[Mageia-sysadm] ldap write log
Leandro Dorileo
ldorileo at gmail.com
Mon Dec 6 20:16:47 CET 2010
Hi Michael
On Mon, Dec 6, 2010 at 3:26 PM, Michael Scherer <misc at zarb.org> wrote:
> Hi,
>
> while discussing on irc, we came to the conclusion that it would be nice
> to get some audit ( by sending mail ) when a user change group, or when
> a user is promoted.
>
> A way to do that would be to use the accesslogs overlay, with a cronjob
> to get data from it, and to send them by mail and/or store them too, if
> needed.
>
> What do you think ?
Seems to work well, there`s even an audit logging overlay that may fit better.
>
> How long should we keep the log ?
I understand it depends on security issues, how long is it possible to
break a system by someone with wrong credentials? :)
>
> Does someone see a problem, or a better idea ?
As far as I know overlays may be extended or customized, with some
time and manpower it could be possible do write an overlay to directly
send mails instead of parsing longs.
>
> Obviously, we will need to be careful about what is sent and where, for
> privacy reason.
sure..
--
Leandro Dorileo
More information about the Mageia-sysadm
mailing list