IDM 7.2.2

CSV audit event handler properties

UI Label / Text audit.json File Label Description

File Rotation

fileRotation

Groups the file rotation configuration parameters.

rotationEnabled

rotationEnabled

Specifies whether file rotation is enabled. Boolean: true, or false.

maxFileSize

maxFileSize

The maximum size of an audit file, in bytes, before rotation is triggered.

rotationFilePrefix

rotationFilePrefix

The prefix to add to the start of an audit file name when it is rotated.

Rotation Times

rotationTimes

Specifies a list of times when file rotation should be triggered.

The times must be provided as durations, offset from midnight. For example, a list of 10 minutes, 20 minutes, 30 minutes will cause files to rotate at 10, 20 and 30 minutes after midnight.

File Rotation Suffix

rotationFileSuffix

The suffix appended to rotated audit file names. This suffix should take the form of a timestamp, in simple date format. The default suffix format, if none is specified, is -yyyy.MM.dd-HH.mm.ss.

Rotation Interval

rotationInterval

The interval to trigger a file rotation, expressed as a duration. For example, 5 seconds, 5 minutes, 5 hours. A value of 0 or disabled disables time-based file rotation. Note that you can specify a list of rotationTimes and a rotationInterval. The audit event handler checks all rotation and retention policies on a periodic basis, and assesses whether each policy should be triggered at the current time, for a particular audit file. The first policy to meet the criteria is triggered.

File Retention

fileRetention

Groups the file retention configuration parameters. The retention policy specifies how long audit files remain on disk before they are automatically deleted.

Maximum Number of Historical Files

maxNumberOfHistoryFiles

The maximum number of historical audit files that can be stored. If the total number of audit files exceeds this maximum, older files are deleted.

A value of -1 disables purging of old log files.

Maximum Disk Space

maxDiskSpaceToUse

The maximum disk space, in bytes, that can be used for audit files. If the total space occupied by the audit files exceeds this maximum, older files are deleted. A negative or zero value indicates that this policy is disabled; that is, that unlimited disk space can be used for historical audit files.

Minimum Free Space Required

minFreeSpaceRequired

The minimum free disk space, in bytes, required on the system that houses the audit files. If the free space drops below this minimum, older files are deleted. A negative or zero value indicates that this policy is disabled; that is, that no minimum space requirements apply.

rotationRetentionCheckInterval

rotationRetentionCheckInterval

Interval for periodically checking file rotation and retention policies.

The interval must be a duration; for example, 5 seconds, 5 minutes, or 5 hours.

Log Directory

logDirectory

Directory with CSV audit files.

CSV Output Formatting

formatting

quoteChar

quoteChar

Formatting: Character used around a CSV field.

delimiterChar

delimiterChar

Formatting: Character between CSV fields.

End of Line Symbols

endOfLineSymbols

Formatting: end of line symbol, such as \n or \r.

Security: CSV Tamper Evident Configuration

security

Uses keystore-based signatures.

Enabled

enabled

CSV Tamper Evident Configuration: true, or false.

Filename

filename

CSV Tamper Evident Configuration: Path to the Java keystore.

Password

password

CSV Tamper Evident Configuration: Password for the Java keystore.

Keystore Handler

keystoreHandlerName

CSV Tamper Evident Configuration: Keystore name. The value of this property must be openidm. This is the name that the audit service provides to the ForgeRock Common Audit Framework for the configured IDM keystore.

Signature Interval

signatureInterval

CSV Tamper Evident Configuration: Signature generation interval. Default = 1 hour. Units described in Restrictions on Configuring the CSV Audit Handler in the UI.

Buffering

buffering

Configuration for optional event buffering.

enabled

enabled

Buffering: true, or false.

autoFlush

autoFlush

Buffering: avoids flushing after each event.