Recording Access Audit Events to Standard Output

This section describes how to record access audit events to standard output. For more information about the event handler, see "JsonStdoutAuditEventHandler".

Record Audit Events to Standard Output

Before you start, prepare IG and the sample application as described in Getting Started Guide.

  • Add the following route to IG:

      "name": "30-jsonstdout",
      "baseURI": "",
      "condition": "${matches(request.uri.path, '^/home/jsonstdout-audit')}",
      "heap": [
          "name": "AuditService",
          "type": "AuditService",
          "config": {
            "eventHandlers": [
                "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler",
                "config": {
                  "name": "jsonstdout",
                  "elasticsearchCompatible": false,
                  "topics": [
            "config": {}
      "auditService": "AuditService",
      "handler": "ReverseProxyHandler"

    Notice the following features of the route:

    • The route matches requests to /home/jsonstdout-audit.

    • The route calls the audit service configuration for publishing access log messages to standard output. When a request matches /home/jsonstdout-audit, a single line per audit event is logged.

Test the Setup
  • Go to

    The home page of the sample application is displayed, and a message like this is published to standard output:

      "_id": "830...-61",
      "timestamp": "2019-...89Z",
      "eventName": "OPENIG-HTTP-ACCESS",
      "transactionId": "830...-60",
      "client": {
        "ip": "0:0:0:0:0:0:0:1",
        "port": 51876
      "server": {
        "ip": "0:0:0:0:0:0:0:1",
        "port": 8080
      "http": {
        "request": {
          "secure": false,
          "method": "GET",
          "path": "",
          "headers": {
            "accept": ["text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"],
            "host": [""],
            "user-agent": ["Mozilla/5.0 ... Firefox/66.0"]
      "response": {
        "status": "SUCCESSFUL",
        "statusCode": "200",
        "elapsedTime": 10,
        "elapsedTimeUnits": "MILLISECONDS"
      "source": "audit",
      "topic": "access",
      "level": "INFO"
Read a different version of :