I have a requirement to evaluate realm/role/username usage (when was the last time users authenticated to a specific realm / role) in order to clean up the unused role/realms/username from the box. Actually, under realms, we have multiple rules configured based on username only and assigned specific access to a resource. There may be cases where users either left the organization already or don't need further access to the resources.
one way is to analyze the user-access logs with filter string on the basis of realm/role/username, but digging into the username level is very time taking I believe. Please suggest if there is any other better way to analyze the logs.
Also, is there any limit on the local logs saved in the device for previous days. (for how many days logs will be saved in the local directory(any cron job by default which overrides the previous logs) or is it on the basis of the storage limit only). Or any remote logging tool recommendation for that?
Your quick response is highly appreciated.
I do not know any tool to help to clean up configurations in PCS.
We export logs via syslog and put them in a DB and them ran some scripts to give us some light in what is going on.
You can also use the feature of archiving the logs [Maintenance >> Archiving], in this way, you can define when you want the be archive (and clean if you decide it so).
Internal log is base in disk limit defined by you up to the max permitted.