Searching File Content

You can use central logging tools or grep to parse the configuration file content. Using Splunk, for example, searching for "device=*/localhost" finds any action on machines named localhost in any device class. Searching for "action=Add kind=User | table user username" creates a table that lists new users and which user added them.