Logging and auditing relationship with your security/auditors
Mak, Steve
makst at upenn.edu
Tue May 19 16:05:04 UTC 2020
Here's what I ended up adding to our sandbox:
<appender name="IDP_SECURITY" class="ch.qos.logback.core.rolling.RollingFileAppender">
<FileNamePattern>${idp.logfiles}/idp-security-%d{yyyy-MM-dd}.log</FileNamePattern>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${idp.logfiles}/idp-security-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
<maxHistory>${idp.loghistory:-15}</maxHistory>
</rollingPolicy>
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
<Pattern>%date{ISO8601} %mdc{idp.jsessionid} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
</encoder>
<filter class="ch.qos.logback.core.filter.EvaluatorFilter">
<evaluator>
<matcher>
<Name>Login</Name>
<regex>Login by</regex>
</matcher>
<expression>Login.matches(formattedMessage)</expression>
</evaluator>
<OnMismatch>DENY</OnMismatch>
<OnMatch>ALLOW</OnMatch>
</filter>
</appender>
...
<root level="${idp.loglevel.root:-INFO}">
<appender-ref ref="${idp.process.appender:-IDP_PROCESS}"/>
<appender-ref ref="IDP_SECURITY"/>
<appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
</root>
More information about the users
mailing list