Logging of security failures

[bohdanszymanik]

Background on the problem the feature will solve/improved user experience

When creating a security configuration eg by modifying the default security-schema/command-access-control/user.registry xml files, it's difficult to understand why access is sometimes allowed versus not allowed.

It would be useful to have some logging facility in the analyze-containers server that could be turned on to give more explanation of why access is granted or not granted.

[bohdanszymanik]

OK, I've noticed that i2 Analyze supports log4j logging through the config/server.json file where you can do like the following: {.... }, "log": { ... } Using this we can see authorisation failures in the log eg WARN ... com.i2group.disco.catalogservice.internal.CatalogResourceDelegate - com.i2group.disco.common.exception.ForbiddenAccessException: The user has no access levels associated with any of the values in the following dimensions: [...]

The question I have is how do we configure the same logging in Analyze-Containers?

[Anthony-Johnson-i2]

Hi @bohdanszymanik

In i2 Analyze we actually have a specific configuration file for the Log4j logging that defines where and what we log. In the non containerized deployments this can be found in the toolkit here :

There is an equivalent file in the configuration folder used by analyze-containers.

This tech note relates to a standard analyze deployment but the addition to the xml config file for log4J should work in your scenario as well.

https://support.i2group.com/s/article/2802

Cheers

[bohdanszymanik]

Great - that's what I needed. Got my logging going now.

[Anthony-Johnson-i2]

Excellent news, thanks for letting us know.