Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
documentation:2.1:logs [2019/08/21 22:00]
cmaudoux [Logs]
documentation:2.1:logs [2019/10/03 17:15] (current)
coudot
Line 1: Line 1:
 ====== Logs ====== ====== Logs ======
  
-**REMOTE_USER** : session attribute used for logging user access.  +===== Presentation =====
- +
-**REMOTE_CUSTOM** : can be used for logging a second user attribute (optionnal) +
- +
-**Hidden attributes** : session attributes never displayed or sent+
  
 +Main settings:
 +  * **REMOTE_USER** : session attribute used for logging user access.
 +  * **REMOTE_CUSTOM** : can be used for logging a second user attribute (optional)
 +  * **Hidden attributes** : session attributes never displayed or sent
  
 LemonLDAP::​NG provides 5 levels of error and has two kind of logs: LemonLDAP::​NG provides 5 levels of error and has two kind of logs:
Line 33: Line 33:
  
 Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, ''​General Parameters''​ > ''​Logging''​ > ''​REMOTE_USER''​. Therefore, LLNG provides a username that can be used by webservers in their access log. To configure the user identifier to write into access logs, go into Manager, ''​General Parameters''​ > ''​Logging''​ > ''​REMOTE_USER''​.
 +
 +===== User log samples =====
 +
 +Authentication:​
 +<​file>​
 +[notice] Session granted for clement.oudot by LDAP (81.20.13.21)
 +[notice] User clement.oudot.com successfully authenticated at level 2
 +[notice] clement.oudot connected
 +</​file>​
 +
 +Logout:
 +<​file>​
 +[notice] User clement.oudot has been disconnected from LDAP (81.20.13.21)
 +</​file>​
 +
 +Access to an SAML SP:
 +<​file>​
 +[notice] User clement.oudot is authorized to access to sp-example-entityid
 +[notice] SAML authentication response sent to SAML SP sp-example for clement.oudot
 +</​file>​
 +
 +Access to an OIDC RP:
 +<​file>​
 +[notice] User clement.oudot is authorized to access to rp-example
 +</​file>​
  
 ===== Default loggers ===== ===== Default loggers =====