How do I log audit events to a database in OpenAM 13.x?
The purpose of this article is to provide information on logging audit events to a database in OpenAM. You can log to Oracle®, MySQL™ or other databases.
1 reader recommends this article
Archived
This article has been archived and is no longer maintained by ForgeRock.
Overview
OpenAM 13.0 introduces the ForgeRock Common Audit Framework, which allows OpenAM to log all user and administrative activity in a consistent format across the ForgeRock platform. Logs can be written to file, database or syslog as required. See OpenAM Administration Guide › Configuring Audit Logging for further information on configuring audit logs to be written to a database in OpenAM 13.x.
In releases prior to OpenAM 13.0, you can configure OpenAM to log to a database instead of the default log file if required. The configuration required for this is detailed below. This functionality is deprecated as of OpenAM 13.0.
Configuring OpenAM to log to a database
You can configure OpenAM to log to a database using either the OpenAM console or ssoadm:
-
OpenAM console: navigate to: Configuration > System > Logging > Logging Type and select the DB option. Complete the following fields to configure logging to a database:
- Log File Location: enter the full directory path using a valid database URL, for example: jdbc:mysql://host:port/dbname.
- Database User Name
- Database User Password
- Database User Password (confirm)
- Database Driver Name
- ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s iPlanetAMLoggingService -t global -u [adminID] -f [passwordfile] -a iplanet-am-logging-type=DB iplanet-am-logging-location=[JDBCURL] iplanet-am-logging-db-user=[DBuserName] iplanet-am-logging-db-password=[DBpassword] iplanet-am-logging-db-driver=[JDBCdriver] replacing [adminID], [passwordfile], [JDBCURL], [DBuserName], [DBpassword] and [JDBCdriver] with appropriate values.
OpenAM automatically creates the necessary table in the database, so there is no need to run a script to create the table; events and errors are logged as unique database file attributes or columns and are labeled as follows:
- Oracle database:
- *_ACCESS
- *_ERROR
- MySQL database:
- *_access
- *_error
Note
You should ensure the database user has the CREATE TABLE privilege and the JDBC driver is deployed in the web container.
See Also
OpenAM Administration Guide › Configuring Audit Logging
Related Training
N/A
Related Issue Tracker IDs
OPENAM-5987 (Database audit logging 'failure buffer' does not write all records after DB recovery)