Auditing in Structured Editor
This section describes how to set up IG in the structured editor of Studio to record audit events. This example set up auditing in a Splunk audit event handler.
For more information about how to set up auditing, see Auditing Your Deployment.
In IG Studio, create a route:
Go to http://openig.example.com:8080/openig/studio, and select Create a route.
Select Structured to use the structured editor.
Select Advanced options on the right, and create a route with the following options:
Base URI:
http://app.example.com:8081
Condition: Path:
/home/splunk-audit
Name:
30-splunk
Configure auditing:
Select and enable Audit.
Select New event handler and then Splunk event handler.
Enter the following information, and then save the settings:
Name:
splunk
Authorization token: Enter the value of the Splunk authorization token. This example uses
<splunk-authorization-token>
.
Leave the other fields with their default values and save.
In the event handlers frame, enable the event handler
On the top-right of the screen, select and Display to review the route.
The following route should be displayed:
{ "name": "30-splunk", "baseURI": "http://app.example.com:8081", "condition": "${matches(request.uri.path, '^/home/splunk-audit')}", "heap": [ { "name": "AuditService", "type": "AuditService", "config": { "eventHandlers": [ { "class": "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler", "config": { "name": "splunk", "enabled": true, "authzToken": "<splunk-authorization-token>", "connection": { "host": "localhost", "port": 8088, "useSSL": false }, "topics": [ "access" ], "buffering": { "maxSize": 10000, "maxBatchedEvents": 500, "writeInterval": "100 ms" } } } ] } } ], "auditService": "AuditService", "handler": "ReverseProxyHandler" }
Select Deploy to push the route to the IG configuration.
You can check the
$HOME/.openig/config/routes
folder to see that the route is there.