Hello,
I’m trying to test the new feature Container Audit to send audit log to file and sql, but it seems do not work. The audit.log file and sql log only have POST /auth entries from internal admin login, no /token, /audit, etc.
If I try with PI_AUDIT_MODULE = “privacyidea.lib.auditmodules.loggeraudit”, PI works as design, only audit on file but not on SQL audit. Do I miss anything?
Here is part of my config:
pi.cfg:
PI_AUDIT_MODULE = ‘privacyidea.lib.auditmodules.containeraudit’
PI_AUDIT_CONTAINER_WRITE = [‘privacyidea.lib.auditmodules.sqlaudit’,‘privacyidea.lib.auditmodules.loggeraudit’]
PI_AUDIT_CONTAINER_READ = ‘privacyidea.lib.auditmodules.sqlaudit’
PI_LOGCONFIG = “/etc/privacyidea/logging.cfg”
PI_AUDIT_SQL_TRUNCATE = True
PI_ENGINE_REGISTRY_CLASS = “shared”
PI_AUDIT_POOL_SIZE = 20
PI_AUDIT_KEY_PRIVATE = ‘/etc/privacyidea/private.pem’
PI_AUDIT_KEY_PUBLIC = ‘/etc/privacyidea/public.pem’
logging.cfg:
[formatters]
keys=detail
[handlers]
keys=file,audit
[formatter_detail]
class=privacyidea.lib.log.SecureFormatter
format=[%(asctime)s][%(process)d][%(thread)d][%(levelname)s][%(name)s:%(lineno)d] %(message)s
[handler_audit]
class=logging.handlers.RotatingFileHandler
backupCount=14
maxBytes=10000000
formatter=detail
level=INFO
args=(’/var/log/privacyidea/audit.log’,)
[handler_file]
# Rollover the logfile at midnight
class=logging.handlers.RotatingFileHandler
backupCount=14
maxBytes=10000000
formatter=detail
level=INFO
args=(’/var/log/privacyidea/privacyidea.log’,)
[loggers]
keys=root,privacyidea,audit
[logger_privacyidea]
handlers=file
qualname=privacyidea
level=INFO
[logger_root]
level=ERROR
handlers=file
[logger_audit]
handlers=audit
qualname=privacyidea.lib.auditmodules.loggeraudit
level=INFO