After carefully following the guide to implement custom audit topics for Forgerock Identity Gateway (Extend IG :: ForgeRock Identity Gateway), using a JsonAuditEventHandler it does seem to work as intended.
However, the same configuration with no changes does not seem to work for a SyslogAuditEventHandler.
{
"name": "SyslogAuditService",
"type": "AuditService",
"config": {
"eventHandlers": [
{
"class": "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler",
"config": {
"name": "MySyslogAuditEventHandler",
"topics": [
"access",
"OAuth2AccessTopic"
],
"protocol": "UDP",
"host": "localhost",
"port": "3333",
"connectTimeout": 30000,
"facility": "LOCAL0",
"severityFieldMappings": [
{
"topic": "access",
"field": "response/status",
"valueMappings": {
"FAILED": "INFORMATIONAL",
"SUCCESSFUL": "INFORMATIONAL"
}
}
]
}
}
]
}
}
The received message contains the custom topic but does not keep any data inside.
<134>1 1715623993276 ab7e210f2889 IG 1570578713 OAuth2AccessEvent [OAuth2AccessTopic.IG@36733 OAuth2Access._id="" OAuth2Access.timestamp="" OAuth2Access.transactionId="" OAuth2Access.eventName="" OAuth2Access.accessToken.scopes="" OAuth2Access.accessToken.expiresAt="" OAuth2Access.accessToken.sub="" OAuth2Access.resource.path="" OAuth2Access.resource.method=""]
Is there any additional configuration that is required for this specific handler for the example to work?