miniOrange OnPremise Identity Server allows you to send logs and events to any Security Information and Event Management (SIEM) Tool like Splunk. This section describes an approach by modifying your log4j2.xml file.

Pre-Requisites

We recommend changing the log level to error-level messages. When log levels are down to a minimum, the server generates large amounts of information in an active production environment. As an alternative, you can set the log level to ERROR and higher so that only important logs are logged. This ensures only important information is sent over to your SIEM tool.

You can even set up a specific log to log only ERROR and higher by modifying the log4j2.xml file.

Configuration Steps

• Add an appender. The easiest way is to copy the one below.

• Paste the appender in the appenders section as shown below. Make sure to replace <ip-address> with your SIEM IP Address.

• Restart the server.