Audit Logging service at realm level is not being used. For example, AM only seems to use the Field whitelist filter at a global level.
- Add Audit Logging Service at Realm level
- Add /access/http/request/headers/testHeader to Field whitelist filters
- tail -f /path/to/openam/var/audit/access.audit.json
- Open browser dev tools and navigate to OAuth2 clients for example
- Edit and resend https://openam.example.com:8443/openam/json/global-config/realms?_action=schema
- Edit and resend with the header/value testHeader: testValue
- access.audit.json won't log this header
- Add the same Field whitelist filters at the global level
- Resend the request from Step 6, it will now show in access.audit.json
Use Global Audit Logging service only but this means you can use different filters across realms.