I want to monitor the console activities such as who login, Any new users got created and new hosts got added for my PCI Activity.
Unable to figure out in which logs the above mentioned info is present
I have looked into /var/log/ipaserver-install.log but this log does not give me the required information.
Please help.
All operations over IPA framework are visible in /var/log/httpd/error_log on each IPA master. This includes adding users, removing them, etc.
There is a prototyped demo on gathering all logs together and visualizing different flows available at https://www.freeipa.org/page/Centralized_Logging. It is not a complete solution but rather a sketch on how it would look like and it has a detailed description on which logs need to be gathered and how to configure a log forwarding specific to IPA on RHEL 7/CentOS 7: https://github.com/pschiffe/ipa-log-config