Versions Compared

Old Version 12

changes.mady.by.user ndk@internet2.edu

Saved on

compared with

New Version 13

changes.mady.by.user ndk@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added information about syslog central point of failure, plagiarizing from Dave Langenberg of UChicago

...

Code Block
xml
1Example Configuration Logging to Remote Syslog Server
xml
<appender name="IDP_SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
   <SyslogHost>syslog.example.org</SyslogHost>
   <Port>514</Port>
   <Facility>AUTH</Facility>
   <SuffixPattern>[%logger:%line] %msg</SuffixPattern>
</appender>

<!-- add syslog appender at root logger level -->
<root>
   <appender-ref ref="IDP_SYSLOG" />
</root>
root> 

This doesn't introduce a single point of failure because syslog is a send-and-forget protocol over UDP, so if a log message is never recorded on the central log server for some reason, the IdP will not be aware of this failure.  For this reason, it can be wise to still log locally in addition to centrally with prudent rotation policies.

Logging Behind a Reverse Proxy

...