Audit log for login activity only
I have a security requirement to send login activity to a separate log file for parsing in a security application. Is it possible to filter the log4j file process to only send log data. It appears that the process does not respect the "filter" logic like seen below
# Redirect login audit logs to a file for Azure LAW
log4j.appender.AUDITFILE=org.apache.log4j.RollingFileAppender
log4j.appender.AUDITFILE.File=/opt/dataiku/lawlogs/run/audit/audit.log
log4j.appender.AUDITFILE.MaxFileSize=100MB
log4j.appender.AUDITFILE.MaxBackupIndex=20
log4j.appender.AUDITFILE.layout=com.dataiku.dip.logging.JSONAuditLayout
log4j.appender.AUDITFILE.filter.1=org.apache.log4j.varia.StringMatchFilter
log4j.appender.AUDITFILE.filter.1.StringToMatch=login
log4j.appender.AUDITFILE.filter.1.AcceptOnMatch=true
Is this possible with the existing framework?
Operating system used: RHEL7.9
Best Answer
-
Hi,
The "StringMatchFilter" will return NEUTRAL in case of no match, which means that non-matched items will be left intact by the filter, whereas matching ones will be immediately accepted.
If you want non-matched records to be filtered out, you'll need to add a org.apache.log4j.varia.DenyAllFilter at the end of your filter pipeline
Best,