Carl,
To change output of audit logging, you could override it with a custom
implementation,
https://apereo.github.io/2019/01/07/cas61-gettingstarted-overlay/#overlay-customization.
This describes modifying text but the process can be used to modify java
classes as well. But see,
https://apereo.github.io/2017/09/10/stop-writing-code/. The java blog entry,
https://apereo.github.io/2018/04/01/cas-overlays-supercharged/.
To hide log entries, you can use filters. For example:
<!-- DEBUG TGT and ST
on logout ST and service -->
<AsyncLogger name="org.apereo.cas.AbstractCentralAuthenticationService"
level="error" includeLocation="true">
<RegexFilter
regex="Publishing.*ticketGrantingTicket=.*serviceTicket=.*" onMismatch="DENY" />
</AsyncLogger>
See here for filter possibilities,
https://logging.apache.org/log4j/2.x/manual/filters.html
Ray
On Mon, 2020-01-27 at 14:22 -0800, crdaudt wrote:
In updating from CAS 5.x to CAS 6.1.x, I see that additional logging
information has been added to the cas_audit log, specifically, log entries that
include "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED". We would either like to
reduce, the amount of information in these entries, or possibly even omit these
entries altogether. The reason is that the security groups listing for many of
our users results in rather large log entries. For example, my own entry for
""SERVICE_ACCESS_ENFORCEMENT_TRIGGERED"" is an entry that is over 3,000
characters long.
Perhaps some of my ideas below are not very good ideas, and I am open to
perspective.
Idea 1: Is it possible to replace the logged results of the "memberOf" field
with ellipses, and if so, how?
-->I.e., change:
2020-01-27 15:56:06,835 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Mon Jan 27
15:56:06 EST 2020|CAS|[result=Service Access
Granted,service=https://my.casServer.edu/idp/Aut...,principal=SimplePrincipal(id=john_doe,
attributes={displayName=[Doe, John], mail=[[email protected]],
memberOf=[CN=securityGroup1,OU=Faculty Groups,OU=Security
Groups,DC=myADdomain,DC=myuniversity,DC=edu, CN=securityGroup2,OU=Faculty
Groups,OU=Security Groups,DC=myADdomain,DC=myuniversity,DC=edu,
CN=securityGroup3,OU=Faculty Groups,OU=Security
Groups,DC=myADdomain,DC=myuniversity,DC=edu], sAMAccountName=[john_doe],
UDC_IDENTIFIER=[john_doe]}),requiredAttributes={}]|SERVICE_ACCESS_ENFORCEMENT_TRIGGERED|audit:unknown|10.2.100.56
-->Into something like this:
2020-01-27 15:56:06,835 INFO
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Mon Jan 27
15:56:06 EST 2020|CAS|[result=Service Access
Granted,service=https://my.casServer.edu/idp/Aut...,principal=SimplePrincipal(id=john_doe,
attributes={displayName=[Doe, John], mail=[[email protected]],
memberOf=[...]}),requiredAttributes={}]|SERVICE_ACCESS_ENFORCEMENT_TRIGGERED|audit:unknown|10.2.100.56
Idea 2: Is it possible to omit the log entries for
"SERVICE_ACCESS_ENFORCEMENT_TRIGGERED" altogether and if so, how?
Idea 3: Is it possible to create two separate audit log files, one without the
"SERVICE_ACCESS_ENFORCEMENT_TRIGGERED" entries (call this cas_audit.log) and
one with the "SERVICE_ACCESS_ENFORCEMENT_TRIGGERED" (call this
cas_audit_log.verbose)? If so, how? In this case, I would likely gzip the
verbose logs relatively frequently.
I am open to other ideas as well.
Carl
--
Ray Bon
Programmer Analyst
Development Services, University Systems
2507218831 | CLE 019 | [email protected]<mailto:[email protected]>
I respectfully acknowledge that my place of work is located within the
ancestral, traditional and unceded territory of the Songhees, Esquimalt and
WSÁNEĆ Nations.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/1412f2d1aed004a664829275c8fa588055406ccd.camel%40uvic.ca.
