 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>FreeIPA (22 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSMâ„¢
Previous Next Sheriff CSMâ„¢
FreeIPA
When you configure FreeIPA to send log data to Sheriff CSM, you can use the FreeIPA plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin: Plugin Information| Device | Details |
|---|---|
| Vendor | FreeIPA |
| Device Type | Network Access Control |
| Connection Type | Syslog |
| Data Source Name | freeipa |
| Data Source ID | 1886 |
Integrating FreeIPA
Before you configure the FreeIPA integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy). To configure FreeIPA to send Syslog messages to Sheriff CSM- Add a new configuration file to be used by rsyslog in
/etc/rsyslog.d/sheriff.conf. -
Open the file for editing and add the following line:
*.* @<<Sheriff-CSM-Sensor-IP-Address>>:514
- Restart rsyslog.
Plugin Enablement
For plugin enablement information, see Enable Plugins.Additional Resources and Troubleshooting
https://www.freeipa.org/page/Howto/Centralised_Logging_with_Logstash/ElasticSearch/Kibana For troubleshooting, refer to the vendor documentation: https://www.freeipa.org/page/TroubleshootingEdit | Attach | Print version | History: r7 < r6 < r5 < r4 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r7 - 22 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.