Thanks for the thoughts! To clarify, I was primarily asking about where to install IRIS itself. Within the context of that question, it's always good to include information about directories for the other important stuff, such as Journals and databases, so thanks for that.

Thanks for posting this Joel! I've been wondering about this for a while too! 🤣

As others in this thread have said, custom audit events from applications are added to the Audit Log using a call to $system.Security.Audit(). The events must be defined ahead of time in the Portal, using Configure User Events. All events (system and custom) have a 3-part name: Source, Type, and Name. I think of these parts as Main Category, Subcategory, and Name.

The person(s) defining the custom events can choose all 3 parts of the name, in order to categorize all the custom events they're defining. So you could use Source = ABC, Type = DEF, and Name = XYZ. The names are totally up to you. Once defined, the event gets added by some code calling $system.Security.Audit("ABC", "DEF", "XYZ").