--- title: External Access Log Publisher description: External Access Log Publishers publish access messages to an external handler. component: pingds version: 8.1 page_id: pingds:configref:objects-external-access-log-publisher canonical_url: https://docs.pingidentity.com/pingds/8.1/configref/objects-external-access-log-publisher.html section_ids: parent: Parent external_access_log_publisher_properties: External Access Log Publisher properties basic_properties: Basic properties config-file: config-file enabled: enabled filtering-policy: filtering-policy log-controls: log-controls log-field-blacklist: log-field-blacklist advanced_properties: Advanced properties exclude-values-of-attributes: exclude-values-of-attributes include-values-of-attributes: include-values-of-attributes java-class: java-class log-modified-attribute-values: log-modified-attribute-values suppress-internal-operations: suppress-internal-operations suppress-synchronization-operations: suppress-synchronization-operations --- # External Access Log Publisher External Access Log Publishers publish access messages to an external handler. ## Parent The External Access Log Publisher object inherits from [Common Audit Access Log Publisher](objects-common-audit-access-log-publisher.html). ## External Access Log Publisher properties You can use configuration expressions to set property values at startup time. For details, see [Property value substitution](expressions.html). | Basic Properties | Advanced Properties | | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | [config-file](#config-file) [enabled](#enabled) [filtering-policy](#filtering-policy) [log-controls](#log-controls) [log-field-blacklist](#log-field-blacklist) | [exclude-values-of-attributes](#exclude-values-of-attributes) [include-values-of-attributes](#include-values-of-attributes) [java-class](#java-class) [log-modified-attribute-values](#log-modified-attribute-values) [suppress-internal-operations](#suppress-internal-operations) [suppress-synchronization-operations](#suppress-synchronization-operations) | ### Basic properties Use the `--advanced` option to access advanced properties. ### config-file | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | The JSON configuration file that defines the External Access Log Publisher. The content of the JSON configuration file depends on the type of external audit event handler. The path to the file is relative to the instance directory path. | | *Default value* | None | | *Allowed values* | A path to an existing file that is readable (and/or writeable) by the server. | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | The object must be disabled and re-enabled for changes to take effect. | | *Advanced* | No | | *Read-only* | No | ### enabled | | | | ----------------------- | ------------------------------------------------------- | | *Synopsis* | Indicates whether the Log Publisher is enabled for use. | | *Default value* | None | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### filtering-policy | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | *Synopsis* | Specifies how filtering criteria should be applied to log records. | | *Default value* | no-filtering | | *Allowed values* | * exclusive: Records must not match any of the filtering criteria in order to be logged. * inclusive: Records must match at least one of the filtering criteria in order to be logged. * no-filtering: No filtering will be performed, and all records will be logged. | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### log-controls | | | | ----------------------- | ------------------------------------------------------------------------------------------------- | | *Synopsis* | Specifies whether controls with criticality and values will be included in operation log records. | | *Default value* | true | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ### log-field-blacklist | | | | ----------------------- | --------------------------------------------------------------------------------- | | *Synopsis* | List of fields that the server omits from access log messages. | | *Description* | Valid values for this property are JSON paths for fields present in the log file. | | *Default value* | No message elements are blacklisted by default | | *Allowed values* | A JSON path to an existing object of the access event definition. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | None | | *Advanced* | No | | *Read-only* | No | ## Advanced properties Use the `--advanced` option to access advanced properties. ### exclude-values-of-attributes | | | | ----------------------- | -------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Attributes types targeted by a modify operation for which the modified values should be omitted from the access log. | | *Default value* | None | | *Allowed values* | The name of an attribute type defined in the LDAP schema. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No | ### include-values-of-attributes | | | | ----------------------- | ------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Attributes types targeted by a modify operation for which the modified values should be included in the access log. | | *Default value* | None | | *Allowed values* | The name of an attribute type defined in the LDAP schema. | | *Multi-valued* | Yes | | *Required* | No | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No | ### java-class | | | | ----------------------- | ---------------------------------------------------------------------------------------------------------- | | *Synopsis* | The fully-qualified name of the Java class that provides the External Access Log Publisher implementation. | | *Default value* | org.opends.server.loggers.ExternalAccessLogPublisher | | *Allowed values* | A Java class that extends or implements:- org.opends.server.loggers.LogPublisher | | *Multi-valued* | No | | *Required* | Yes | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No | ### log-modified-attribute-values | | | | ----------------------- | -------------------------------------------------------------------------------- | | *Synopsis* | The access log contains the values of attributes targeted by a modify operation. | | *Default value* | false | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No | ### suppress-internal-operations | | | | ----------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Synopsis* | Indicates whether internal operations (for example, operations that are initiated by plugins) should be logged along with the operations that are requested by users. | | *Default value* | true | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No | ### suppress-synchronization-operations | | | | ----------------------- | -------------------------------------------------------------------------------------------------------- | | *Synopsis* | Indicates whether access messages that are generated by synchronization operations should be suppressed. | | *Default value* | false | | *Allowed values* | truefalse | | *Multi-valued* | No | | *Required* | No | | *Admin action required* | None | | *Advanced* | Yes | | *Read-only* | No |