CSV audit event handler properties

UI Label / Text audit.json File Label Description

UI Label / Text	audit.json File Label	Description
File Rotation	`fileRotation`	Groups the file rotation configuration parameters.
rotationEnabled	`rotationEnabled`	Specifies whether file rotation is enabled. Boolean: true, or false.
maxFileSize	`maxFileSize`	The maximum size of an audit file, in bytes, before rotation is triggered.
rotationFilePrefix	`rotationFilePrefix`	The prefix to add to the start of an audit file name when it is rotated.
Rotation Times	`rotationTimes`	Specifies a list of times when file rotation should be triggered. The times must be provided as durations, offset from midnight. For example, a list of `10 minutes, 20 minutes, 30 minutes` will cause files to rotate at 10, 20 and 30 minutes after midnight.
File Rotation Suffix	`rotationFileSuffix`	The suffix appended to rotated audit file names. This suffix should take the form of a timestamp, in simple date format. The default suffix format, if none is specified, is `-yyyy.MM.dd-HH.mm.ss`.
Rotation Interval	`rotationInterval`	The interval to trigger a file rotation, expressed as a duration. For example, `5 seconds`, `5 minutes`, `5 hours`. A value of `0` or `disabled` disables time-based file rotation. Note that you can specify a list of `rotationTimes` and a `rotationInterval`. The audit event handler checks all rotation and retention policies on a periodic basis, and assesses whether each policy should be triggered at the current time, for a particular audit file. The first policy to meet the criteria is triggered.
File Retention	`fileRetention`	Groups the file retention configuration parameters. The retention policy specifies how long audit files remain on disk before they are automatically deleted.
Maximum Number of Historical Files	`maxNumberOfHistoryFiles`	The maximum number of historical audit files that can be stored. If the total number of audit files exceeds this maximum, older files are deleted. A value of `-1` disables purging of old log files.
Maximum Disk Space	`maxDiskSpaceToUse`	The maximum disk space, in bytes, that can be used for audit files. If the total space occupied by the audit files exceeds this maximum, older files are deleted. A negative or zero value indicates that this policy is disabled; that is, that unlimited disk space can be used for historical audit files.
Minimum Free Space Required	`minFreeSpaceRequired`	The minimum free disk space, in bytes, required on the system that houses the audit files. If the free space drops below this minimum, older files are deleted. A negative or zero value indicates that this policy is disabled; that is, that no minimum space requirements apply.
rotationRetentionCheckInterval	`rotationRetentionCheckInterval`	Interval for periodically checking file rotation and retention policies. The interval must be a duration; for example, `5 seconds`, `5 minutes`, or `5 hours`.
Log Directory	`logDirectory`	Directory with CSV audit files.
CSV Output Formatting	`formatting`
quoteChar	`quoteChar`	Formatting: Character used around a CSV field.
delimiterChar	`delimiterChar`	Formatting: Character between CSV fields.
End of Line Symbols	`endOfLineSymbols`	Formatting: end of line symbol, such as `\n` or `\r`.
Security: CSV Tamper Evident Configuration	`security`	Uses keystore-based signatures.
Enabled	`enabled`	CSV Tamper Evident Configuration: true, or false.
Filename	`filename`	CSV Tamper Evident Configuration: Path to the Java keystore.
Password	`password`	CSV Tamper Evident Configuration: Password for the Java keystore.
Keystore Handler	`keystoreHandlerName`	CSV Tamper Evident Configuration: Keystore name. The value of this property must be `openidm`. This is the name that the audit service provides to the ForgeRock Common Audit Framework for the configured IDM keystore.
Signature Interval	`signatureInterval`	CSV Tamper Evident Configuration: Signature generation interval. Default = 1 hour. Units described in Restrictions on Configuring the CSV Audit Handler in the UI.
Buffering	`buffering`	Configuration for optional event buffering.
enabled	`enabled`	Buffering: true, or false.
autoFlush	`autoFlush`	Buffering: avoids flushing after each event.

File Rotation

fileRotation

Groups the file rotation configuration parameters.

rotationEnabled

rotationEnabled

Specifies whether file rotation is enabled. Boolean: true, or false.

maxFileSize

maxFileSize

The maximum size of an audit file, in bytes, before rotation is triggered.

rotationFilePrefix

rotationFilePrefix

The prefix to add to the start of an audit file name when it is rotated.

Rotation Times

rotationTimes

Specifies a list of times when file rotation should be triggered.

The times must be provided as durations, offset from midnight. For example, a list of 10 minutes, 20 minutes, 30 minutes will cause files to rotate at 10, 20 and 30 minutes after midnight.

File Rotation Suffix

rotationFileSuffix

The suffix appended to rotated audit file names. This suffix should take the form of a timestamp, in simple date format. The default suffix format, if none is specified, is -yyyy.MM.dd-HH.mm.ss.

Rotation Interval

rotationInterval

The interval to trigger a file rotation, expressed as a duration. For example, 5 seconds, 5 minutes, 5 hours. A value of 0 or disabled disables time-based file rotation. Note that you can specify a list of rotationTimes and a rotationInterval. The audit event handler checks all rotation and retention policies on a periodic basis, and assesses whether each policy should be triggered at the current time, for a particular audit file. The first policy to meet the criteria is triggered.

File Retention

fileRetention

Groups the file retention configuration parameters. The retention policy specifies how long audit files remain on disk before they are automatically deleted.

Maximum Number of Historical Files

maxNumberOfHistoryFiles

The maximum number of historical audit files that can be stored. If the total number of audit files exceeds this maximum, older files are deleted.

A value of -1 disables purging of old log files.

Maximum Disk Space

maxDiskSpaceToUse

The maximum disk space, in bytes, that can be used for audit files. If the total space occupied by the audit files exceeds this maximum, older files are deleted. A negative or zero value indicates that this policy is disabled; that is, that unlimited disk space can be used for historical audit files.

Minimum Free Space Required

minFreeSpaceRequired

The minimum free disk space, in bytes, required on the system that houses the audit files. If the free space drops below this minimum, older files are deleted. A negative or zero value indicates that this policy is disabled; that is, that no minimum space requirements apply.

rotationRetentionCheckInterval

rotationRetentionCheckInterval

Interval for periodically checking file rotation and retention policies.

The interval must be a duration; for example, 5 seconds, 5 minutes, or 5 hours.

Log Directory

logDirectory

Directory with CSV audit files.

CSV Output Formatting

formatting

quoteChar

quoteChar

Formatting: Character used around a CSV field.

delimiterChar

delimiterChar

Formatting: Character between CSV fields.

End of Line Symbols

endOfLineSymbols

Formatting: end of line symbol, such as \n or \r.

Security: CSV Tamper Evident Configuration

security

Uses keystore-based signatures.

Enabled

enabled

CSV Tamper Evident Configuration: true, or false.

Filename

filename

CSV Tamper Evident Configuration: Path to the Java keystore.

Password

password

CSV Tamper Evident Configuration: Password for the Java keystore.

Keystore Handler

keystoreHandlerName

CSV Tamper Evident Configuration: Keystore name. The value of this property must be openidm. This is the name that the audit service provides to the ForgeRock Common Audit Framework for the configured IDM keystore.

Signature Interval

signatureInterval

CSV Tamper Evident Configuration: Signature generation interval. Default = 1 hour. Units described in Restrictions on Configuring the CSV Audit Handler in the UI.

Buffering

buffering

Configuration for optional event buffering.

enabled

enabled

Buffering: true, or false.

autoFlush

autoFlush

Buffering: avoids flushing after each event.

PingIDM

CSV audit event handler properties