3.106. <AuthLog SQL>

The clause indicates to log authentication successes and failures to an SQL database. You can define as many <AuthLog SQL> clauses as you wish at the top level or within Realm or Handler clauses. Each clause can specify different logging conditions and a different log database.
<AuthLog SQL> supports the same parameters as all <AuthBy xxxxxx>. For more information, see Section 3.104. <AuthLog xxxxxx>. It supports also all the common SQL configuration parameters. For more information about the SQL configuration parameters, see Section 3.8. SQL configuration.

3.106.1. SuccessQuery

This optional parameter specifies the SQL query that will be used to log authentication successes if LogSuccess is enabled (LogSuccess is not enabled by default). There is no default. If SuccessQuery is not defined (which is the default), no logging of authentication successes will occur. In the query, special formatting characters are permitted:
  • %0 is replaced with the message severity level.
  • %1 is replaced with the quoted reason message (which is usually empty for successes).
  • %2 is replaced with the SQL quoted User-Name.
  • %3 is replaced with the SQL quoted decoded plaintext password (if any).
  • %4 is replaced with the SQL quoted original user name from the incoming request (before any RewriteUsername rules were applied)
  • %5 is replaced with tracing identifier.

3.106.2. SuccessQueryParam

This optional parameter specifies a bind variable to be used with SuccessQuery. For more information, see Section 3.8.1. SQL bind variables.

3.106.3. FailureQuery

This optional parameter specifies the SQL query that is used to log authentication failures if LogFailure is enabled (LogFailure is enabled by default). There is no default. If FailureQuery is not defined (which is the default), no logging of authentication failures occur. In the query, special formatting characters are permitted.
  • %0 is replaced with the message severity level.
  • %1 is replaced with the quoted reason message.
  • %2 is replaced with the SQL quoted User-Name.
  • %3 is replaced with the SQL quoted decoded plaintext password (if any).
  • %4 is replaced with the SQL quoted original user name from the incoming request (before any RewriteUsername rules were applied)
  • %5 is replaced with tracing identifier.

3.106.4. FailureQueryParam

This optional parameter specifies a bind variable to be used with FailureQuery. For more information, see Section 3.8.1. SQL bind variables.

3.106.5. IgnoreQuery

This optional string specifies the SQL query that is used to log ignored authentication attempts if LogIgnore is enabled. LogIgnore is not enabled by default. IgnoreQuery has no default value. If it is not defined, authentication ignores are not logged. In the query, special formatting characters are permitted:
  • %0 is replaced with the message severity level.
  • %1 is replaced with the quoted reason message (which is usually empty for successes).
  • %2 is replaced with the SQL quoted User-Name.
  • %3 is replaced with the SQL quoted decoded plaintext password (if any).
  • %4 is replaced with the SQL quoted original user name from the incoming request (before any RewriteUsername rules were applied)

3.106.6. IgnoreQueryParam

This optional stringarray parameter specifies a bind variables to be used with IgnoreQuery. For more information on bind variables, see Section 3.8.1. SQL bind variables.
If you specify one or more IgnoreQueryParams, they are used in order to replace parameters named with a question mark in IgnoreQuery. The query is cached by the SQL server for future reuse. Only the first QueryCacheSize queries are cached.