[midPoint] Logging to logstash, concise audit log

Pavol Mederly mederly at evolveum.com
Sat Feb 18 16:35:37 CET 2017 

Hello Pertti,


I'll start from the end: the role being assigned is hidden in the delta, 
which is part of each audit entry record. See 
https://wiki.evolveum.com/display/midPoint/Auditing. It's not show in 
the default text-based logs (at INFO level), but present e.g. in audit 
records stored in repository or in text-based logs at DEBUG level.


As for your requirements: There are maybe two options other than using 
standard text or DB-based logs.

 1. Write your own logger by implementing interface AuditService
    <https://github.com/Evolveum/midpoint/blob/master/repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditService.java>.
    It's not that hard, as you can see when you look at existing
    LoggerAuditServiceImpl
    <https://github.com/Evolveum/midpoint/blob/master/repo/audit-impl/src/main/java/com/evolveum/midpoint/audit/impl/LoggerAuditServiceImpl.java>.
 2. Or you can use a totally different mechanism: notifications. By
    default, they're text oriented, but you can write your own
    implementation; even in groovy, using either general notifier, or
    wholly custom notifier / custom transport
    <https://github.com/Evolveum/midpoint/blob/master/samples/objects/custom-notifications.xml>
    (the latter two starting from midPoint 3.6, although a bit
    experimental).

I'd suggest maybe trying custom AuditService first.


Best regards,

Pavol Mederly
Software developer
evolveum.com

On 17.02.2017 16:14, Pertti Kellomäki wrote:
>
> Hi all,
>
>
> Is anyone logging midPoint logs to logstash? We are required to 
> produce an audit log that is shipped off to a remote log server.  I 
> have experimented with filebeat so I have an idea how this works, but 
> any practical advice is much appreciated.
>
>
> The log should ideally be somewhat independent of midPoint, using user 
> names and role names instead of midPoint oid's. Turning on detailed 
> audit logging gives me those, but it also gives lots of information 
> that I don't really need. If there is some intermediate solution I 
> would love to hear about it.
>
>
> Maybe there is something I don't understand but the compact audit log 
> format seems to lack some information. For example if I give a user a 
> role, I see the requester and the user being given the role, but the 
> role being assigned does not seem to show up in the log entry.
>
>
> Pertti
>
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170218/9aa7229c/attachment.htm>

More information about the midPoint mailing list