AM supports a Common REST-based audit logging service that captures key auditing events, critical for system security, troubleshooting, and regulatory compliance.
Audit logs gather operational information about events that occur within an AM deployment. They track processes and security data, such as authentication mechanisms, system access, user and administrator activity, error messages, and configuration changes.
The audit logging service uses a structured message format that adheres to a consistent log structure across the ForgeRock Identity Platform. This common structure allows correlation between log messages of the different Platform components, if the transaction IDs are trusted. For more information, see Trust transaction headers.
Although the ForgeRock Directory Services JSON logger is enabled by default, ForgeRock transaction IDs are not trusted by default.
You must set
The following topics explain how AM audit logging works, and how to implement it:
Discover AM’s audit logging service
AM auditing service provides a rich set of features to help you capture events that are critical for system security, troubleshooting, and regulatory compliance.
Configure AM to log audit events
Decide how to implement your audit login service, either globally or by realm, and configure audit login handlers to store audit events into files, databases, or other stores.
Audit log reference
Check the format of the files, the names of the events, and more.