Auditing in Structured Editor

This section describes how to set up IG in the structured editor of Studio to record audit events. This example set up auditing in a Splunk audit event handler.

For more information about how to set up auditing, see Auditing Your Deployment.

Set Up Auditing for Access Audit Events in Splunk
  1. In IG Studio, create a route:

    1. Go to http://openig.example.com:8080/openig/studio, and select Create a route.

    2. Select Structured to use the structured editor.

  2. Select Advanced options on the right, and create a route with the following options:

    • Base URI: http://app.example.com:8081

    • Condition: Path: /home/splunk-audit

    • Name: 30-splunk

  3. Configure auditing:

    1. Select and enable Audit.

    2. Select New event handler and then Splunk event handler.

    3. Enter the following information, and then save the settings:

      • Name: splunk

      • Authorization token: Enter the value of the Splunk authorization token. This example uses <splunk-authorization-token>.

      Leave the other fields with their default values and save.

  4. In the event handlers frame, enable the event handler

  5. On the top-right of the screen, select and Display to review the route.

    The following route should be displayed:

    {
      "name": "30-splunk",
      "baseURI": "http://app.example.com:8081",
      "condition": "${matches(request.uri.path, '^/home/splunk-audit')}",
      "heap": [
        {
          "name": "AuditService",
          "type": "AuditService",
          "config": {
            "eventHandlers": [
              {
                "class": "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler",
                "config": {
                  "name": "splunk",
                  "enabled": true,
                  "authzToken": "<splunk-authorization-token>",
                  "connection": {
                    "host": "localhost",
                    "port": 8088,
                    "useSSL": false
                  },
                  "topics": [
                    "access"
                  ],
                  "buffering": {
                    "maxSize": 10000,
                    "maxBatchedEvents": 500,
                    "writeInterval": "100 ms"
                  }
                }
              }
            ]
          }
        }
      ],
      "auditService": "AuditService",
      "handler": "ReverseProxyHandler"
    }

  6. Select Deploy to push the route to the IG configuration.

    You can check the $HOME/.openig/config/routes folder to see that the route is there.

Read a different version of :