[midPoint] audit logging, anyone using filebeat/logstash?
Jason Everling
jeverling at bshp.edu
Sun Apr 28 02:47:24 CEST 2019
I started on it and it took quite some time because of how the audit logs
are formatted. Using a function in filebeat that combines multi lines into
a single line based on [date field] I created. It still needs some work,
add more values to capture but it starting to shape up which I thought
might not be possible. So if you use logstash/elasticsearch for your log
management just let me know if you want to work on it with me :D I attached
a current working screenshot from kibana.
[image: Capture.PNG]
On Thu, Apr 25, 2019 at 1:42 PM Jason Everling <jeverling at bshp.edu> wrote:
> Was going to create a config for reading midpoint audit logs using
> filebeat then sending over to logstash for parsing but wanted to see if
> anyone else is already using elastic to store audit logs from midpoint. If
> you are and have a logstash pipeline/config handy would you mid sharing :)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190427/053bae19/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Capture.PNG
Type: image/png
Size: 21902 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190427/053bae19/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Capture.PNG
Type: image/png
Size: 21902 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190427/053bae19/attachment-0001.png>
More information about the midPoint
mailing list