JDBC
A JDBC handler sends messages to an appropriately configured relational database table.
Before you enable the JDBC handler, create the necessary schema and tables in the target database. See the following example files:
/path/to/opendj/config/audit-handlers/mysql_tables-example.sql/path/to/opendj/config/audit-handlers/oracle_tables-example.sql/path/to/opendj/config/audit-handlers/postgres_tables-example.sql
The JDBC handler depends on the JDBC driver for the database, and on HirakiCP. Copy the JDBC driver .jar file for your database, the HirakiCP .jar file for your Java version, and any other dependent libraries required to the opendj/extlib/ directory.
To enable the JDBC handler, see "Configure a Custom Access Log". The JSON configuration file for the JDBC handler has the following format:
{
"class": "org.forgerock.audit.handlers.jdbc.JdbcAuditEventHandler",
"config": {
"name": string, // Handler name, such as "jdbc".
"topics": array, // LDAP: "ldap-access"; HTTP: "http-access".
"databaseType": string, // Supported by default: "h2", "mysql",
// "oracle", "postgres".
"enabled": boolean, // Is the handler enabled?
"buffering": { // (Optional) Default: write each message separately,
// no buffering.
"enabled": boolean, // Buffer messages to be sent? Default: false.
"writeInterval": duration, // Duration; must be > 0 if buffering is enabled.
"autoFlush": boolean, // Flush messages automatically? Default: true.
"maxBatchedEvents": number, // Maximum messages in prepared statement. Default: 100.
"maxSize": number, // Maximum number of buffered messages. Default: 5000.
"writerThreads": number // Threads to write buffered messages: Default: 1.
},
"connectionPool": {
"dataSourceClassName": string, // Either set this to the class name of the data source...
"jdbcUrl": string, // ...or set this to the JDBC URL to
// connect to the database.
"username": string, // Username to connect to the database.
"password": string, // Password to connect to the database.
"autoCommit": boolean, // (Optional) Commit transactions automatically?
// Default: true.
"connectionTimeout": number, // (Optional) Milliseconds to wait before timing out.
// Default: 30,000.
"idleTimeout": number, // (Optional) Milliseconds to wait before timing out.
// Default: 600,000.
"maxLifetime": number, // (Optional) Milliseconds thread remains in pool.
// Default: 1,800,000.
"minIdle": number, // (Optional) Minimum connections in pool.
// Default: 10.
"maxPoolSize": number, // (Optional) Maximum number of connections in pool.
// Default: 10.
"poolName": string, // (Optional) Name of connection pool.
// Default: audit.
"driverClassName": string // (Optional) Class name of database driver.
// Default: null.
},
"tableMappings": [ // Correspondence of message fields to database columns.
{
"event": string, // LDAP: "ldap-access"; HTTP: "http-access".
"table": string, // LDAP: "ldapaccess"; HTTP: "httpaccess".
"fieldToColumn": { // Map of field names to database column names.
"event-field": "database-column" // Event-field takes JSON pointer.
}
}
]
}
} For a sample configuration, see opendj/config/audit-handlers/jdbc-config.json-example.
The writeInterval takes a duration, which is a lapse of time expressed in English, such as 23 hours 59 minutes and 59 seconds. Durations are not case sensitive. Negative durations are not supported. Durations use these units:
indefinite,infinity,undefined,unlimited: unlimited durationzero,disabled: zero-length durationdays,day,d: dayshours,hour,h: hoursminutes,minute,min,m: minutesseconds,second,sec,s: secondsmilliseconds,millisecond,millisec,millis,milli,ms: millisecondsmicroseconds,microsecond,microsec,micros,micro,us: microsecondsnanoseconds,nanosecond,nanosec,nanos,nano,ns: nanoseconds