Section 3.104. <AuthLog xxxxxx>

3.104. <AuthLog xxxxxx>

This module marks the beginning of an AuthLog clause, which defines how to log authentication failures and successes. The xxxxxx is the name of a specific AuthLog module. This section lists the parameters all AuthLogs use. AuthLogs can also use other parameters that are specific for that AuthLog. AuthLog clauses can be defined at the top level or within a Realm or Handler clause.

You can have more than one AuthLog clause for a Realm or Handler. This makes the Realm or Handler log to each AuthLog method in turn.

3.104.1. Identifier

This parameter specifies an optional symbolic name that can be used to refer to the logger from somewhere else:

<AuthLog FILE>
      Identifier logger1
      ...
</AuthLog>
<Handler>
      AuthLog logger1
      ...
</Handler>

3.104.2. LogSuccess

This parameter indicates whether authentication successes are to be logged. They are not logged by default.

Here is an example of using LogSuccess:

# Change success logging to be on
LogSuccess 1

3.104.3. LogFailure

This parameter indicates whether authentication failures are to be logged. They are logged by default.

Here is an example of using LogFailure:

# Change failure logging to be off
LogFailure 0

3.104.4. LogIgnore

This is a flag parameter. When it is set, ignored authentication attempts are logged. An authentication is typically ignored when the user database fails or Radiator cannot return an accept or reject for some other reason. Proxied requests that return an immediate ignore are not logged because a reply with the final result is expected later.

LogIgnore is not set by default.