WORKERS AHEAD!
You are viewing the development documentation for the Apereo CAS server. The functionality presented here is not officially released yet. This is a work in progress and will be continually updated as development moves forward. You are most encouraged to test the changes presented.
SysLog Logging
CAS logging framework does have the ability to route messages to an external
syslog instance. To configure this,
you first to configure the SysLogAppender and then specify which
messages needs to be routed over to this instance:
1
2
3
4
5
6
7
8
9
10
11
12
13
...
<Appenders>
<Syslog name="SYSLOG" format="RFC5424" host="localhost" port="8514"
protocol="TCP" appName="MyApp" includeMDC="true" mdcId="mdc"
facility="LOCAL0" enterpriseNumber="18060" newLine="true"
messageId="Audit" id="App"/>
</Appenders>
...
<Logger name="org.apereo" additivity="true" level="debug">
<appender-ref ref="cas" />
<appender-ref ref="SYSLOG" />
</Logger>
Pay AttentionMapped Diagnostic Context (
MDC) may contain the
password. Setting includeMDC=true sends clear password as a variable to SysLog.
You can also configure the remote destination output over SSL and specify the related keystore configuration:
1
2
3
4
5
6
7
8
9
10
11
12
...
<Appenders>
<TLSSyslog name="bsd" host="localhost" port="6514">
<SSL>
<KeyStore location="log4j2-keystore.jks" password="changeme"/>
<TrustStore location="truststore.jks" password="changeme"/>
</SSL>
</TLSSyslog>
</Appenders>
...