Skip to main content
Version: 1.11

Audit logging

Audit logging is disabled by default but when enabled it will record every authorization request serviced, including which attributes, with sources and values, that ADS used when servicing the request.

Logging is enabled or disabled in the deployment configuration file, see See Logging for information on how this is done.

Logging events

The audit logs produced by ADS contain two types of logging events, evaluation events and administrative events.

  • evaluation events - data regarding access requests and their responses
  • administrative events - data regarding runtime changes to the configuration of ADS

Which type of event that is included in the log output file is controlled by configuration. The different options for this configuration are described in the section Separating event types in the audit log output.

By default, the log output for evaluation events is presented in a concise format, that is, information not essential to auditing is excluded from the evaluation events. How to configure the logging to use the verbose format for the output instead of the default concise format is described in the section Enabling verbose audit logging.