Main settings:
LemonLDAP::NG provides 5 levels of error and has two kind of logs:
Each category can be handle by a different logging framework. You can choose between:
LogLevel
Apache parameterLog4perl
framework to log (inspired by Java Log4J)Attention
Except for Apache2 and Log4Perl, log level is defined
by logLevel
parameter set in lemonldap-ng.ini
file. Logger
configurations are defined in lemonldap-ng.ini. Example:
[all]
logger = Lemonldap::NG::Common::Logger::Log4perl
userLogger = Lemonldap::NG::Common::Logger::Syslog
logLevel = notice
You can also modify these values in each lemonldap-ng.ini section to have different values for portal, manager and handlers.
Therefore, LLNG provides a username that can be used by webservers in
their access log. To configure the user identifier to write into access
logs, go into Manager, General Parameters
> Logging
>
REMOTE_USER
.
Authentication:
[notice] Session granted for clement.oudot by LDAP (81.20.13.21)
[notice] User clement.oudot.com successfully authenticated at level 2
[notice] clement.oudot connected
Failed authentication:
[warn] foo.bar was not found in LDAP directory (81.20.13.21)
[warn] Bad password for clement.oudot (81.20.13.21)
Logout:
[notice] User clement.oudot has been disconnected from LDAP (81.20.13.21)
Access to a CAS application non registered in configuration (when CAS server is open):
[notice] User clement.oudot is redirected to https://cas.service.url
Access to a CAS application whose configuration key is app-example
:
[notice] User clement.oudot is authorized to access to app-example
Access to an SAML SP whose configuration key is sp-example
:
[notice] User clement.oudot is authorized to access to sp-example
Access to an OIDC RP whose configuration key is rp-example
:
[notice] User clement.oudot is authorized to access to rp-example
Access to a Get application whose vhost configuration key is host.example.com
:
[notice] User clement.oudot is authorized to access to host.example.com
Nothing to configure except logLevel.
The log level can be set with Apache LogLevel
parameter. It can be
configured globally, or inside a virtual host.
See http://httpd.apache.org/docs/current/mod/core.html#loglevel for more information.
You can choose facility in lemonldap-ng.ini file. Default values:
syslogFacility = daemon
userSyslogFacility = auth
You can also override options. Default values:
syslogOptions = cons,pid,ndelay
userSyslogOptions = cons,pid,ndelay
Tip
You can find more information on Syslog options in Sys::Syslog Perl module.
You can indicate the Log4perl configuration file and the classes to use. Default values:
log4perlConfFile = /etc/log4perl.conf
log4perlLogger = LLNG
log4perlUserLogger = LLNG.user
You just have to give your DSN:
sentryDsn = https://...
Attention
This experimental logger requires Sentry::Raven Perl module.
Use it to use more than one logger. Example:
logger = Lemonldap::NG::Common::Logger::Dispatch
userLogger = Lemonldap::NG::Common::Logger::Dispatch
logDispatchError = Lemonldap::NG::Common::Logger::Sentry
logDispatchNotice = Lemonldap::NG::Common::Logger::Syslog
userLogDispatchError = Lemonldap::NG::Common::Logger::Sentry
; Other parameters
syslogFacility = daemon
sentryDsn = https://...
Attention
At least logDispatchError
(or
userLogDispatchError
for user logs) must be defined. All sub level
will be dispatched on it, until another lever is declared. In the above
example, Sentry collects error
and warn
levels and all user
actions, while syslog stores technical notice
, info
and
debug
logs.