Thanks Ray,
As usual, you always have helpful advice.
Log4j filters remove the entire log entry, which I would've preferred to
keep merely without the principal, but it doesn't make much difference for
my use case. I was able to remove the line from the audit log only so if we
want to see that info we can pull it from the cas log still. Here's what I
ended up changing in log4j2.xml:
<Logger name="org.apereo.inspektr" additivity="false" level="info">
<AppenderRef ref="casConsole"/>
<AppenderRef ref="casFile"/>
<AppenderRef ref="casAudit">
<!-- Custom log filter, remove log entries that include
principal attributes from our audit log only. Principal will remain in
cas.log.-->
<RegexFilter regex=".*attributes=.*" onMatch="DENY"
onMismatch="NEUTRAL" useRawMsg="false" />
</AppenderRef>
</Logger>
On Monday, July 22, 2024 at 10:56:27 PM UTC-4 Ray Bon wrote:
> Jeremiah,
>
> You can add a filter to the Logger
> https://logging.apache.org/log4j/2.x/manual/filters.html
>
> <!-- DEBUG Created seed map='{username=[loginname]}' for
> uid='loginname' -->
> <Logger
> name="org.apereo.services.persondir.support.CachingPersonAttributeDaoImpl"
> level="warn" >
> <RegexFilter regex="Created seed map=.*" onMismatch="DENY" />
> </Logger>
>
> Ray
> ------------------------------
> *From:* cas-...@apereo.org <cas-...@apereo.org> on behalf of Jeremiah
> Garmatter <j-gar...@onu.edu>
> *Sent:* 22 July 2024 06:45
> *To:* CAS Community <cas-...@apereo.org>
> *Subject:* [cas-user] Remove principal from audit logs
>
> Is it possible to remove the user's principal from audit logs in CAS 7?
>
> I resolve all relevant user attributes with the principal instead of using
> a separate LDAP connection. It seems like SAML2 authentications want to
> print every resolved attribute in the principal and it really clutters the
> logs. Anyone know of a way to remove principal attributes from the log
> files? I would like to keep the logs intact, just remove the principal
> field if possible.
>
> Here's an example of one of these auth attempts:
> 2024-07-22 09:15:37,387 INFO [org.apereo.inspektr.audit.AuditTrailManager]
> - 2024-07-22T13:15:37.386909125!my-username!{result=Service Access Granted,
> principal=SimplePrincipal(id=my-username, attributes={cn=[my cn],
> department=[Office of Information Technology], displayName=[my name],
> duoAud=[some code], duoAuthCtxAccessDeviceIp=[an IP],
> duoAuthCtxAccessDeviceLocationCity=[my locality],
> duoAuthCtxAccessDeviceLocationCountry=[United States],
> duoAuthCtxAccessDeviceLocationState=[my state],
> duoAuthCtxApplicationName=[CAS - DUO Universal],
> duoAuthCtxAuthDeviceHostname=[a phone number], duoAuthCtxAuthDeviceIp=[an
> ip], duoAuthCtxAuthDeviceLocationCity=[a location],
> duoAuthCtxAuthDeviceLocationCountry=[United States],
> duoAuthCtxAuthDeviceLocationState=[a state],
> duoAuthCtxEventType=[authentication], duoAuthCtxFactor=[duo_push],
> duoAuthCtxReason=[user_approved], duoAuthCtxResult=[success],
> duoAuthCtxTimestamp=[1721653942], duoAuthCtxTxId=[an id],
> duoAuthCtxUserKey=[a key], duoAuthResult=[allow],
> duoAuthResultStatus=[allow], duoAuthResultStatusMessage=[Login Successful],
> duoAuthTime=[1721653942], duoExp=[1721657542], duoIat=[a number], duoIss=[a
> duo endpoint], duoPreferredUsername=[a username], duoSub=[a username],
> eduPersonNickName=[name], EmailAddress=[an email], givenName=[a name],
> memberOf=[A very long list of groups], organizationalunit=[Office of
> Information Technology], pwdLastSet=[data], schoolName=[data],
> schoolNumber=[data], sn=[surname], telephoneNumber=[a phone number],
> title=[a title], UDC_IDENTIFIER=[a value], uid=[username], username=[a
> username], userType=[data]}), service=my-service,
> requiredAttributes={}}!SERVICE_ACCESS_ENFORCEMENT_TRIGGERED!192.168.95.246!my
> server IP!
>
> --
> - Website: https://apereo.github.io/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit
> https://groups.google.com/a/apereo.org/d/msgid/cas-user/6983a4e7-b724-48fb-a9fb-15028c95507bn%40apereo.org
>
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/6983a4e7-b724-48fb-a9fb-15028c95507bn%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7458702a-6c03-4dc5-b3b8-e16bf877335fn%40apereo.org.
