| File Rotation | fileRotation | Groups the file rotation configuration parameters. |
| rotationEnabled | rotationEnabled | Specifies whether file rotation is enabled. Boolean, true or false. |
| maxFileSize | maxFileSize | The maximum size of an audit file, in bytes, before rotation is triggered. |
| rotationFilePrefix | rotationFilePrefix | The prefix to add to the start of an audit file name when it is rotated. |
| Rotation Times | rotationTimes | Specifies a list of times at which file rotation should be triggered. The times must be provided as durations, offset from midnight. For example, a list of 10 minutes, 20 minutes, 30 minutes will cause files to rotate at 10, 20 and 30 minutes after midnight. |
| File Rotation Suffix | rotationFileSuffix | The suffix appended to rotated audit file names. This suffix should take the form of a timestamp, in simple date format. The default suffix format, if none is specified, is -yyyy.MM.dd-HH.mm.ss. |
| Rotation Interval | rotationInterval | The interval to trigger a file rotation, expressed as a duration. For example, 5 seconds, 5 minutes, 5 hours. A value of 0 or disabled disables time-based file rotation. Note that you can specify a list of rotationTimes and a rotationInterval. The audit event handler checks all rotation and retention policies on a periodic basis, and assesses whether each policy should be triggered at the current time, for a particular audit file. The first policy to meet the criteria is triggered. |
| File Retention | fileRetention | Groups the file retention configuration parameters. The retention policy specifies how long audit files remain on disk before they are automatically deleted. |
| Maximum Number of Historical Files | maxNumberOfHistoryFiles | The maximum number of historical audit files that can be stored. If the total number of audit files exceed this maximum, older files are deleted. A value of -1 disables purging of old log files. |
| Maximum Disk Space | maxDiskSpaceToUse | The maximum disk space, in bytes, that can be used for audit files. If the total space occupied by the audit files exceed this maximum, older files are deleted. A negative or zero value indicates that this policy is disabled, that is, that unlimited disk space can be used for historical audit files. |
| Minimum Free Space Required | minFreeSpaceRequired | The minimum free disk space, in bytes, required on the system that houses the audit files. If the free space drops below this minimum, older files are deleted. A negative or zero value indicates that this policy is disabled, that is, that no minimum space requirements apply. |
| rotationRetentionCheckInterval | rotationRetentionCheckInterval | Interval for periodically checking file rotation and retention policies. The interval must be a duration, for example, 5 seconds, 5 minutes, or 5 hours. |
| Log Directory | logDirectory | Directory with CSV audit files |
| CSV Output Formatting | formatting | |
| quoteChar | quoteChar | Formatting: Character used around a CSV field |
| delimiterChar | delimiterChar | Formatting: Character between CSV fields |
| End of Line Symbols | endOfLineSymbols | Formatting: end of line symbol, such as \n or \r |
| Security: CSV Tamper Evident Configuration | security | Uses keystore-based signatures |
| Enabled | enabled | CSV Tamper Evident Configuration: true or false |
| Filename | filename | CSV Tamper Evident Configuration: Path to the Java keystore |
| Password | password | CSV Tamper Evident Configuration: Password for the Java keystore |
| Keystore Handler | keystoreHandlerName | CSV Tamper Evident Configuration: Keystore name. The value of this property must be openidm. This is the name that the audit service provides to the ForgeRock Common Audit Framework for the configured IDM keystore. |
| Signature Interval | signatureInterval | CSV Tamper Evident Configuration: Signature generation interval. Default = 1 hour. Units described in "Restrictions on Configuring the CSV Audit Handler in the UI". |
| Buffering | buffering | Configuration for optional event buffering |
| enabled | enabled | Buffering: true or false |
| autoFlush | autoFlush | Buffering: avoids flushing after each event |