You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@archiva.apache.org by Bram Van Dam <br...@intix.eu> on 2021/06/26 12:45:39 UTC
archiva-security-audit.log remains empty
Greetings,
I'm running Archiva 2.2.5 and I'm having some difficulty getting audit
logging to work.
The documentation [1] seems to suggest that it should Just Work and log
user logins etc, but the file remains empty. Regular logging seems to
work reasonably well [2], it's just this one logfile that doesn't seem
to want to cooperate.
I've tried increasing the log level for the redbackAuditLog to debug,
but that hasn't made any difference.
Any pointers in the right direction would be much appreciated :-)
- Bram
[1] https://archiva.apache.org/docs/2.2.5/adminguide/security-logs.html
[2] archiva.log contains very rudimentary "login failed" events, but
doesn't include a remote IP address, only the username. And the request
log logs login failures with status code 500, making it very difficult
to do any meaningful auditing.
Re: archiva-security-audit.log remains empty
Posted by Bram Van Dam <br...@intix.eu>.
> indeed, it looks as if the documentation is outdated in this case. I checked the code and the mechanism for auditing
> is not used anymore. I'm not sure, when this was changed.
> And currently there is no alternative audit mechanism.
Thanks for clarifying that. The logging of DefaultLoginService is a
start but it's not really sufficient. I can get successful and failed
logins, which is great, but there seems to be no way to get the user's
remote IP address.
Maybe I'll check out the source code next weekend and see if I can't
figure out how to fix this.
Thanks!
- Bram
Re: archiva-security-audit.log remains empty
Posted by Martin <ma...@apache.org>.
Hi Bram,
indeed, it looks as if the documentation is outdated in this case. I checked the code and the mechanism for auditing
is not used anymore. I'm not sure, when this was changed.
And currently there is no alternative audit mechanism.
The only alternative ( but this is not really an audit log ) would be to change the log4j2.xml and set the logger configuration for the logger
org.apache.archiva.redback.rest.services.DefaultLoginService
to debug.
You can redirect the logging of this logger to the archiva-security-audit.log by:
<logger name="org.apache.archiva.redback.rest.services.DefaultLoginService" additivity="false" level="debug">
<appender-ref ref="redbackAuditLog" />
</logger>
And you should better set the immediateFlush="true" attribute on the appender.
Sorry for that.
Regards
Martin
Am Samstag, 26. Juni 2021, 14:45:39 CEST schrieb Bram Van Dam:
> Greetings,
>
> I'm running Archiva 2.2.5 and I'm having some difficulty getting audit
> logging to work.
>
> The documentation [1] seems to suggest that it should Just Work and log
> user logins etc, but the file remains empty. Regular logging seems to
> work reasonably well [2], it's just this one logfile that doesn't seem
> to want to cooperate.
>
> I've tried increasing the log level for the redbackAuditLog to debug,
> but that hasn't made any difference.
>
> Any pointers in the right direction would be much appreciated :-)
>
> - Bram
>
> [1] https://archiva.apache.org/docs/2.2.5/adminguide/security-logs.html
>
> [2] archiva.log contains very rudimentary "login failed" events, but
> doesn't include a remote IP address, only the username. And the request
> log logs login failures with status code 500, making it very difficult
> to do any meaningful auditing.
>
>