set up for showing user logins, but I notice that the action field is not making it into elasticsearch. I'm not sure where that field should be getting introduced, but I think possibly it is as part of the normalize rules for the audit log. I don't fully understand how that turns into fields that end up being turned into the $!all-json variable used by the omelasticsearch module. In either case -- the search and dashboard aren't working, I believe because they required the action field to be identified and they never are. I definitely see messages if I search for type=USER_LOGIN. Any help would be appreciated.
File "/ipa-log-config/ipa_log_config.py", line 74
print 'Condrestarting SSSD'
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print('Condrestarting SSSD')?
FreeIPA4 running off of Fedora33 - I suspect it might be down to Python2 being deprecated?
After trying to add parentheses there also appears to be an issue with audisp not existing in /etc/ anymore.
It would be nice if the script could generate configuration for syslog server running over UDP.
Some users asked for SUDO logs to be also directed to the Centralized Logging. This might go in the same Dashboard as Client Logins.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.