go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-11-29 22:48:19 +02:00
Code Issues Releases Activity

Add exclude logging path option

Browse Source 
Useful for excluding /ping endpoint to reduce log volume.
This is somewhat more verbose than a simple bool to disable logging of
the `/ping` endpoint.

Perhaps better to add `-silence-ping-logging` bool flag to `options.go` and
pass in the `/ping` endpoint as part of `logger` declaration in `options.go`.

Could be extended into a slice of paths similar to go-gin's `SkipPaths`:
https://github.com/gin-gonic/gin/blob/master/logger.go#L46
This commit is contained in:
Karl Skewes
2019-06-02 14:36:54 +12:00
parent ec97000169
commit c4f20fff3d
5 changed files with 30 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/configuration/configuration.md
View File

@@ -42,6 +42,7 @@ Usage of oauth2_proxy:
-display-htpasswd-form: display username / password login form if an htpasswd file is provided (default true)
-email-domain value: authenticate emails with the specified domain (may be given multiple times). Use * to authenticate any email
-extra-jwt-issuers: if -skip-jwt-bearer-tokens is set, a list of extra JWT issuer=audience pairs (where the issuer URL has a .well-known/openid-configuration or a .well-known/jwks.json)
-exclude-logging-path: don't log requests to this path, eg: /ping (default "" = no paths excluded)
-flush-interval: period between flushing response buffers when streaming responses (default "1s")
-banner string: custom banner string. Use "-" to disable default banner.
-footer string: custom footer string. Use "-" to disable default footer.
@@ -90,7 +91,6 @@ Usage of oauth2_proxy:
-set-xauthrequest: set X-Auth-Request-User and X-Auth-Request-Email response headers (useful in Nginx auth_request mode)
-set-authorization-header: set Authorization Bearer response header (useful in Nginx auth_request mode)
-signature-key string: GAP-Signature request signature key (algorithm:secretkey)
-silence-ping-logging bool: disable logging of requests to ping endpoint (default false)
-skip-auth-preflight: will skip authentication for OPTIONS requests
-skip-auth-regex value: bypass authentication for requests path's that match (may be given multiple times)
-skip-jwt-bearer-tokens: will skip requests that have verified JWT bearer tokens
@@ -140,7 +140,7 @@ There are three different types of logging: standard, authentication, and HTTP r
Each type of logging has their own configurable format and variables. By default these formats are similar to the Apache Combined Log.
Logging of requests to the `/ping` endpoint can be disabled with `-silence-ping-logging` reducing log volume.
A specific path can be excluded from request logs by setting `-exclude-logging-path`. This is useful for disabling logging of requests to the `/ping` endpoint to reduce log volume when health checking `oauth2_proxy`.
### Auth Log Format
Authentication logs are logs which are guaranteed to contain a username or email address of a user attempting to authenticate. These logs are output by default in the below format: