Audit log for login activity only

Options
garrickhall
garrickhall Registered Posts: 2 ✭✭✭

I have a security requirement to send login activity to a separate log file for parsing in a security application. Is it possible to filter the log4j file process to only send log data. It appears that the process does not respect the "filter" logic like seen below

# Redirect login audit logs to a file for Azure LAW
log4j.appender.AUDITFILE=org.apache.log4j.RollingFileAppender
log4j.appender.AUDITFILE.File=/opt/dataiku/lawlogs/run/audit/audit.log
log4j.appender.AUDITFILE.MaxFileSize=100MB
log4j.appender.AUDITFILE.MaxBackupIndex=20
log4j.appender.AUDITFILE.layout=com.dataiku.dip.logging.JSONAuditLayout
log4j.appender.AUDITFILE.filter.1=org.apache.log4j.varia.StringMatchFilter
log4j.appender.AUDITFILE.filter.1.StringToMatch=login
log4j.appender.AUDITFILE.filter.1.AcceptOnMatch=true

Is this possible with the existing framework?


Operating system used: RHEL7.9

Best Answer

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer Posts: 753 Dataiker
    Answer ✓
    Options

    Hi,

    The "StringMatchFilter" will return NEUTRAL in case of no match, which means that non-matched items will be left intact by the filter, whereas matching ones will be immediately accepted.

    If you want non-matched records to be filtered out, you'll need to add a org.apache.log4j.varia.DenyAllFilter at the end of your filter pipeline

    Best,

Setup Info
    Tags
      Help me…