Up
Previous Next

Sheriff CSMâ„¢

FreeIPA

When you configure FreeIPA to send log data to Sheriff CSM, you can use the FreeIPA plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor FreeIPA
Device Type Network Access Control
Connection Type Syslog
Data Source Name freeipa
Data Source ID 1886

Integrating FreeIPA

Before you configure the FreeIPA integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure FreeIPA to send Syslog messages to Sheriff CSM
  1. Add a new configuration file to be used by rsyslog in /etc/rsyslog.d/sheriff.conf.
  2. Open the file for editing and add the following line:

    *.* @<<Sheriff-CSM-Sensor-IP-Address>>:514
  3. Restart rsyslog.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.freeipa.org/page/Howto/Centralised_Logging_with_Logstash/ElasticSearch/Kibana

For troubleshooting, refer to the vendor documentation:

https://www.freeipa.org/page/Troubleshooting
Topic revision: r7 - 22 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.