Syslog configuration is definitely something to investigate. We configured our CAS instances to log to syslog, which forwards on to a Fluentd/Kibana[1] installation for visualization. We defined a few custom queries to find "AUTHENTICATION_SUCCESS" and "AUTHENTICATION_FAILED" messages, so now we have pretty graphs[2] to keep track of which nodes and users are failing authentication.
[1] http://docs.fluentd.org/articles/free-alternative-to-splunk-by-fluentd [2] http://webspace.ship.edu/bemosior/CAS/kibana_cas.png -Ben From: Rex Roof [mailto:[email protected]] Sent: Wednesday, February 26, 2014 9:02 AM To: [email protected] Cc: Riccardo Mura Subject: Re: [cas-user] How to get unsuccessful login information would it be possible to have it log via syslog? then you could redirect it to another server. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
