[midPoint] Logging to logstash, concise audit log
Pertti Kellomäki
pertti.kellomaki at datactica.fi
Mon Feb 20 07:29:02 CET 2017
Hi Pavol,
I had not looked in midPoint sources yet, so thanks for the pointer to the AuditService implementation. It does indeed look encouragingly simple so I think we will go the custom AuditService route.
To answer my question about logging to logstash, it was really quite simple to configure filebeat to send off midPoint logs to logstash. Below is a filebeat configuration file that works with midPoint audit log with details included. The multi line log entries are split at timestamps, and shipped to a logging server listening at host 'elk' port 5044.
/etc/filebeat/filebeat.yml
output:
logstash:
enabled: true
hosts:
- elk:5044
ssl:
certificate_authorities:
- /etc/pki/tls/certs/logstash-beats.crt
timeout: 15
filebeat:
prospectors:
-
paths:
- /opt/apache-tomcat/logs/idm-profile.log
multiline:
pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
negate: true
match: after
--
Pertti
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20170220/54582641/attachment.htm>
More information about the midPoint
mailing list