Java Agents 2024.11

Audit Log Exclude Paths

A list of JSON paths to exclude from audit logs. Audit event fields use JSON pointer notation and are taken from the JSON schema for the audit event content.

To prevent logging of sensitive data for an audit event, the Common Audit Framework uses a safelist to specify which audit event fields appear in the logs. By default, only safelisted audit event fields are included in the logs.

This property takes precedence over Audit Log Include Paths. If a path is specified here and in Audit Log Include Paths, the corresponding audit event field is excluded.

The following example excludes Header1 but includes Header2 and Cookie1:

org.forgerock.agents.audit.exclude.path.list[0]=/access/http/request/headers/Header1Name

org.forgerock.agents.audit.include.path.list[0]=/access/http/request/headers/Header2Name

org.forgerock.agents.audit.include.path.list[1]=/access/http/request/cookies/Cookie1Name

Property name

org.forgerock.agents.audit.exclude.path.list

Aliases

org.forgerock.agents.audit.exclude.path.list
  Introduced in Java Agent 2024.6

Function

Audit

Type

List

Bootstrap property

Yes

Required property

No

Restart required

Yes - Restart the container after changing the property

Local configuration file

AgentBootstrap.properties