Hi there, using privacyIDEA and trying to forward Logs to Splunk.
I have configured on Splunk a listener on the TCP port 514
Then I configured in privacyidea:
In the pi.cfg file:
PI_AUDIT_MODULE = 'privacyidea.lib.auditmodules.containeraudit'
PI_AUDIT_CONTAINER_WRITE = ['privacyidea.lib.auditmodules.sqlaudit','privacyide>
PI_AUDIT_CONTAINER_READ = 'privacyidea.lib.auditmodules.sqlaudit'
PI_AUDIT_LOGGER_QUALNAME = "pi-audit"
PI_AUDIT_SERVERNAME = "privacyidea-server"
PI_LOGCONFIG = "/etc/privacyidea/logging.yml"
In the logging.yml file:
version: 1
formatters:
detail:
class: privacyidea.lib.log.SecureFormatter
format: '[%(asctime)s][%(process)d][%(thread)d][%(levelname)s][%(name)s:%(lineno)d] %(message)s'
handlers:
file:
# Rollover the logfile at midnight
class: logging.handlers.RotatingFileHandler
backupCount: 5
maxBytes: 1000000
formatter: detail
level: INFO
filename: /var/log/privacyidea/privacyidea.log
syslog:
class: logging.handlers.SysLogHandler
address: ('ip addr of splunk', 514)
formatter: detail
level: INFO
loggers:
# The logger name is the qualname
privacyidea:
handlers:
- file
- syslog
level: INFO
pi-audit:
handlers:
- file
- syslog
level: INFO
root:
handlers:
- syslog
level: INFO
Am I doing something wrong / am I missing a step?
Need help ASAP thanks!