Remove principal from audit logs

Jeremiah Garmatter

unread,

Jul 22, 2024, 11:38:22 AM (3 days ago) Jul 22

to CAS Community

Is it possible to remove the user's principal from audit logs in CAS 7?

I resolve all relevant user attributes with the principal instead of using a separate LDAP connection. It seems like SAML2 authentications want to print every resolved attribute in the principal and it really clutters the logs. Anyone know of a way to remove principal attributes from the log files? I would like to keep the logs intact, just remove the principal field if possible.

Here's an example of one of these auth attempts:

2024-07-22 09:15:37,387 INFO [org.apereo.inspektr.audit.AuditTrailManager] - 2024-07-22T13:15:37.386909125!my-username!{result=Service Access Granted, principal=SimplePrincipal(id=my-username, attributes={cn=[my cn], department=[Office of Information Technology], displayName=[my name], duoAud=[some code], duoAuthCtxAccessDeviceIp=[an IP], duoAuthCtxAccessDeviceLocationCity=[my locality], duoAuthCtxAccessDeviceLocationCountry=[United States], duoAuthCtxAccessDeviceLocationState=[my state], duoAuthCtxApplicationName=[CAS - DUO Universal], duoAuthCtxAuthDeviceHostname=[a phone number], duoAuthCtxAuthDeviceIp=[an ip], duoAuthCtxAuthDeviceLocationCity=[a location], duoAuthCtxAuthDeviceLocationCountry=[United States], duoAuthCtxAuthDeviceLocationState=[a state], duoAuthCtxEventType=[authentication], duoAuthCtxFactor=[duo_push], duoAuthCtxReason=[user_approved], duoAuthCtxResult=[success], duoAuthCtxTimestamp=[1721653942], duoAuthCtxTxId=[an id], duoAuthCtxUserKey=[a key], duoAuthResult=[allow], duoAuthResultStatus=[allow], duoAuthResultStatusMessage=[Login Successful], duoAuthTime=[1721653942], duoExp=[1721657542], duoIat=[a number], duoIss=[a duo endpoint], duoPreferredUsername=[a username], duoSub=[a username], eduPersonNickName=[name], EmailAddress=[an email], givenName=[a name], memberOf=[A very long list of groups], organizationalunit=[Office of Information Technology], pwdLastSet=[data], schoolName=[data], schoolNumber=[data], sn=[surname], telephoneNumber=[a phone number], title=[a title], UDC_IDENTIFIER=[a value], uid=[username], username=[a username], userType=[data]}), service=my-service, requiredAttributes={}}!SERVICE_ACCESS_ENFORCEMENT_TRIGGERED!192.168.95.246!my server IP!

Ray Bon

unread,

Jul 22, 2024, 10:56:27 PM (3 days ago) Jul 22

to cas-...@apereo.org

Jeremiah,

You can add a filter to the Logger

https://logging.apache.org/log4j/2.x/manual/filters.html

</Logger>

Ray

From: cas-...@apereo.org <cas-...@apereo.org> on behalf of Jeremiah Garmatter <j-gar...@onu.edu>
Sent: 22 July 2024 06:45
To: CAS Community <cas-...@apereo.org>
Subject: [cas-user] Remove principal from audit logs

--
- Website: https://apereo.github.io/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6983a4e7-b724-48fb-a9fb-15028c95507bn%40apereo.org.

Jeremiah Garmatter

unread,

Jul 23, 2024, 12:41:28 PM (2 days ago) Jul 23

to CAS Community, Ray Bon

Thanks Ray,

As usual, you always have helpful advice.

Log4j filters remove the entire log entry, which I would've preferred to keep merely without the principal, but it doesn't make much difference for my use case. I was able to remove the line from the audit log only so if we want to see that info we can pull it from the cas log still. Here's what I ended up changing in log4j2.xml:

Reply all

Reply to author

Forward