I have a requirement to evaluate realm/role/username usage (when was the last time users authenticated to a specific realm / role) in order to clean up the unused role/realms/username from the box. Actually, under realms, we have multiple rules configured based on username only and assigned specific access to a resource. There may be cases where users either left the organization already or don't need further access to the resources.
one way is to analyze the user-access logs with filter string on the basis of realm/role/username, but digging into the username level is very time taking I believe. Please suggest if there is any other better way to analyze the logs.
Also, is there any limit on the local logs saved in the device for previous days. (for how many days logs will be saved in the local directory(any cron job by default which overrides the previous logs) or is it on the basis of the storage limit only). Or any remote logging tool recommendation for that?