Obtain the IdP usage statistics from shibboleth Idp-audit logs

The shibboleth audit logs will provide a detailed record of every request and response handled by the IdP to allow tracking of user activity and statistical analysis of IdP usage.

Log Files

 There are mainly three types of log files

• idp-process.log, idp-warn.log - diagnostic logs 
• idp-audit.log - general audit log 
• idp-consent-audit.log -consent audit log

 Deafult Log location : /var/log/shibboleth-idp

Note: The default configuration causes all the log files to be "rolled over" on a regular basis. 

Archived log files are automatically compressed to the ".gz" suffix in the <FileNamePattern> of each log file appender. 

These files can be extracted using the gunzip command.

To show the number of users who accessed the system today and what they accessed
cat /var/log/shibboleth-idp/idp-audit.log | awk -F "|" '{print $4 " " $9}'

To list the connections made in 2018
cat  /var/log/shibboleth-idp/idp-audit-2018* | grep -v "null" | awk -F "|" '{print $4 " " $9}'

Total Number of connections made in 2018 
cat  /var/log/shibboleth-idp/idp-audit-2018* | grep -v "null" | awk -F "|" '{print $4 " " $9}' | wc -l

To list Connections for each service in 2018
cat  /var/log/shibboleth-idp/idp-audit-2018* | grep -v "null" | awk -F "|" '{print "; " $4}' | sort | uniq -c | sort -nr
 
cat  /var/log/shibboleth-idp/idp-audit-2018* | grep -v "null" | awk -F "|" '{print "; " $4}' | sort | uniq -c | sort -nr | awk -F ";" '{print $2 "; " $1}' 

To list services used during 2018 and the number of times accessed
 
cat  /var/log/shibboleth-idp/idp-audit-2018* | grep -v "null" | awk -F "|" '{print $4}' | awk '{arr[$1]++} END {for(i in arr) print i,arr[i]}' | sort -k2nr

Count number of unique users of AAF services for 2018
cat  /var/log/shibboleth-idp/idp-audit-2018* | grep -v "null" | awk -F "|" '{print $4}' | awk '{arr[$1]++} END {for(i in arr) print i,arr[i]}' | sort -k2nr