diff options
Diffstat (limited to 'idp/template-config/logback.xml')
| -rw-r--r-- | idp/template-config/logback.xml | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/idp/template-config/logback.xml b/idp/template-config/logback.xml new file mode 100644 index 0000000..6afa4ef --- /dev/null +++ b/idp/template-config/logback.xml @@ -0,0 +1,199 @@ +<?xml version="1.0" encoding="UTF-8"?> +<configuration> + + <!-- + Variables for simplifying logging configuration. + http://logback.qos.ch/manual/configuration.html#variableSubstitution + --> + + <variable name="idp.logfiles" value="${idp.home}/logs" /> + <variable name="idp.loghistory" value="180" /> + + <!-- Much higher performance if you operate on DEBUG. --> + <!-- <variable name="idp.process.appender" value="ASYNC_PROCESS" /> --> + + <!-- Logging level shortcuts. --> + <variable name="idp.loglevel.idp" value="INFO" /> + <variable name="idp.loglevel.ldap" value="WARN" /> + <variable name="idp.loglevel.messages" value="INFO" /> + <variable name="idp.loglevel.encryption" value="INFO" /> + <variable name="idp.loglevel.opensaml" value="INFO" /> + <variable name="idp.loglevel.props" value="INFO" /> + + <!-- Don't turn these up unless you want a *lot* of noise. --> + <variable name="idp.loglevel.spring" value="ERROR" /> + <variable name="idp.loglevel.container" value="ERROR" /> + <variable name="idp.loglevel.xmlsec" value="INFO" /> + + <!-- + If you want to use custom properties in this config file, + we load the main property file for you. + --> + <variable file="${idp.home}/conf/idp.properties" /> + + <!-- =========================================================== --> + <!-- ============== Logging Categories and Levels ============== --> + <!-- =========================================================== --> + + <!-- Logs IdP, but not OpenSAML, messages --> + <logger name="net.shibboleth.idp" level="${idp.loglevel.idp:-INFO}"/> + + <!-- Logs OpenSAML, but not IdP, messages --> + <logger name="org.opensaml.saml" level="${idp.loglevel.opensaml:-INFO}"/> + + <!-- Logs LDAP related messages --> + <logger name="org.ldaptive" level="${idp.loglevel.ldap:-WARN}"/> + + <!-- Logs inbound and outbound protocols messages at DEBUG level --> + <logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages:-INFO}" /> + + <!-- Logs unencrypted SAML at DEBUG level --> + <logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption:-INFO}" /> + + <!-- Logs system properties during startup at DEBUG level --> + <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props:-INFO}" /> + + <!-- Especially chatty. --> + <logger name="net.shibboleth.idp.saml.attribute.mapping" level="INFO" /> + <logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec:-INFO}" /> + <logger name="org.springframework" level="${idp.loglevel.spring:-ERROR}"/> + <logger name="org.apache.catalina" level="${idp.loglevel.container:-ERROR}"/> + <logger name="org.eclipse.jetty" level="${idp.loglevel.container:-ERROR}"/> + + + <!-- =========================================================== --> + <!-- ============== Low Level Details or Changes =============== --> + <!-- =========================================================== --> + + <!-- Process log. --> + <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <File>${idp.logfiles}/idp-process.log</File> + + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz</fileNamePattern> + <maxHistory>${idp.loghistory:-180}</maxHistory> + </rollingPolicy> + + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern> + </encoder> + + <!-- Ignore Velocity status page error. --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator> + <matcher> + <Name>VelocityStatusMatcher</Name> + <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex> + </matcher> + <expression>VelocityStatusMatcher.matches(formattedMessage)</expression> + </evaluator> + <OnMatch>DENY</OnMatch> + </filter> + </appender> + + <appender name="ASYNC_PROCESS" class="ch.qos.logback.classic.AsyncAppender"> + <appender-ref ref="IDP_PROCESS" /> + <discardingThreshold>0</discardingThreshold> + </appender> + + <appender name="IDP_WARN" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <!-- Suppress anything below WARN. --> + <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> + <level>WARN</level> + </filter> + + <File>${idp.logfiles}/idp-warn.log</File> + + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz</fileNamePattern> + <maxHistory>${idp.loghistory:-180}</maxHistory> + </rollingPolicy> + + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern> + </encoder> + + <!-- Ignore Velocity status page error. --> + <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> + <evaluator> + <matcher> + <Name>VelocityStatusMatcher</Name> + <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex> + </matcher> + <expression>VelocityStatusMatcher.matches(formattedMessage)</expression> + </evaluator> + <OnMatch>DENY</OnMatch> + </filter> + </appender> + + <!-- Audit log. --> + <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <File>${idp.logfiles}/idp-audit.log</File> + + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern> + <maxHistory>${idp.loghistory:-180}</maxHistory> + </rollingPolicy> + + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%msg%n</Pattern> + </encoder> + </appender> + + <!-- Consent audit log. --> + <appender name="IDP_CONSENT_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <File>${idp.logfiles}/idp-consent-audit.log</File> + + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern> + <maxHistory>${idp.loghistory:-180}</maxHistory> + </rollingPolicy> + + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%msg%n</Pattern> + </encoder> + </appender> + + <!-- F-TICKS syslog destination. --> + <appender name="IDP_AUDIT_FTICKS" class="ch.qos.logback.core.rolling.RollingFileAppender"> + <File>${idp.home}/logs/idp-audit-fticks.log</File> + <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> + <fileNamePattern>${idp.home}/logs/idp-audit-fticks%d{yyyy-MM-dd}.log.gz</fileNamePattern> + <maxHistory>180</maxHistory> + </rollingPolicy> + <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> + <charset>UTF-8</charset> + <Pattern>%msg%n</Pattern> + </encoder> + </appender> + + <appender name="IDP_FTICKS" class="ch.qos.logback.classic.net.SyslogAppender"> + <syslogHost>${idp.fticks.loghost:-localhost}</syslogHost> + <port>${idp.fticks.logport:-514}</port> + <facility>AUTH</facility> + <suffixPattern>[%thread] %logger %msg</suffixPattern> + </appender> + + <logger name="Shibboleth-Audit" level="ALL"> + <appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/> + </logger> + + <logger name="Shibboleth-FTICKS" level="ALL" additivity="false"> + <appender-ref ref="${idp.fticks.appender:-IDP_FTICKS}"/> + <appender-ref ref="IDP_AUDIT_FTICKS"/> + </logger> + + <logger name="Shibboleth-Consent-Audit" level="ALL"> + <appender-ref ref="${idp.consent.appender:-IDP_CONSENT_AUDIT}"/> + </logger> + + <root level="${idp.loglevel.root:-INFO}"> + <appender-ref ref="${idp.process.appender:-IDP_PROCESS}"/> + <appender-ref ref="${idp.warn.appender:-IDP_WARN}" /> + </root> + +</configuration> |