There's not really a supported way to modify the FusionAuth logging format.

In theory you could do it manually but dropping in your own version of logback.xml and adding the necessary jars to the classpath.

Here is an example of JSON with logback. https://github.com/larose/logback-json-example

I think you’d have to add in the JSON logback jar since we do not ship with it.

We use logback.

As of version 1.19.0, here is the logging pattern: <pattern>%d{"yyyy-MM-dd h:mm:ss.SSS a"} %-5level %logger{75} - %msg%n</pattern>

Older versions, prior to 1.19.0, use this pattern <pattern>%d{"MMM dd, yyyy h:mm:ss.SSS a"} %-5level %logger{75} - %msg%n</pattern>.

Head over to the admin, and click tenants.

There you will find your default tenant. edit that to change your password strength etc.

(You can also do that for multiple tenants if you have them or via the Tenants API.)

Seems like the library I used is opinionated. Thanks for the hints.

@vrademacher ah, great, that wasn't clear to me!

Then while the forum and community support might be able to help, I'd recommend filing a support ticket by logging into account.fusionauth.io and going to the support tab.

Feel free to reference this forum post if you'd like.

If you'd like to continue to debug this issue here, can you please give me a bit more info?

It'd be great to know:

the version of fusionauth where you are encountering the issue the login flow (login api, oauth authorization code grant, etc) the browser the customer is using anything unique about the customer as opposed to other customers that are not having this issue

Yes. While OAuth2 access tokens aren't guaranteed by the spec to be JSON web tokens, in FusionAuth access tokens are always JWTs.

@robotdan Also, it was actually me who opened the mentioned issue. 😅

yeah, pretty simple really, if you want to try it yourself before my tutorial is out, try using the hasura cloud + Auth0 tutorial on Hasura's site, and use the lessons from that to use it with fusionauth.

Yes, it's the fusionauth application id, defined here: https://github.com/FusionAuth/fusionauth-java-client/blob/master/src/main/java/io/fusionauth/domain/Application.java

Awesome. Just wanted to make sure you weren't expecting to be able to encrypt anything in the browser and keep it secret 🙂 .

If you need to keep everything in sync between your dev, staging and production systems, I believe the best way to accomplish that is to create the key-pair outside of FusionAuth and use the “Import RSA key pair” functionality.

If you are using the UI, you can find that under "Settings -> Key master". The button in the upper right hand corner lets you select between the different options:

Screen Shot 2020-09-24 at 1.48.38 PM.png

You can of course also use the API to import the keys: https://fusionauth.io/docs/v1/tech/apis/keys

Thanks @sjswami , this duplicate ids issue is now resolved in 1.19.7. Appreciate you letting us know about it: https://github.com/FusionAuth/fusionauth-issues/issues/890

@tom-hynard if you update to 1.19.7, this bug should be fixed: https://github.com/FusionAuth/fusionauth-issues/issues/880

We don't have any IIS guides for a proxy, but this guide looks like it would work: https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/reverse-proxy-with-url-rewrite-v2-and-application-request-routing

The key is that version 1.19.x of FusionAuth is completely stateless so the proxy can round-robin and no session pinning is required. If you are using a version of FusionAuth before 1.19, you'll need to pin your session to ensure that you can log into the administrative interface.

@dan Thanks for your reply

What version of mysql are you running?

You might want to check the section on mysql and unicode here as that has caused problems for others: https://fusionauth.io/community/forum/topic/243/installation-problem/15

Hiya,

This JWT is valid because the JWT is not expired. You can't revoke a JWT by logging out because they are stateless. Here's more information about how revoking JWTs: https://fusionauth.io/learn/expert-advice/tokens/revoking-jwts

This is one of the reasons why we recommend storing a JWT in a server side session, so that removing the session (on logout) removes the JWT. More here: https://fusionauth.io/learn/expert-advice/authentication/webapp/oauth-authorization-code-grant-sessions

Does that help?

There is not any way to push events from FusionAuth to a system like pagerduty, except those outlined by the webhook docs which are less system level and more app level.

If you are monitoring using systems like opsgenie, you can pull data from several different sources:

There's the system status endpoint, which can be polled. Before 1.19, it was binary (200 is good, anything else is bad) but now with 1.19 there are defined status codes: https://fusionauth.io/docs/v1/tech/apis/system#system-status This is the single best endpoint for a healthcheck. If you want to ingest system logs so they can be searched/scanned, you could set up a job to export the system logs: https://fusionauth.io/docs/v1/tech/apis/system#export-system-logs and process them (that that doesn't work for container based systems, see the docs for more). These logs are what you'd see if you were running fusionauth in docker and looking at STDOUT (so system level stuff). You can write your own scripts against the API to test for certain use cases ("Can this user login?", "Can this user register?") There's an event log which captures, well, system events, which can be accessed via the API: https://fusionauth.io/docs/v1/tech/apis/event-logs There is also the audit log, which is probably not what you are looking for, because that is less system level and more 'in app' events, with admin level actions being written (see also this issue). But it can be read via API: https://fusionauth.io/docs/v1/tech/apis/audit-logs

If you are running in Fargate, k8s or another container based system, your best option is to write something to pump the logs through a stream which you can then process for interesting/problematic events.

If you use the request body you should be fine. You can do a lot more than 500 if you like.

I would start with 5-10k and see how performance is.