Audit Log Schema

The tables in this section show the schema for the six audit event topics. For the JSON audit event handler, each audit topic is logged to a distinct JSON file, with the topic in the filename. Files are created in the openidm/audit directory by default:

You can parse the files in the openidm/audit directory using a JSON processor, such as jq. For example:

tail -f authentication.audit.json | jq .
  "context": {
    "component": "internal/user",
    "roles": [
    "ipAddress": "0:0:0:0:0:0:0:1",
    "id": "openidm-admin",
    "moduleId": "INTERNAL_USER"
  "entries": [
      "moduleId": "JwtSession",
      "result": "SUCCESSFUL",
      "info": {
        "org.forgerock.authentication.principal": "openidm-admin"
  "principal": [
Read a different version of :