Prevent device data from appearing in audit logs
When using device profiling as part of your authentication journeys, the captured information is included in the audit logs by default.
You can configure AM to filter out this information to ensure no personally identifiable information (PII) is written to the audit logs.
The following JSON is a sample audit log entry, from the authentication topic:
{
"_id": "c12f6ef2-262e-4263-b924-ed2236365d1a-1276",
"timestamp": "2020-07-01T16:57:43.565Z",
"eventName": "AM-NODE-LOGIN-COMPLETED",
"transactionId": "c12f6ef2-262e-4263-b924-ed2236365d1a-1274",
"trackingIds": [
"c12f6ef2-262e-4263-b924-ed2236365d1a-1259"
],
"principal": [
"bjensen"
],
"entries": [
{
"info": {
"nodeOutcome": "outcome",
"treeName": "Test",
"displayName": "Device Profile Collector",
"nodeType": "DeviceProfileCollectorNode",
"nodeId": "b9c49dc6-e557-4f98-bb05-504cd715e8d9",
"authLevel": "0",
"nodeExtraLogging": {
"forgeRock.device.profile": {
"identifier": "f505e455f33004c9-01ab094b8797382b1fab71cc8b3753ffb2bd774b",
"version": "1.0",
"metadata": {
"platform": {
"platform": "Android",
...In the sample above, you can see the start of the device profile data, under the nodeExtraLogging entry.
You can filter this out of the audit logs, by using JSON pointer-like syntax:
-
Log in to the AM console as an administrator, for example
amAdmin. -
Navigate to Configure > Global Services > Audit Logging.
-
In the Field blacklist filters list, add an entry that starts with the relevant topic, and then a JSON-pointer like syntax to specify the data to exclude.
For example, to exclude the device data from audit logs, enter:
/authentication/entries/0/info/nodeExtraLogging/forgeRock.device.profile
-
Save your changes.
Device profile data will no longer appear in the
authenticationaudit logs.