Audit logging in 7.0.x?

[Baron Fujimoto]

With CAS v6.x, we used to get audit logs that looks something akin to:

2024-03-02 00:00:00,403 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN
=============================================================
WHO: joeuser
WHAT: {result=Service Access Granted, service=https:/example.edu/app, requiredAttributes={}}
ACTION: SERVICE_ACCESS_ENFORCEMENT_TRIGGERED
APPLICATION: CAS
WHEN: Sat Mar 02 00:00:00 HST 2024
CLIENT IP ADDRESS: 192.0.0.192
SERVER IP ADDRESS: 10.10.10.10
=============================================================

>

(and similar others)

And our configs would additionally log them to a separate audit log file. However, since upgrading to cas v7, we are no longer generating these logs.

I've tried explicitly enabling audit logging in our cas.,properties with:

cas.audit.engine.enabled=true

But still nothing. I also don't see a WAR overlay dependency for build.gradle that looks appropriate?

I think our audit log is also defined in log4j2.xml which contains:

=====

        <!-- CAS audit log -->
        <RollingFile name="auditlogfile" fileName="${baseDir}/cas_audit.log" append="true"

        ...

        <CasAppender name="casAudit">
            <AppenderRef ref="auditlogfile" />

        </CasAppender>

        ...

        <Logger name="org.apereo.inspektr.audit.support" additivity="true" level="info">
            <AppenderRef ref="casConsole" />
            <AppenderRef ref="casFile" />
            <AppenderRef ref="casAudit" />

        </Logger>

=====

Any ideas what we're missing to enable audit logging once again?

Reference: <https://apereo.github.io/cas/7.0.x/audits/Audits.html>

--

Baron Fujimoto <ba...@hawaii.edu> ::: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum descendus pantorum

[Al Faller]

I had the same issue.  Looks like in the early days of 7.0 there was an issue in the log4j2.xml.  You need to change the name of the Logger (remove the audit.support portion of the name):

        <Logger name="org.apereo.inspektr" additivity="false" level="info">

            <AppenderRef ref="casConsole"/>
            <AppenderRef ref="casFile"/>
            <AppenderRef ref="casAudit"/>
        </Logger>

[Baron Fujimoto]

Ah, that was it. Mahalo nui loa!

I notice that now the audit timestamps appear to be in UTC (whereas previously it reported using our local TZ). does anyone know where/how we can set this to use our local TZ again? The rest of the logs already use the local TZ for timestamps.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d5dd513-db8c-418c-882d-5f5fea62a4adn%40apereo.org.

[Baron Fujimoto]

Just to close the loop on this in case anyone else has the same question: we've been informed that the use of UTC/Z TZ here is hardcoded now, and there is no way to configure this alternatively without modifying the code. Personally, I find this inconvenient and unfortunate, and wish it were otherwise, but...

[artur mis]

I seems that  cas.audit.engine.enabled: true (v7.1.0  is default so you don't need to set to true.