How to Redirect Authentik Logs to a File for CrowdSec Integration?

[tscandella]

Hi everyone,

I’m currently working on integrating Authentik with CrowdSec to enhance security, and I’d like to make the logs generated by Authentik directly exploitable by CrowdSec.

Does anyone know if there’s a way to configure Authentik to redirect logs to a specific file instead of the default logging mechanism? Ideally, I’d like this file to be in a format that’s easy to parse and monitor for CrowdSec.

If you’ve implemented a similar setup or have any tips on how to achieve this, I’d really appreciate your insights or examples!

Thanks in advance for your help!

[upuldi]

same. waiting for an answer.

[ztamayo]

Same. Trying to implement this and don't think it's working. Tried using the docker logs for the crowdsec acquis.yaml:

source: docker
container_name:
 - authentik
labels:
  type: Authentik

Crowdsec logs says it's using docker: time="2025-01-29T17:28:04Z" level=info msg="start tail for container authentik" container_name=authentik type=docker but it doesn't seem to be using it because I tried to login to Authentik repeatedly with wrong password and I did not get blocked.

Also tried setting Authentik log location in .env with AUTHENTIK_LOG_FILE=/var/log/authentik.log and that did not work. It does not produce a file called authentik.log. Looked inside container in /var/log and there's no relevant logs there.

[rissson]

AUTHENTIK_LOG_FILE does not exist.

[rissson]

authentik logs to stdout/stderr. From there it's up to you to configure your container runtime to send logs where needed

[matteocavestri]

I have the same issue. I'm running Authentik in an LXC container on Proxmox via systemd, and I have CrowdSec installed inside that container. I tried redirecting logs from journald to a file, but I can't parse them with the Authentik collection from CrowdSec Hub because it doesn't expect logs in JSON format. I believe the best option is to write a custom parser for CrowdSec, but I need to study how to do it properly. If I manage to get a working solution, I can share it here. If anyone has any ideas on how to achieve this, feel free to contact me.