How to Redirect Authentik Logs to a File for CrowdSec Integration?

[tscandella]

Hi everyone,

I’m currently working on integrating Authentik with CrowdSec to enhance security, and I’d like to make the logs generated by Authentik directly exploitable by CrowdSec.

Does anyone know if there’s a way to configure Authentik to redirect logs to a specific file instead of the default logging mechanism? Ideally, I’d like this file to be in a format that’s easy to parse and monitor for CrowdSec.

If you’ve implemented a similar setup or have any tips on how to achieve this, I’d really appreciate your insights or examples!

Thanks in advance for your help!

[upuldi]

same. waiting for an answer.

[ztamayo]

Same. Trying to implement this and don't think it's working. Tried using the docker logs for the crowdsec acquis.yaml:

source: docker
container_name:
 - authentik
labels:
  type: Authentik

Crowdsec logs says it's using docker: time="2025-01-29T17:28:04Z" level=info msg="start tail for container authentik" container_name=authentik type=docker but it doesn't seem to be using it because I tried to login to Authentik repeatedly with wrong password and I did not get blocked.

Also tried setting Authentik log location in .env with AUTHENTIK_LOG_FILE=/var/log/authentik.log and that did not work. It does not produce a file called authentik.log. Looked inside container in /var/log and there's no relevant logs there.