ATNA audit configuration

JamBridge writes an IHE ATNA AuditEvent for every transaction. Audit writing is fully asynchronous and never blocks the ACK path.

Dual transport

JamBridge supports two ATNA transports simultaneously:

1. RFC 5425 TLS syslog

Industry-standard ATNA transport. Requires syslog-ng with TLS listener.

BridgeConfig.yaml
bridge:
  audit:
    transport: syslog-tls
    syslog-host: auditstore.internal
    syslog-port: 6514
    syslog-tls:
      keystore: classpath:audit-client.p12
      keystore-password: ${AUDIT_KEYSTORE_PASSWORD}
      truststore: classpath:audit-ca.jks

2. BALP FHIR AuditEvent

Newer approach — AuditEvents are FHIR resources stored in HAPI FHIR. Queryable by patient, actor, time, and outcome.

BridgeConfig.yaml
bridge:
  audit:
    transport: fhir-balp
    fhir-balp-url: http://hapi:8080/fhir

Both transports

bridge:
  audit:
    transport: both

Recommended for production — syslog-ng for non-repudiation, FHIR AuditEvent for patient-facing audit queries.

AuditEvent query

Query all audit events for a patient:

GET /fhir/AuditEvent?patient=Patient/GOLDEN-00441&date=ge2026-06-01
Host: hapi:8080

Query all consent denials:

GET /fhir/AuditEvent?outcome=8&type=110106

Dual transport​

1. RFC 5425 TLS syslog​

2. BALP FHIR AuditEvent​

Both transports​

AuditEvent query​

Dual transport

1. RFC 5425 TLS syslog

2. BALP FHIR AuditEvent

Both transports

AuditEvent query