Setting Up Audit Logging
AM supports a comprehensive Audit Logging Service that captures key auditing events, critical for system security, troubleshooting, and regulatory compliance.
Audit logs gather operational information about events occurring within an AM deployment to track processes and security data, such as authentication mechanisms, system access, user and administrator activity, error messages, and configuration changes.
This chapter describes the ForgeRock® Common REST-based Audit Logging Service available in AM. AM also supports a legacy Logging Service, based on a Java SDK. The legacy Logging Service will be deprecated in a future release of AM.
The Audit Logging Service uses a structured message format that adheres to a consistent log structure common across the ForgeRock Identity Platform. This common structure allows correlation between log messages of the different components of the Platform once the transaction IDs are trusted by enabling the ForgerRock trust transaction header system property.
For more information, see "Configuring the Trust Transaction Header System Property".
The DS JSON logger is enabled by default. However, the ForgeRock transaction IDs are not trusted initially. You must set
trust-transaction-ids:true to correlate log messages in DS with log messages in AM. For more information, see To Configure LDAP JSON Access Logs in the ForgeRock Directory Services Monitoring Guide.
Review the following sections to understand how audit logging works in AM, and how to implement it:
Discover AM's Audit Logging Service
AM auditing service provides a rich set of features to help you capture events that are critical for system security, troubleshooting, and regulatory compliance.
|See "About the Audit Logging Service".|
Configure AM to Log Audit Events
Decide how to implement your audit login service, either globally or by realm, and configure audit login handlers to store audit events into files, databases, or other stores.
Audit Log Reference
Check the format of the files, the names of the events, and more.
AM also supports the classic Logging Service, which is deprecated. For more information, see "Implementing the Classic Logging Service".