How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I disable audit logging in IDM 6.5.x and 7.x?

Last updated Jan 12, 2023

The purpose of this article is to provide information on disabling audit logging in IDM and the consequences of doing this.


Overview

By default, configuration for the JSON audit event handler and the repository audit event handler are included in the audit.json file (located in the /path/to/idm/conf directory). The JSON audit handler is used for queries by default.

You can disable audit logging in IDM 6.5 and later, if required, but you should be aware that this will impact the ability to troubleshoot issues if they occur. Additionally, you will not be able to query audit data. It is strongly recommended that you configure audit log rotation and retention instead of disabling audit logs. See Log File Rotation and Log File Retention for further information.

Caution

In older versions of IDM, audit data was queried to view reconciliation result state in the UI, which means this functionality would also stop working if you disabled audit logging and make the UI unstable. As a result, it is strongly advised that you do not disable audit logging in IDM 6 and earlier.

Disabling audit logging

You can disable audit logging as follows depending on your version:

  • IDM 7.1 and later: you can set the following properties to true or false in the boot.properties file (located in /path/to/idm/resolver/ directory) to enable/disable as needed:openidm.audit.handler.json.enabled openidm.audit.handler.stdout.enabled openidm.audit.handler.repo.enabledSee Choose Audit Event Handlers for further information.
  • Pre-IDM 7.1: You can use either of the following approaches, although the first one is preferred:
    • Disable each configured audit handler in the audit.json file. You can do this by adding the enabled field set to false for each configured audit handler, for example: { "class" : "org.forgerock.audit.handlers.json.JsonAuditEventHandler", "config" : { "name" : "json", "enabled": false, ... } },
    • Remove all the configured audit handlers from audit.json. The downside to this approach, is you've lost the configurations if you want to re-enable them in the future.

Verifying your changes

You can check that audit logging has been disabled by running the following query, which uses jq on the command line to prettify the result (you can install jq as outlined in Download jq or just exclude | jq . from the command). For example:

  • IDM 7 and later: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" "http://localhost:8080/openidm/audit/activity?_queryFilter=true" | jq .
  • Pre-IDM 7: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" "http://localhost:8080/openidm/audit/activity?_queryFilter=true" | jq .

You will get a response similar to the following if audit logging is disabled:

{"code" : 500, "reason" : "Internal Server Error", "message" : "The handler defined for queries, 'json', has not been registered to the audit service, or it is disabled."}

See Also

How do I purge reconciliation audit logs in IDM (All versions)?

Purge Obsolete Audit Information

Query Audit Logs Over REST

Audit

Format REST Output For Readability

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.