Remote Publishing Logs with WSO2 Identity Server

In this piece, we will explore how to publish the WSO2 Identity Server logs to a remote http server. Here, I’ll be using the latest Identity Server distribution, IS-6.0.0.

For this tutorial, I have set up a simple http server using Kotlin. You can clone the sample boilerplate from the repository below and try it out.

GitHub - chamathns/remote-publishing

git clone https://github.com/chamathns/remote-publishing.git

This is configured to have one endpoint, “/api/logs/consume”, which accepts “text/plain” media. The server will print out the text media it recieves to the console out.

To start the server, run:

cd remote-publishing
mvn spring-boot:run

By default, the server would start on the localhost:8080 port.

Now, our http server is ready to accept incoming requests.

Next, let’s configure the WSO2 Identity Server distribution. For this tutorial, I’m going to configure the audit logs to be published to our remote server. This can be extended to any other log type you want to publish as well.

First, navigate to IS_HOME/repository/conf directory and open the log4j2.properties file.

There, you’ll see that we already have an appender for Audit Logs.

Here, we want to replace the appender properties with the following configuration:

appender.AUDIT_LOGFILE.type = http
appender.AUDIT_LOGFILE.name = AUDIT_LOGFILE
appender.AUDIT_LOGFILE.layout.type = PatternLayout
appender.AUDIT_LOGFILE.layout.pattern = TID: [%tenantId] [%d] [%X{Correlation-ID}] %5p {%c} - %mm%x%n
appender.AUDIT_LOGFILE.url = http://localhost:8080/api/logs/consume
appender.AUDIT_LOGFILE.connectTimeoutMillis = 2000
appender.AUDIT_LOGFILE.filter.threshold.type = ThresholdFilter
appender.AUDIT_LOGFILE.filter.threshold.level = INFO

We are changing the appender type to http in order to use the HTTPAppender provided by the log4j2 library.

The other notable property is :

appender.AUDIT_LOGFILE.url = http://localhost:8080/api/logs/consume

This specifies the remote server URL where the logs would be appended to.

After we have done the above, we can save the log4j2.properties file.

Next, restart the server for the changes to take affect.

To test the configuration, simply log in to the management console and list the users. This will populate a few audit logs. If the configuration is successful, you should see the audit logs published on the http server console.

That’s it for this tutorial. If you are interested in watching a video demonstration of the content of this article, you can find the recording below.

Thanks :)