The Knox Audit module is based on the Apache log4j. You can customize the logger by changing the log4j.appender.auditfile.Layout property in $gateway /conf/gateway-log4j.properties to another class that extends Log4j. For detailed information see Apache's log4j.