Documenting the kerberos KDC log file format
Benjamin Kaduk
kaduk at mit.edu
Tue Jan 31 17:13:10 EST 2017
On Tue, Jan 31, 2017 at 12:44:20AM -0600, Benjamin Kaduk wrote:
> On Mon, Jan 30, 2017 at 11:01:46PM -0700, Todd Grayson wrote:
> > Has anyone seen a good writeup of the krb5kdc.log file output format? For
> > the types of log file output statements that it writes out. So for example
> > the AS_REQ and TGS_REQ and follow up "closing down" lines representing a
> > full connection span.
> >
> > More specifically does anyone have any content or pointers to constructing
> > good parsers for turning this log data into record data? Parser tools for
> > the default MIT KDC log format?
>
> Unfortunately, the idea of a unified format was not in mind when things
> were originally written, so a programmatic parse will be somewhat difficult.
> We've tried to be more careful with more recent additions, but feel rather
> constrained to not change the historical behavior and break existing
> log-parsing scripts.
>
> Maybe someone else on the list has some prior art that you could start
> from, though.
I guess I should also note that if you are starting from a clean-slate,
there is a more programmatic interface available to this sort of KDC log
data via the experimental audit plugin framework
(http://k5wiki.kerberos.org/wiki/Projects/Audit) where you could write
code to have a loadable module that can log in whatever format you want.
The project is considered "experimental" in that the interface is not guaranteed
to remain stable across releases. But maybe it is useful for your situation.
-Ben
More information about the Kerberos
mailing list