Logs

Apache logging

By default, LemonLDAP::NG uses Apache logs to store user actions and other messages:

Error log: all messages emitted by the program, depending on the configured log level
Access log: the issuer of each request is identified

The log level can be set with Apache LogLevel parameter. It can be configured globally, or inside a virtual host.

See http://httpd.apache.org/docs/current/mod/core.html#loglevel for more information.

To configure the user identifier in access log, go in Manager, General Parameters > Logging > REMOTE_USER.

You can also hide sensitive values in logs (session content can be displayed in logs in debug loglevel). Go in Manager, General Parameters > Logging > Hidden attributes and set a list of attributes to hide (space separated).

Syslog

LemonLDAP::NG can also use syslog (only for user actions).

In Manager, set syslog facility in General Parameters > Logging > Syslog facility.

The messages are stored with the levels :

info for user actions
notice for good authentications or external exchange (SAML, OpenID,...)
warn for failed authentications

Override logging functions

You can customize logs by redefining userNotice() and userError() methods, directly in lemonldap-ng.ini

Example:

[portal]
userError = sub { my ($self, $message) = @_; ... }
userNotice = sub { my ($self, $message) = @_; ... }

Table of Contents

Logs

Apache logging

Syslog

Override logging functions