Specify the audit query handler
By default, queries on audit logs are managed by the JSON audit event handler. You can configure one of the other available event handlers to handle queries. The audit event handler that you configure to manage queries must be enabled, either by including its definition in audit.json, or setting it to Enabled in the admin UI.
To specify which audit event handler should be used for queries, set the handlerForQueries property in the audit.json file, as follows:
{
"auditServiceConfig" : {
"handlerForQueries" : "json",
"availableAuditEventHandlers" : [
"org.forgerock.audit.handlers.csv.CsvAuditEventHandler",
"org.forgerock.audit.handlers.jms.JmsAuditEventHandler",
"org.forgerock.audit.handlers.json.JsonAuditEventHandler",
"org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler",
"org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler",
"org.forgerock.openidm.audit.impl.RouterAuditEventHandler",
"org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler"
],
...
}In this case, the handlerForQueries is set to json, which is the name of the JsonAuditEventHandler.
|