After made changes to tamper evident audit files, the verification command didn't give any meaningful result
1. started openidm using sample2b(just for running recon easily)
2. Followed the integrator's guide http://openidm.forgerock.org/doc/bootstrap/integrators-guide/index.html#tamper-evident-operation to configure the signature algorithm and password key.
3. Enabled the feature on UI through System Preference->Audit->CsvAuditEventHandler
used space for quoteChar, - for delimitChar and ***** for symbols between lines. enabled tamper evident, used openidm for the handler and 5 minutes as signature interval. submit changes, removed the existing audit files and save changes on UI.
3. observed the new audit files name changed to tamper-evident-access.csv and etc and the audit files have HMAC and signature values included. run more recons and make changes to the recon audit file.
4. Run the following command to detect changes in openidm directory.
java -jar bundle/forgerock-audit-handler-csv-4.1.0.jar --archive audit/ --topic recon --keystore security/keystore.jceks --password changeit
The output is as follow:
SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
SLF4J: Defaulting to no-operation (NOP) logger implementation
SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.
and no other meaningful info to show the audit file is changed or not. according to Alin and Andi, the slf4j warnings should be harmless.