Log File Rotation
The file-based audit event handlers enable you to rotate audit log files, either automatically, based on a set of criteria, or by using a REST call.
To configure automatic log file rotation, set the following properties in your project's audit.json
file:
{ "class" : "org.forgerock.audit.handlers.json.JsonAuditEventHandler", "config" : { "fileRotation" : { "rotationEnabled" : true, "maxFileSize" : 0, "rotationFilePrefix" : "", "rotationTimes" : [ ], "rotationFileSuffix" : "", "rotationInterval" : "" },
The file rotation properties are described in "JSON Audit Event Handler Properties".
If you have enabled file rotation ("rotationEnabled" : true
), you can rotate the JSON log files manually for a specific audit event topic, over REST. The following command saves the current access log file with a date and time stamp, then starts logging to a new file with the same base name.
curl \ --header "X-OpenIDM-Username: openidm-admin" \ --header "X-OpenIDM-Password: openidm-admin" \ --header "Accept-API-Version: resource=1.0" \ --request POST \ "http://localhost:8080/openidm/audit/access?handler=json&_action=rotate"
{ "status": "OK" }
If the command is successful, you will see two access.audit.json
files in the openidm/audit
directory, for example:
access.audit.json access.audit.json-2016.10.12-17.54.41
The file with the extension (2016.10.12-17.54.41
) indicates that audit logging to this file ended on October 12, 2016, at 5:54:41 pm.
To configure log rotation in the Admin UI, click Configure > System Preferences > Audit, and edit the JSON audit event handler (or the CSV audit event handler if you are logging to CSV). You can set all the log rotation properties on this screen.