How can I separate my normal
logging/auditing from my security logging/auditing? The Windows Event Log makes this distinction with Application Events and Security Events.
If I could create a custom LogLevel, e.g. LogLevel.AuditSuccess or LogLevel.AuditFailure, then I could set my config file rules to equal these and output those events. For example,
<logger name="*" levels="AuditSuccess,AuditFailure" writeTo="target1"/>
<logger name="*" levels="DEBUG,INFO" writeTo="target1"/>
Then I could just use 1 table, record the "Level" in a column, and be able to search and sort my data using this column info. (I don't think we can create a custom LogLevel.)
One workaround that I come up with is to use 2 loggers per class--with each logger being saved to a different target. However, this seems like overkill, especially if I need to add additional similar target types.
<logger name="myNamespace.*" levels="INFO,ERROR" writeTo="target1"/>
<logger name="mySecurityLogger" levels="INFO,ERROR" writeTo="target2"/>
public class MyClass {
private static Logger _logger = LogManager.GetCurrentClassLogger();
private statac Logger _loggerSecurity = LogManager.GetLogger("mySecurityLogger");
...
}
With this, I could create two database targets--each with a different table--and then create 1 rule for each destination target.
Any suggestions?