Main settings:
LemonLDAP::NG provides 5 levels of error and has two kind of logs:
Each category can be handle by a different logging framework. You can choose between:
LogLevel Apache parameterLog4perl framework to log (inspired by Java Log4J)logLevel parameter set in lemonldap-ng.ini file. Logger configurations are defined in lemonldap-ng.ini.
Example:
[all] logger = Lemonldap::NG::Common::Logger::Log4perl userLogger = Lemonldap::NG::Common::Logger::Syslog logLevel = notice
You can also modify these values in each lemonldap-ng.ini section to have different values for portal, manager and handlers.
Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, General Parameters > Logging > REMOTE_USER.
Authentication:
[notice] Session granted for clement.oudot by LDAP (81.20.13.21) [notice] User clement.oudot.com successfully authenticated at level 2 [notice] clement.oudot connected
Logout:
[notice] User clement.oudot has been disconnected from LDAP (81.20.13.21)
Access to an SAML SP:
[notice] User clement.oudot is authorized to access to sp-example-entityid [notice] SAML authentication response sent to SAML SP sp-example for clement.oudot
Access to an OIDC RP:
[notice] User clement.oudot is authorized to access to rp-example
Nothing to configure except logLevel.
The log level can be set with Apache LogLevel parameter. It can be configured globally, or inside a virtual host.
See http://httpd.apache.org/docs/current/mod/core.html#loglevel for more information.
You can choose facility in lemonldap-ng.ini file. Default values:
syslogFacility = daemon userSyslogFacility = auth
You can indicate the Log4perl configuration file and the classes to use. Default values:
log4perlConfFile = /etc/log4perl.conf log4perlLogger = LLNG log4perlUserLogger = LLNG.user
You just have to give your DSN:
sentryDsn = https://...
Use it to use more than one logger. Example:
logger = Lemonldap::NG::Common::Logger::Dispatch userLogger = Lemonldap::NG::Common::Logger::Dispatch logDispatchError = Lemonldap::NG::Common::Logger::Sentry logDispatchNotice = Lemonldap::NG::Common::Logger::Syslog userLogDispatchError = Lemonldap::NG::Common::Logger::Sentry ; Other parameters syslogFacility = daemon sentryDsn = https://...
logDispatchError (or userLogDispatchError for user logs) must be defined. All sub level will be dispatched on it, until another lever is declared. In the above example, Sentry collects error and warn levels and all user actions, while syslog stores technical notice, info and debug logs.