wiki:Software/Configuration/SystemShibOneIdp
Last modified 8 years ago Last modified on 05/27/11 11:57:03

How To: Monitor logs on a Shibboleth v1.3 IdP

Information for Raptor is extracted from the Shibboleth 1.3 access log file (as opposed to the Shibboleth 2.x audit log file). Shibboleth 1.3 access log files have a different format than Shibboleth 2.x IdP audit log files and hence need a different parsing configuration. To enable parsing of Shibboleth 1.3 log files the following XML fragment should be uncommented in the <raptor-ica-install>/conf/event-parse.xml file.

<bean id="shib13Proxy" class="uk.ac.cardiff.raptor.parse.external.file.LogFileParser">
	       <property name="entryHandler"><ref bean="memoryEntryHandler"></ref></property>
		<property name="logfile">
			<value>file:///opt/shibboleth-idp/logs/shib-access.log
			</value>
		</property>
		<property name="format">
			<ref bean="shib13IDPAccessFileFormat" />
		</property>
		<property name="eventType">
			<value>uk.ac.cardiff.model.event.ShibbolethIdpAuthenticationEvent</value>
		</property>
                 <property name="LineFilterEngine">
                        <bean class="uk.ac.cardiff.raptor.parse.external.file.format.LineFilterEngine">
                             <property name="includeLineFilters">
                               <list>
                                    <bean class="uk.ac.cardiff.raptor.parse.external.file.format.ContainsLineFilter">
                                        <property name="includeIfContains"><value>Authentication assertion</value>
                                        </property>
                                   </bean>
                                </list>
                              </property>                              
                        </bean>                       
                  </property>
</bean>

The Shibboleth 2.x configuration should then be commented out e.g.

<!--<bean id="shibbolethAuditLFP" class="uk.ac.cardiff.raptor.parse.external.file.LogFileParser">
	...
</bean>-->

The log file path can then be changed, if necessary, by changing the <property name="logfile"> property.