This article has been archived and is no longer maintained by ForgeRock.
OpenAM 13.0 introduces the ForgeRock Common Audit Framework, which allows OpenAM to log all user and administrative activity in a consistent format across the ForgeRock platform. Logs can be written to file, database or syslog as required. See OpenAM Administration Guide › Configuring Audit Logging for further information on configuring audit logs to be written to a database in OpenAM 13.x.
In releases prior to OpenAM 13.0, you can configure OpenAM to log to a database instead of the default log file if required. The configuration required for this is detailed below. This functionality is deprecated as of OpenAM 13.0.
You can configure OpenAM to log to a database using either the OpenAM console or ssoadm:
OpenAM console: navigate to: Configuration > System > Logging > Logging Type and select the DB option. Complete the following fields to configure logging to a database:
- Log File Location: enter the full directory path using a valid database URL, for example: jdbc:mysql://host:port/dbname.
- Database User Name
- Database User Password
- Database User Password (confirm)
- Database Driver Name
- ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s iPlanetAMLoggingService -t global -u [adminID] -f [passwordfile] -a iplanet-am-logging-type=DB iplanet-am-logging-location=[JDBCURL] iplanet-am-logging-db-user=[DBuserName] iplanet-am-logging-db-password=[DBpassword] iplanet-am-logging-db-driver=[JDBCdriver] replacing [adminID], [passwordfile], [JDBCURL], [DBuserName], [DBpassword] and [JDBCdriver] with appropriate values.
OpenAM automatically creates the necessary table in the database, so there is no need to run a script to create the table; events and errors are logged as unique database file attributes or columns and are labeled as follows:
- Oracle database:
- MySQL database:
You should ensure the database user has the CREATE TABLE privilege and the JDBC driver is deployed in the web container.