16.3.1. Event Types

The eventTypes configuration specifies what events OpenIDM writes to audit logs. OpenIDM supports two eventTypes: activity for the activity log, and recon for the reconciliation log. The filter for actions under activity logging shows the actions on managed or system objects for which OpenIDM writes to the activity log.

The filter actions list enables you to configure the conditions that result in actions being written to the activity log.

read

When an object is read by using its identifier.

create

When an object is created.

update

When an object is updated.

delete

When an object is deleted.

patch

When an object is partially modified.

query

When a query is performed on an object.

action

When an action is performed on an object.

You can optionally add a filter triggers list that specifies the actions that are logged for a particular trigger. For example, the following addition to the audit.json file specifies that only create and update actions are logged for an activity that was triggered by a recon. 

   ...
            "filter" : {
                "actions" : [
                    "create",
                    "update",
                    "delete",
                    "patch",
                    "action"
                ],
                "triggers" : {
                    "recon" : [
                        "create",
                        "update"
                    ]
                }
            },
            "watchedFields" : [ ],   
   ...

If a trigger is provided, but no actions are specified, nothing is logged for that trigger. If a trigger is omitted, all actions are logged for that trigger. In the current OpenIDM release, only the recon trigger is implemented. For a list of reconciliation actions that can be logged, see Synchronization Actions.

The watchedFields parameter enables you to specify a list of fields that should be "watched" for changes. When the value of one of the fields in this list changes, the change is logged in the audit log, under the column "changedFields". Fields are listed in comma-separated format, for example: 

"watchedFields" : [ "email", "address" ]

The passwordFields parameter enables you to specify a list of fields that are considered passwords. This parameter functions much like the watchedFields parameter in that changes to these field values are logged in the audit log, under the column "changedFields". In addition, when a password field is changed, the boolean "passwordChanged" flag is set to true in the audit log. Fields are listed in comma-separated format, for example: 

"passwordFields" : [ "password", "username" ]