Using Audit Properties to Filter Events to Debug Log

Filters are specified in the Audit property configuration files.

The default filters are specified in the default properties file, found at /opt/EXTENSION/conf/audit/

Important: Do not edit the /opt/EXTENSION/conf/audit/ file.

You can add to or replace the default filters by creating a .user properties file at /opt/EXTENSION/conf/audit/

The default filters are:


To override the filters without replacing them, place the following in /opt/EXTENSION/conf/audit/


To change the existing filters, specify new values for the same filters.

To add a filter, use a new filter name such as "filter.05".

Filters are specified using one or more conditions. Conditions are composed of the Audit field/property and a regular expression that the field/property must match. They are formatted in the property file as follows:

filter.<number>=<audit field or property>/<regular expression>/,<audit field or property>/<regular expression>/,...


Use a comma or space (or anything that doesn't look like a condition) to separate multiple conditions.

A filter matches an Audit event if all conditions match. The regular expression can match anywhere in the value. To match the complete value, use anchors in the regular expression; for example, /DataExport/ will match MyDataExport, but /^DataExport$/ will not.

Filters will never match warning or error level Audit events. Filtering only applies to INFO level events.

Important: Filters that do not match the above pattern will be ignored and logged as errors to EIAudit.log.

Filters can be tested by viewing /opt/EXTENSION/log/EIAudit.log. All filtered Audit events are logged as INFO log entries starting with {{Filtered :}} followed by the JSON for the Audit event.

Important: Use two of the backward slash (\\) because /opt/EXTENSION/log/EIAudit.log is a Java properties file. Matching a forward slash (/) is not supported in the filter, because the forward slash is used to mark the beginning and end of a regular expression.