Recording Access Audit Events in CSV

This section describes how to record access audit events in a CSV file. For information about the CSV audit event handler, see "CsvAuditEventHandler".

Important

The CSV handler does not sanitize messages when writing to CSV log files.

Do not open CSV logs in spreadsheets and other applications that treat data as code.

Record Audit Events in a CSV File

Before you start, prepare IG and the sample application as described in Getting Started Guide.

  1. Add the following route to IG:

    $HOME/.openig/config/routes/30-csv.json
    %appdata%\OpenIG\config\routes\30-csv.json
    {
      "name": "30-csv",
      "baseURI": "http://app.example.com:8081",
      "condition": "${matches(request.uri.path, '^/home/csv-audit')}",
      "heap": [
        {
          "name": "AuditService",
          "type": "AuditService",
          "config": {
            "eventHandlers": [
              {
                "class": "org.forgerock.audit.handlers.csv.CsvAuditEventHandler",
                "config": {
                  "name": "csv",
                  "logDirectory": "/tmp/logs",
                  "buffering": {
                    "enabled": "true",
                    "autoFlush": "true"
                  },
                  "topics": [
                    "access"
                  ]
                }
              }
            ],
            "config": { }
          }
        }
      ],
      "auditService": "AuditService",
      "handler": "ForgeRockClientHandler"
    }
    

    The route calls an audit service configuration for publishing log messages to the CSV file, /tmp/logs/access.csv. When a request matches audit, audit events are logged to the CSV file.

    The route uses the ForgeRockClientHandler as its handler, to send the X-ForgeRock-TransactionId header with its requests to external services.

  2. Go to http://openig.example.com:8080/home/csv-audit.

    The home page of the sample application is displayed, and the file /tmp/logs/access.csv is updated.

Read a different version of :