Documenting the kerberos KDC log file format
Todd Grayson
tgrayson at cloudera.com
Tue Jan 31 02:00:22 EST 2017
Yeah I'm looking for the REQ layout, the other message types are variable
to the point where they are being filtered out (altho I pause dropping FD
closing down messages...)
so something like the following, note authtime field is a mystery (or
something is really really broken in the logs I'm looking at) its not
clear if ISSUE is variable, I see only the same output but that might not
cover error conditions...
[date] [time] [kdc fqdn?] [process-name][[pid]]([level]): [REQ-TYPE of
AS_REQ or TGS_REQ] ([enc-types output]}) [REQ-IP] [??ISSUE:??] authtime
[auth time in? epoc time? what is this], etypes [selected enctypes across
rep,tkt and ses]}, [requesting_principal] for [requested_principal]
If anything in the future keeping the default log format but allowing a log
file format expression string for defining custom output format for
request/response entries would be interesting
On Mon, Jan 30, 2017 at 11:44 PM, Benjamin Kaduk <kaduk at mit.edu> wrote:
> On Mon, Jan 30, 2017 at 11:01:46PM -0700, Todd Grayson wrote:
> > Has anyone seen a good writeup of the krb5kdc.log file output format?
> For
> > the types of log file output statements that it writes out. So for
> example
> > the AS_REQ and TGS_REQ and follow up "closing down" lines representing a
> > full connection span.
> >
> > More specifically does anyone have any content or pointers to
> constructing
> > good parsers for turning this log data into record data? Parser tools
> for
> > the default MIT KDC log format?
>
> Unfortunately, the idea of a unified format was not in mind when things
> were originally written, so a programmatic parse will be somewhat
> difficult.
> We've tried to be more careful with more recent additions, but feel rather
> constrained to not change the historical behavior and break existing
> log-parsing scripts.
>
> Maybe someone else on the list has some prior art that you could start
> from, though.
>
> -Ben
>
--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
More information about the Kerberos
mailing list