Remote Syslog for login, logout, session timeout
I would like to know how to configure syslog on my RHEL 7 IdM servers such that login, logout and idle session timeouts get sent via syslog to a central location.
Specifically, I'm using Cisco Stealthwatch and ISE to track user sessions on Cisco gear and my ISE server actually uses Red Hat IdM as its backend LDAP database. When I SSH to my Cisco switches, ISE + IdM is authenticating me. When I SSH to my Linux IPA client, obviously ISE and Stealthwatch have no idea this is taking place.
I was looking at ns-slapd's named pipe log as a possible way to grab just the access logs I require and send them via syslog to the Stealthwatch System Management Console. I also read this RHEL 6-specific article on FreeIPA centralized logging[1]. Any tips would be greatly appreciated.
- https://www.freeipa.org/page/Howto/Centralised_Logging_with_Logstash/ElasticSearch/Kibana
