How To

How do I disable audit logging in IDM 6.5?

Last updated Jul 17, 2020

The purpose of this article is to provide information on disabling audit logging in IDM and the consequences of doing this.

Overview

By default, configuration for the JSON audit event handler and the repository audit event handler are included in the audit.json file (located in the /path/to/idm/conf directory). The JSON audit handler is used for queries by default.

You can disable audit logging in IDM 6.5 and later, if required. The only consequence of doing this is you cannot query audit data. No other functionality is affected.

Caution

In older versions of IDM, audit data was queried to view reconciliation result state in the UI, which means this functionality would also stop working if you disabled audit logging and make the UI unstable. As a result, it is strongly advised that you do not disable audit logging in IDM 6 and earlier.

Disabling audit logging

You can disable audit logging using either of the following approaches:

  • Disable each configured audit handler in the audit.json file. You can do this by adding the enabled field set to false for each configured audit handler, for example: 
            {
            "class" : "org.forgerock.audit.handlers.json.JsonAuditEventHandler",
            "config" : {
                "name" : "json",
                "enabled": false,
...
            }
        },
  • Remove all the configured audit handlers from audit.json. The downside to this approach, is you've lost the configurations if you want to re-enable them in the future.

Verifying your changes

You can check that audit logging has been disabled by running the following query:

$ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" 'http://localhost:8080/openidm/audit/activity?_queryFilter=true' | jq .

You will get a response similar to the following if audit logging is disabled:

{"code" : 500, "reason" : "Internal Server Error", "message" : "The handler defined for queries, 'json', has not been registered to the audit service, or it is disabled."}

See Also

How do I purge reconciliation audit logs in IDM/OpenIDM (All versions)?

Integrator's Guide › Configuring the Audit Service

Integrator's Guide › Audit Event Handler Configuration

Integrator's Guide › Adjusting Audit Write Behavior

Integrator's Guide › Purging Obsolete Audit Information

Integrator's Guide › Querying the Activity Audit Log

Installation Guide › Format REST Output For Readability

Related Training

N/A

Related Issue Tracker IDs

N/A

Copyright and TrademarksCopyright © 2020 ForgeRock, all rights reserved.
Loading...