Audit log schema
The tables in this section show the schema for the six audit event topics. For the JSON audit event handler, each audit topic is logged to a distinct JSON file, with the topic in the filename. Files are created in the openidm/audit directory by default:
-
access.audit.json -
activity.audit.json -
authentication.audit.json -
config.audit.json -
recon.audit.json -
sync.audit.json
You can parse the files in the openidm/audit directory using a JSON processor, such as jq. For example:
tail -f authentication.audit.json | jq .
{
"context": {
"component": "internal/user",
"roles": [
"internal/role/openidm-admin",
"internal/role/openidm-authorized"
],
"ipAddress": "0:0:0:0:0:0:0:1",
"id": "openidm-admin",
"moduleId": "INTERNAL_USER"
},
"entries": [
{
"moduleId": "JwtSession",
"result": "SUCCESSFUL",
"info": {
"org.forgerock.authentication.principal": "openidm-admin"
}
}
],
"principal": [
"openidm-admin"
],
...