Foreman audit logging to Splunk / Logstash / SIEM

Hello everyone,

Does Foreman have support for audit logging in Splunk / Logstash friendly format?

You mention “audits” on your main page (


No more wondering why did your load balancer suddenly became a database. Check how, who and when in our audits system.

production.log seems to contain some auditing (like logon events) but it’s very noisy.

I would like to could easily find out who did what and when.


for Red Hat Satellite, I’ve came up with this integration for ElasticSearch. You can probably build on top of that:

Write about it if you get it working.