FreeIPA

When you configure your FreeIPA to send log data to USM Appliance, you can use the FreeIPA plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.

Plugin Information
Device	Details
Vendor	FreeIPA
Device Type	Network Access Control
Connection Type	Syslog
Data Source Name	freeipa
Data Source ID	1886

Integrating FreeIPA

Before you configure the FreeIPA integration, you must have the IP Address of the USM Appliance Sensor.

To configure FreeIPA to send Syslog messages to USM Appliance

Add a new configuration file to be used by rsyslog in /etc/rsyslog.d/alienvault.conf.
Open the file for editing and add the following line:

*.* @<<USM-Appliance-Sensor-IP-Address>>:514
Restart rsyslog.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://www.freeipa.org/page/Howto/Centralised_Logging_with_Logstash/ElasticSearch/Kibana

For troubleshooting, refer to the vendor documentation:

https://www.freeipa.org/page/Troubleshooting

FreeIPA

Integrating FreeIPA

Plugin Enablement

Additional Resources and Troubleshooting

Feedback

Feedback

Feedback