docs: update logging configuration documentation

[ossdhaval]

Prepare

• Read PR guidelines
• Read license information

---

Description

Target issue

closes #issue-number-here

Implementation Details

---

Test and Document the changes

• Static code analysis has been run locally and issues have been fixed
• Relevant unit and integration tests have been added/updated
• Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

[dryrunsecurity]

Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.

DryRun Security	Status	Findings
Server-Side Request Forgery Analyzer	✅	0 findings
Configured Codepaths Analyzer	✅	0 findings
Secrets Analyzer	✅	0 findings
Authn/Authz Analyzer	✅	0 findings
SQL Injection Analyzer	✅	0 findings
Sensitive Files Analyzer	✅	0 findings
IDOR Analyzer	✅	0 findings

Note

🟢 Risk threshold not exceeded.

Change Summary (click to expand)

The following is a summary of changes in this pull request made by me, your security buddy 🤖. Note that this summary is auto-generated and not meant to be a definitive list of security issues but rather a helpful summary from a security perspective.

Summary:

The code changes in this pull request focus on the logging configuration for the Janssen Authorization Server (jans-auth) module. The key highlights are:

1. Logging is managed at the individual module level in Janssen, allowing for fine-grained control over the logging settings.
2. The code provides detailed guidance on how to configure logging for the jans-auth module using the command-line interface (CLI), text-based user interface (TUI), and the REST API.
3. The logging configuration includes settings such as logging level, logging layout, HTTP logging, JDK logger disabling, OAuth audit logging, and external logger configuration.
4. From a security perspective, the ability to control the logging level and enable OAuth audit logging are noteworthy features that can help with monitoring and auditing of the authentication and authorization processes.
5. The code also mentions the ability to configure an external logger, which could be useful for integrating with centralized logging solutions and improving log management and analysis.

Files Changed:

• docs/admin/config-guide/logging-configuration.md: This file contains the documentation for the logging configuration of the Janssen Authorization Server (jans-auth) module. The changes provide detailed guidance on how to configure the various logging settings, including security-relevant aspects such as controlling the logging level and enabling OAuth audit logging.

Powered by DryRun Security