Audit log for login activity only

Solved!
garrickhall
Level 1
Audit log for login activity only

I have a security requirement to send login activity to a separate log file for parsing in a security application.  Is it possible to filter the log4j file process to only send log data.  It appears that the process does not respect the "filter" logic like seen below

 

# Redirect login audit logs to a file for Azure LAW
log4j.appender.AUDITFILE=org.apache.log4j.RollingFileAppender
log4j.appender.AUDITFILE.File=/opt/dataiku/lawlogs/run/audit/audit.log
log4j.appender.AUDITFILE.MaxFileSize=100MB
log4j.appender.AUDITFILE.MaxBackupIndex=20
log4j.appender.AUDITFILE.layout=com.dataiku.dip.logging.JSONAuditLayout
log4j.appender.AUDITFILE.filter.1=org.apache.log4j.varia.StringMatchFilter
log4j.appender.AUDITFILE.filter.1.StringToMatch=login
log4j.appender.AUDITFILE.filter.1.AcceptOnMatch=true

 

Is this possible with the existing framework?


Operating system used: RHEL7.9

0 Kudos
1 Solution
Clรฉment_Stenac

Hi,

The "StringMatchFilter" will return NEUTRAL in case of no match, which means that non-matched items will be left intact by the filter, whereas matching ones will be immediately accepted.

If you want non-matched records to be filtered out, you'll need to add a org.apache.log4j.varia.DenyAllFilter at the end of your filter pipeline

Best,

View solution in original post

0 Kudos
1 Reply
Clรฉment_Stenac

Hi,

The "StringMatchFilter" will return NEUTRAL in case of no match, which means that non-matched items will be left intact by the filter, whereas matching ones will be immediately accepted.

If you want non-matched records to be filtered out, you'll need to add a org.apache.log4j.varia.DenyAllFilter at the end of your filter pipeline

Best,

0 Kudos