Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-4034

AuditService does not delete old files when maxDiskSpaceToUse is reached

    XMLWordPrintable

    Details

    • Support Ticket IDs:
    • Story Points:
      1

      Description

      When AuditService is configured with maxDiskSpaceToUse and this limit is reached, IG does not delete old audit files and also stops auditing further requests. 

      The issue can be reproduced by defining the following AuditService in the config.json heap and referencing this auditService in a route:

      {
        "name": "myAuditService",
        "type": "AuditService",
        "config": {
          "config": {},
          "event-handlers": [
            {
              "class": "org.forgerock.audit.handlers.json.JsonAuditEventHandler",
              "config": {
                "name": "JsonEventHandler",
                "topics": [
                  "access"
                ],
                "logDirectory": "/home/ahaskins/.openig/audit/ig-access",
                "elasticsearchCompatible": true,
                "fileRotation": {
                  "rotationEnabled": true,
                  "maxFileSize": 1000,
                  "rotationInterval": "2 hours"
                },
                "fileRetention": {
                  "maxNumberOfHistoryFiles": 10,
                  "maxDiskSpaceToUse": 10000
                },
                "buffering": {
                  "writeInterval": "100 ms",
                  "maxSize": 10000
                },
                "rotationRetentionCheckInterval": "1 m"
              }
            }
          ]
        }
      }
      

       And in a route, just call myAuditService:

      {
        "name": "home",
        "baseURI": "http://app.example.com:8888",
        "condition": "${matches(request.uri.path, '^/home')}",
        "auditService": "myAuditService",
        "heap": [
          {
            "name": "AmService-1",
            "type": "AmService",
            "config": {
              "url": "http://openam.example.com:8088/openam",
              "realm": "/",
              "ssoTokenHeader": "iPlanetDirectoryPro",
              "version": "6.5",
              "agent": {
                "username": "ig_agent",
                "password": "password"
              },
              "sessionCache": {
                "enabled": true
              }
            }
          }
        ],
        "handler": {
          "type": "Chain",
          "config": {
            "filters": [
              {
                "name": "SingleSignOnFilter-1",
                "type": "SingleSignOnFilter",
                "config": {
                  "amService": "AmService-1"
                }
              }
            ],
            "handler": "ReverseProxyHandler"
          }
        }
      }
      

      The example only uses small limits so it can be reproduced in a few requests.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              markdr Mark de Reeper
              Reporter:
              aaron.haskins Aaron Haskins
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: