Adding login attempt logging

1 files changed, 21 insertions, 0 deletions

diff --git a/idp/templates/config/logback.xml b/idp/templates/config/logback.xml
index 26e5ef0..1d7a29d 100644
--- a/idp/templates/config/logback.xml
+++ b/idp/templates/config/logback.xml
@@ -61,6 +61,7 @@
     <logger name="org.eclipse.jetty" level="${idp.loglevel.container:-ERROR}"/>
 
 
+
     <!-- =========================================================== -->
     <!-- ============== Low Level Details or Changes =============== -->
     <!-- =========================================================== -->
@@ -128,6 +129,26 @@
         </filter>
     </appender>
     
+
+    <!-- Login attempts -->
+    <appender name="IDP_LOGIN_ATTEMPTS" class="ch.qos.logback.core.rolling.RollingFileAppender">
+      <!-- send directly to syslog? -->
+      <File>${idp.logfiles}/idp-login-attempts.log</File>
+
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>${idp.logfiles}/idp-login-attempts-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+            <maxHistory>${idp.loghistory:-180}</maxHistory>
+        </rollingPolicy>
+
+        <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <charset>UTF-8</charset>
+            <Pattern>%date{ISO8601} - %X{idp.remote_addr} - %msg%n</Pattern>
+        </encoder>
+    </appender>
+    <logger name="net.shibboleth.idp.authn.impl" level="INFO">
+      <appender-ref ref="IDP_LOGIN_ATTEMPTS" />
+    </logger>
+    
     <!-- Audit log. -->
     <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
         <File>${idp.logfiles}/idp-audit.log</File>