<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hello Pertti,</p>
<p><br>
</p>
<p>I'll start from the end: the role being assigned is hidden in the
delta, which is part of each audit entry record. See <a
href="https://wiki.evolveum.com/display/midPoint/Auditing">https://wiki.evolveum.com/display/midPoint/Auditing</a>.
It's not show in the default text-based logs (at INFO level), but
present e.g. in audit records stored in repository or in
text-based logs at DEBUG level.<br>
</p>
<p><br>
</p>
<p>As for your requirements: There are maybe two options other than
using standard text or DB-based logs.</p>
<ol>
<li>Write your own logger by implementing interface <a
href="https://github.com/Evolveum/midpoint/blob/master/repo/audit-api/src/main/java/com/evolveum/midpoint/audit/api/AuditService.java">AuditService</a>.
It's not that hard, as you can see when you look at existing <a
href="https://github.com/Evolveum/midpoint/blob/master/repo/audit-impl/src/main/java/com/evolveum/midpoint/audit/impl/LoggerAuditServiceImpl.java">LoggerAuditServiceImpl</a>.</li>
<li>Or you can use a totally different mechanism: notifications.
By default, they're text oriented, but you can write your own
implementation; even in groovy, using either general notifier,
or wholly <a
href="https://github.com/Evolveum/midpoint/blob/master/samples/objects/custom-notifications.xml">custom
notifier / custom transport</a> (the latter two starting from
midPoint 3.6, although a bit experimental).</li>
</ol>
<p>I'd suggest maybe trying custom AuditService first.</p>
<p><br>
</p>
<p>Best regards,<br>
</p>
<pre class="moz-signature" cols="72">Pavol Mederly
Software developer
evolveum.com
</pre>
<div class="moz-cite-prefix">On 17.02.2017 16:14, Pertti Kellomäki
wrote:<br>
</div>
<blockquote cite="mid:1487344474774.56846@datactica.fi" type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none"><!--P{margin-top:0;margin-bottom:0;} --></style>
<p>Hi all,</p>
<p><br>
</p>
<p>Is anyone logging midPoint logs to logstash? We are required to
produce an audit log that is shipped off to a remote log server.
I have experimented with filebeat so I have an idea how this
works, but any practical advice is much appreciated.</p>
<p><br>
</p>
<p>The log should ideally be somewhat independent of
midPoint, using user names and role names instead of midPoint
oid's. Turning on detailed audit logging gives me those, but it
also gives lots of information that I don't really need. If
there is some intermediate solution I would love to hear about
it.</p>
<p><br>
</p>
<p>Maybe there is something I don't understand but the compact
audit log format seems to lack some information. For example if
I give a user a role, I see the requester and the user being
given the role, but the role being assigned does not seem to
show up in the log entry.</p>
<p><br>
</p>
<p>Pertti</p>
<p><br>
</p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
midPoint mailing list
<a class="moz-txt-link-abbreviated" href="mailto:midPoint@lists.evolveum.com">midPoint@lists.evolveum.com</a>
<a class="moz-txt-link-freetext" href="http://lists.evolveum.com/mailman/listinfo/midpoint">http://lists.evolveum.com/mailman/listinfo/midpoint</a>
</pre>
</blockquote>
<br>
</body>
</html>