Page tree
Skip to end of metadata
Go to start of metadata

For general information see the main Auditing page.

Configuration examples

Audit to main repository + logs

SQL repository + auditing to PostgreSQL, audit also to logs. If auditService for SqlAuditServiceFactory does not contain any other configuration, main repository configuration is used - in fact, the same data source (connection pool, etc.) is shared.

<repository>
    <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
    <embedded>false</embedded>
    <driverClassName>org.postgresql.Driver</driverClassName>
    <hibernateHbm2ddl>update</hibernateHbm2ddl>
    <hibernateDialect>org.hibernate.dialect.PostgreSQLDialect</hibernateDialect>
    <jdbcPassword>midpoint</jdbcPassword>
    <jdbcUsername>midpoint</jdbcUsername>
    <jdbcUrl>jdbc:postgresql://localhost:5432/midpoint</jdbcUrl>
</repository>
<audit>
    <auditService>
        <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
    </auditService>
    <auditService>
		<auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
	<auditService>
</audit>

Audit to separate repository

MidPoint 4.2 and later

Configuration element auditService for SqlAuditServiceFactory can contain any element from repository configuration - see Repository Configuration for more.

  • One of jdbcUrl or dataSource must be used - otherwise any repository configuration in auditService is ignored and only main repository configuration is used.
  • The recommended way is to use jdbcUrl with jdbcUsername, jdbcPassword and driverClassName and database.
  • Preconfigured dataSource for WAR deployment on application server or Tomcat is also possible - but this is not recommended anymore and not officially supported.
  • In both cases the right value for database element should be used, e.g. postgresql.
  • If the separate repository for audit is used, do not use H2 - this option is not supported. Use only production-like settings. It is however possible to use other database for audit while main repository is set to embedded H2, mostly for development/testing purposes.
  • Separate database must be prepared in a similar way to the main database with tables, indexes and foreing keys containing "audit" created. For PostgreSQL example, see PostgreSQL page, section Separate audit database.

Example configuration with default H2 for main repository and PostgreSQL on localhost for audit:

<repository>
    <repositoryServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlRepositoryFactory</repositoryServiceFactoryClass>
    <baseDir>${midpoint.home}</baseDir>
    <asServer>true</asServer>
</repository>
<audit>
    <auditService>
        <auditServiceFactoryClass>com.evolveum.midpoint.audit.impl.LoggerAuditServiceFactory</auditServiceFactoryClass>
    </auditService>
    <auditService>
        <auditServiceFactoryClass>com.evolveum.midpoint.repo.sql.SqlAuditServiceFactory</auditServiceFactoryClass>
        <jdbcUrl>jdbc:postgresql://localhost/midaudit</jdbcUrl>
        <database>postgresql</database>
        <jdbcUsername>midaudit</jdbcUsername>
        <jdbcPassword>password</jdbcPassword>
    </auditService>
</audit>

See Also

  • No labels