Audit Log to SysLog


#1

Hi to all!
I need to know if it’s possible to send audit log to a syslog.

We have configured advanced logging to logging.cfg like best practice:

[formatters]
keys=detail

[handlers]
keys=file,hand02

[formatter_detail]
class=privacyidea.lib.log.SecureFormatter
format=[%(asctime)s][%(process)d][%(thread)d][%(levelname)s][%(name)s:%(lineno)d] %(message)s

[handler_file]
# Rollover the logfile at midnight
class=logging.handlers.RotatingFileHandler
backupCount=14
maxBytes=10000000
formatter=detail
level=ERROR
args=('/var/log/privacyidea/privacyidea.log',)

[handler_hand02]
class=handlers.SysLogHandler
level=ERROR
formatter=detail
args=(('x.x.x.x', handlers.SYSLOG_UDP_PORT), handlers.SysLogHandler.LOG_USER)

[loggers]
keys=root,privacyidea

[logger_privacyidea]
handlers=file,hand02
qualname=privacyidea
level=ERROR

[logger_root]
level=ERROR
handlers=file

All working fine but we don’t be able to triggers audit log on syslog.

It’s possible to work on this?

Thanks a lot.


#2

Hi!
any news for these request?

Anyone can suggest me where to check or if it’s possible to do this?

Thanks in advance


#3

You can write your own Audit Python Module, which then would write the infos the a syslog sever.

However, you will loose the dedicated fields and signature check.


#4

Hi Cornelinux, thanks a lot.

But do you think in a future that this feature can be included?


#5

Yes, why not.

But the problem with syslog might be, that you loose the audit information for later searching.
Currently audit log is used by helpdesk users. So you need to search and filter on the audit log.

But if there was an audit log module, that in addition save info to a syslog server for central processing and also keeps the information in the SQL database, then this might make perfect sense.

You might inherit the syslog auditer from the SQL audit log and add the syslog functionality.