How do I disable audit logging in IDM 6.5.x and 7.x?
The purpose of this article is to provide information on disabling audit logging in IDM and the consequences of doing this.
Overview
By default, configuration for the JSON audit event handler and the repository audit event handler are included in the audit.json file (located in the /path/to/idm/conf directory). The JSON audit handler is used for queries by default.
You can disable audit logging in IDM 6.5 and later, if required, but you should be aware that this will impact the ability to troubleshoot issues if they occur. Additionally, you will not be able to query audit data. It is strongly recommended that you configure audit log rotation and retention instead of disabling audit logs. See Log File Rotation and Log File Retention for further information.
Caution
In older versions of IDM, audit data was queried to view reconciliation result state in the UI, which means this functionality would also stop working if you disabled audit logging and make the UI unstable. As a result, it is strongly advised that you do not disable audit logging in IDM 6 and earlier.
Disabling audit logging
You can disable audit logging as follows depending on your version:
- IDM 7.1 and later: you can set the following properties to true or false in the boot.properties file (located in /path/to/idm/resolver/ directory) to enable/disable as needed:openidm.audit.handler.json.enabled openidm.audit.handler.stdout.enabled openidm.audit.handler.repo.enabledSee Choose Audit Event Handlers for further information.
-
Pre-IDM 7.1: You can use either of the following approaches, although the first one is preferred:
- Disable each configured audit handler in the audit.json file. You can do this by adding the enabled field set to false for each configured audit handler, for example: { "class" : "org.forgerock.audit.handlers.json.JsonAuditEventHandler", "config" : { "name" : "json", "enabled": false, ... } },
- Remove all the configured audit handlers from audit.json. The downside to this approach, is you've lost the configurations if you want to re-enable them in the future.
Verifying your changes
You can check that audit logging has been disabled by running the following query, which uses jq on the command line to prettify the result (you can install jq as outlined in Download jq or just exclude | jq . from the command). For example:
- IDM 7 and later: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" -H "Accept-API-Version: resource=1.0" "http://localhost:8080/openidm/audit/activity?_queryFilter=true" | jq .
- Pre-IDM 7: $ curl -X GET -H "X-OpenIDM-Username: openidm-admin" -H "X-OpenIDM-Password: openidm-admin" "http://localhost:8080/openidm/audit/activity?_queryFilter=true" | jq .
You will get a response similar to the following if audit logging is disabled:
{"code" : 500, "reason" : "Internal Server Error", "message" : "The handler defined for queries, 'json', has not been registered to the audit service, or it is disabled."}See Also
How do I purge reconciliation audit logs in IDM (All versions)?
Purge Obsolete Audit Information
Format REST Output For Readability
Related Training
N/A
Related Issue Tracker IDs
N/A