JSON Audit Event Handler Properties

fileRotation Groups the file rotation configuration parameters.
rotationEnabled Specifies whether file rotation is enabled. Boolean, true or false.
maxFileSize The maximum size of an audit file, in bytes, before rotation is triggered.
rotationFilePrefix The prefix to add to the start of an audit file name when it is rotated.
rotationTimes Specifies a list of times at which file rotation should be triggered. The times must be provided as durations, offset from midnight. For example, a list of 10 minutes, 20 minutes, 30 minutes will cause files to rotate at 10, 20 and 30 minutes after midnight.
rotationFileSuffix The suffix appended to rotated audit file names. This suffix should take the form of a timestamp, in simple date format. The default suffix format, if none is specified, is -yyyy.MM.dd-HH.mm.ss.
rotationInterval The interval to trigger a file rotation, expressed as a duration. For example, 5 seconds, 5 minutes, 5 hours. A value of 0 or disabled disables time-based file rotation. Note that you can specify a list of rotationTimes and a rotationInterval. The audit event handler checks all rotation and retention policies on a periodic basis, and assesses whether each policy should be triggered at the current time, for a particular audit file. The first policy to meet the criteria is triggered.
fileRetention Groups the file retention configuration parameters. The retention policy specifies how long audit files remain on disk before they are automatically deleted.
maxNumberOfHistoryFiles The maximum number of historical audit files that can be stored. If the total number of audit files exceed this maximum, older files are deleted. A value of -1 disables purging of old log files.
maxDiskSpaceToUse The maximum disk space, in bytes, that can be used for audit files. If the total space occupied by the audit files exceed this maximum, older files are deleted. A negative or zero value indicates that this policy is disabled, that is, that unlimited disk space can be used for historical audit files.
minFreeSpaceRequired The minimum free disk space, in bytes, required on the system that houses the audit files. If the free space drops below this minimum, older files are deleted. A negative or zero value indicates that this policy is disabled, that is, that no minimum space requirements apply.
rotationRetentionCheckInterval Interval for periodically checking file rotation and retention policies. The interval must be a duration, for example, 5 seconds, 5 minutes, or 5 hours.
logDirectoryDirectory with JSON audit files
elasticsearchCompatible Enable ElasticSearch JSON format compatibility. Boolean, true or false. Set this property to true, for example, if you are using Logstash to feed into ElasticSearch. When elasticsearchCompatible is true, the handler renames the _id field to _eventId because _id is reserved by ElasticSearch. The rename is reversed after JSON serialization, so that other handlers will see the original field name. For more information, see the ElasticSearch documentation.
bufferingConfiguration for event buffering
maxSizeThe maximum number of events that can be buffered (default/minimum: 100000)
writeIntervalThe delay after which the file-writer thread is scheduled to run after encountering an empty event buffer (units of 'ms' are recommended). Default: 100 ms.
Read a different version of :