Reputation: 2819
Audit logs for scim requests WSO2 IDP
I want to log the scim requests (success,failure) that are coming to the wso2/idp server. I followed the [https://docs.wso2.com/display/IS530/Logging+Claims+in+Audit+Logs] but the repository\logs\audit.log still does not contains any extra records except for a single line for the day:
'[email protected] [-1234]' logged in at [2019-09-17 10:45:23 ......
I also added the following to the in the identity.xml in the hope of something getting logged..
http://wso2.org/claims/username
http://wso2.org/claims/userid
http://wso2.org/claims/country
http://wso2.org/claims/fullname
http://wso2.org/claims/identity/failedLoginAttempts
http://wso2.org/claims/displayName
But yet, no scim requests are getting logged. My scim requests are all working without any issues, except for the logging.
curl -v -k --user admin:admin https://localhost:9443/wso2/scim/Users/48f7cfe5-f0e3-4a67-af7e-d762aa9ab215
Upvotes: 1
Views: 209
Answers (2)
Reputation: 943
If your requirement is to get the scim logs to audit log file add the following config to
{IS-HOME}/repository/conf/log4j.properties
log4j.logger.org.wso2.carbon.identity.scim=DEBUG
edit the threshold value of Appender config to AUDIT_LOGFILE
log4j.appender.AUDIT_LOGFILE=org.wso2.carbon.utils.logging.appenders.CarbonDailyRollingFileAppender
log4j.appender.AUDIT_LOGFILE.File=${carbon.home}/repository/logs/audit.log
log4j.appender.AUDIT_LOGFILE.Append=true
log4j.appender.AUDIT_LOGFILE.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
log4j.appender.AUDIT_LOGFILE.layout.ConversionPattern=[%d] %P%5p {%c}- %x %m %n
log4j.appender.AUDIT_LOGFILE.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.AUDIT_LOGFILE.threshold=DEBUG
log4j.additivity.AUDIT_LOG=false
Upvotes: 0
Reputation: 943
For your use case, I think you need to log the user operations that are coming in to Identity Server. You can do it by writing a user operation event listener, you have to extend the org.wso2.carbon.user.core.common.AbstractUserOperationEventListener class and override the methods you need to add functionality. You can override all methods of the class and simply added audit logs for them to identify the user and the particular operation he is performing. The audit logs are printed in SERVER_HOME/repository/logs/audit.log file.
Please refer the following for more details:
http://www.securityinternal.com/2016/08/user-operation-event-listener-in-wso2.html http://www.securityinternal.com/2016/08/writing-user-operation-event-listener.html https://github.com/thariyarox/sample-user-operation-event-listener-print-audit-logs https://medium.com/@inthiraj1994/user-operation-event-listener-for-wso2-server-8ce4765b8c95
Upvotes: 1
Related Questions
- WSO2 Identity Server - SCIM2 API called by other application (client_id and secret)
- Enabling WSO2 IDP Audit logs
- Is there a way to track who last accessed a resource through IDP in Identity Server?
- How to enable auditing in wso2 identity server 5.1?
- WSO2 Identity Server SCIM Authorization issue
- SCIM service providers in WSO2 Identity Server
- WSO2 Identity Server - SCIM Filtering
- WSO2 - Where in the source is the link between SCIM interface and IS identity management?
- Monitoring WSO2 IS logins/loguts, using WSO2 bam
- WSO2 Identity Server - XDAS Auditing