21.7. LinOTP server log file¶
The LinOTP server log file is usually located at /var/log/linotp/linotp.log and is controlled by the settings in /etc/linotp2/linotp.ini. In the INI file you can configure the log level. A sensible setting can be:
[logger_root]
level=INFO
[logger_linotp]
level=INFO
[logger_sqlalchemy]
level=WARN
[handler_file]
level=INFO
There are the following log levels available:
- DEBUG
- for excessive debug out.
- INFO
- only a top level view of the things are logged in the INFO log level. This can be successful authentication of users or also the information of changing the configuration of the LinOTP server by administrators. You may think of the INFO log level as some kind of auditing.
- WARNING
- the WARNING log level contains information where something went wrong, but which is no malfunction of the server. For example the failing of authenticating a user triggers a WARNING log entry.
- ERROR
- events that indicate that something is wrong with your LinOTP server, maybe some misconfiguration trigger an ERROR log entry.
- CRITICAL
- not used at the moment.
In the following line the user “tester” failed to authenticate. The event is marked as a WARNI(NG).:
2010/12/01 - 14:57:44,074 WARNI [linotp.lib.token] [checkUserPass] user tester@ failed to authenticate.
The following line illustrates the successful authentication of the user “tester”. In this case an INFO event is written to the log file.:
2010/12/01 - 14:57:57,935 INFO [linotp.lib.token] [checkUserPass] user tester@ successfully authenticated.
21.7.1. Special logging configuration¶
LinOTP uses the logging mechanism of the Pylons framework. You may read more about it here1. The logging mechanism is quite flexible. So you might log especially ERROR events to a different file or you might change the log level to DEBUG only for a certain LinOTP module, while all other modules are logging in the INFO log level.
You may log to the system event log or to TCP sockets or SMTP.
The following example adds a logger section onlylibs. The qualname defines the module, in this case linotp.lib.token. Thus only the token-module of LinOTP will write log entries in the DEBUG level. All other modules will write their log entries in the INFO level. Additionally these lib.token-Log entries are written to an additional file defined in the handler_file2 section. Thus you could use one log file that only contains INFO log entries for auditing that will be rotated only once a year and you can keep a DEBUG log file, that can be rotated every week or every day.:
[loggers]
keys = root, linotp, sqlalchemy , onlylibs
[logger_root]
level = INFO
handlers = file
[logger_linotp]
level = INFO
handlers = file
qualname = linotp
[logger_onlylibs]
level = DEBUG
handlers = file2
qualname = linotp.lib.token
[handlers]
keys = file, file2
[handler_file]
class = handlers.RotatingFileHandler
args = ('/var/log/linotp/linotp.log','a', 10000000, 4)
level = INFO
formatter = generic
[handler_file2]
class = handlers.RotatingFileHandler
args = ('/var/log/linotp/linotp-libs.log','a', 10000000, 4)
level = DEBUG
formatter = generic
[formatters]
keys = generic
[formatter_generic]
format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
datefmt = %Y/%m/%d - %H:%M:%S