Audit logging is a vital security feature in PingAM 8.0.2 that provides a record of system activity. To make these logs useful for modern analysis tools and to ensure they contain rich metadata, PingAM utilizes structured logging.
According to the PingAM "Audit Logging Service" documentation:
When an administrator enables audit logging in a new installation, the system is pre-configured with the JSON audit event handler as the default. This handler writes log entries to the local filesystem in a structured JSON format (e.g., access.audit.json).
The choice ofJSON(Option D) as the default is strategic:
Structure: JSON allows for complex, nested data structures, which is necessary to capture the full context of an authentication journey or a policy decision.
Interoperability: JSON is the "native language" of modern log aggregators and SIEM platforms like Splunk, ELK (Elasticsearch/Logstash/Kibana), and Sumo Logic.
Readability: While structured, it remains human-readable for quick manual inspection.
Why other options are incorrect:
CSV (B)andSyslog (C)are available handlers but must be explicitly added or configured; they are not the primary default.
Elasticsearch (A)is a powerful target for audit logs, but PingAM typically sends data there via an external collector reading the JSON files or via a specifically configured Elasticsearch handler, rather than it being the out-of-the-box default for a local installation.
The JSON handler ensures that from the moment logging is turned on, the data is stored in a format that balances detailed reporting with ease of integration.
