How to disable Apereo CAS audit log

Question

I'm using Apereo CAS 5.3.x and I don't need audit log like below in my log file.(For Security reasons)

WHO: org.apereo.cas.support.oauth.authentication.principal.OAuthCredentials@6cd7c975
WHAT: supplied credentials: org.apereo.cas.support.oauth.authentication.principal.OAuthCredentials@6cd7c975
ACTION: AUTHENTICATION_SUCCESS
APPLICATION: CAS
WHEN: Mon Aug 26 12:35:59 IST 2013
CLIENT IP ADDRESS: 172.16.5.181
SERVER IP ADDRESS: 192.168.200.22

I tried to search CAS documentation and got some properties but seems none of them are suitable.

score 2 · Accepted Answer · answered Jul 21 '20 at 15:49

While there is no property available for 5.3.x to enable/disable audits, you can simply turn off audit logs via the logging configuration, as the very same page you pointed out shows how that can be done via Slf4j logging that controls log files. Find your log4j2.xml file and adjust as:

<AsyncLogger name="org.apereo.inspektr.audit.support" level="info">
    <!-- Route the audit data ... -->
</AsyncLogger>

A simple strategy would be to set info to off. Starting with CAS 6.1.x, you can use cas.audit.enabled=false

I tried to search CAS documentation and got some properties but seems none of them are suitable.

The documentation you point to is for CAS 5.1.x, as evidenced in the URL for 5.1.x, and at the very top of the page and almost every page in the documentation:

The correct link for future reference, is this.

How to disable Apereo CAS audit log

1 Answers1