I’ve migrated my logging.cfg to yml format for PrivacyIDEA 3.4. It now seems I am getting log duplication on certain events. Below is an example of a single authentication attempt. Two of the events really don’t contain any useful information.
[2020-11-25 15:35:48,025][INFO][pi-audit]{"action": "POST /validate/check", "action_detail": "", "client": "192.168.1.1", "client_user_agent": null, "info": "logged in as User123. wrong otp value", "policies": "RADIUS_ResponseDetails", "privacyidea_server": "PrivacyIDEAServer123", "realm": "contoso", "resolver": "Users", "serial": "TOTP1234", "success": false, "timestamp": "2020-11-25T21:35:48.025763", "token_type": "totp", "user": "User123"}
[2020-11-25 15:35:49,158][INFO][pi-audit]{"action": "POST /validate/check", "action_detail": "", "client": "192.168.1.1", "client_user_agent": null, "info": "ERR905: Missing parameter: 'pass'", "policies": "", "privacyidea_server": "PrivacyIDEAServer123", "success": false, "timestamp": "2020-11-25T21:35:49.158207"}
[2020-11-25 15:35:50,394][INFO][pi-audit]{"action": "POST /validate/check", "action_detail": "", "client": "192.168.1.1", "client_user_agent": null, "info": "ERR905: Missing parameter: 'pass'", "policies": "", "privacyidea_server": "PrivacyIDEAServer123", "success": false, "timestamp": "2020-11-25T21:35:50.394510"}
Here’s my logging.cfg, is there something I’ve forgotten to put in or have something that isn’t necessary?
version: 1
formatters:
detail:
class: privacyidea.lib.log.SecureFormatter
format: '[%(asctime)s][%(levelname)s][%(name)s]%(message)s'
handlers:
file:
class: logging.handlers.RotatingFileHandler
backupCount: 7
maxBytes: 50000000
formatter: detail
level: INFO
filename: /var/log/privacyidea/audit.log
loggers:
pi-audit:
handlers:
- file
level: INFO
root:
level: WARNING