You can use the Jython scripting language to configure audit service providers with the wsadmin tool. Use the commands and parameters in the AuditEmitterCommands group to create, manage, and remove audit service providers from your security auditing system configuration.
The createBinaryEmitter command creates an entry in the audit.xml file to reference the configuration of the binary file emitter implementation of the audit service provider interface.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Optional parameters
Return value
AuditServiceProvider_1184686384968
Batch mode example usage
AdminTask.createBinaryEmitter('-uniqueName mybinaryemitter -className com.ibm.ws.security.audit.BinaryEmitterImpl -fileLocation c:\wasinstall\appserver\profiles\AppSrv01\logs\server1 -maxFileSize 20 -maxLogs 100 -auditFilters AuditSpecification_1173199825608')
AdminTask.createBinaryEmitter(['-uniqueName', 'mybinaryemitter', '-className', 'com.ibm.ws.security.audit.BinaryEmitterImpl', '-fileLocation', 'c:\wasinstall\appserver\profiles\AppSrv01\logs\server1', '-maxFileSize', '20', '-maxLogs', '100', '-auditFilters', 'AuditSpecification_1173199825608'])
Interactive mode example usage
AdminTask.createBinaryEmitter('-interactive')
The createSMFEmitter command creates an entry in the audit.xml file to reference the configuration of an SMF implementation of the audit service provider interface. The encryption and signing of audit records is not supported for SMF implementations.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
AuditServiceProvider_1184686384968
Batch mode example usage
AdminTask.createSMFEmitter('-uniqueName mySMFEmitter -auditFilters AuditSpecification_1173199825608')
AdminTask.createSMFEmitter(['-uniqueName', 'mySMFEmitter', '-auditFilters', 'AuditSpecification_1173199825608'])
Interactive mode example usage
AdminTask.createSMFEmitter('-interactive')
The createThirdPartyEmitter command creates an entry in the audit.xml configuration file to reference the configuration of a third party emitter implementation of the audit service provider interface. The encryption and signing of audit records is not supported for third party implementations.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Optional parameters
Return value
AuditServiceProvider_1184686638218
Batch mode example usage
AdminTask.createThirdPartyEmitter('-uniqueName myThirdPartyEmitter -className com.mycompany.myemitterclass -eventFormatterClass com.mycompany.myeventformatterclass -auditFilters AuditSpecification_1173199825608')
AdminTask.createThirdPartyEmitter(['-uniqueName', 'myThirdPartyEmitter', '-className', 'com.mycompany.myemitterclass', '-eventFormatterClass', 'com.mycompany.myeventformatterclass', '-auditFilters', 'AuditSpecification_1173199825608'])
Interactive mode example usage
AdminTask.createThirdPartyEmitter('-interactive')
The deleteAuditEmitterByRef command deletes the audit service provider implementation that the system references with the reference id. If an event factory is using the audit service provider, the system generates an error that indicates that the system cannot remove the audit service provider.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully removes the audit service provider.
Batch mode example usage
AdminTask.deleteAuditEmitterByRef('–emitterRef AuditServiceProvider_1173199825608')
AdminTask.deleteAuditEmitterByRef(['–emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.deleteAuditEmitterByRef('-interactive')
The deleteAuditEmitterByName command deletes the audit service provider implementation that the system references with the unique name. If an event factory is using the audit service provider, the system generates an error that indicates that the system cannot remove the audit service provider.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully deletes the audit service provider implementation.
Batch mode example usage
AdminTask.deleteAuditEmitterByName('-uniqueName mybinaryemitter')
AdminTask.deleteAuditEmitterByName(['-uniqueName', 'mybinaryemitter'])
Interactive mode example usage
AdminTask.deleteAuditEmitterByName('-interactive')
The getAuditEmitter command returns the attributes for the audit service provider of interest.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
{{auditSpecifications myfilter(cells/CHEYENNENode04Cell|audit.xml#AuditSpecification_1184598886859)} {name auditServiceProviderImpl_1} {_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvider_1173199825608} {maxFileSize 1} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation ${PROFILE_ROOT}/logs/server1} {className com.ibm.ws.security.audit.BinaryEmitterImpl} {properties {}} {eventFormatterClass {}} {maxLogs 100}}
Batch mode example usage
AdminTask.getAuditEmitter('-emitterRef AuditServiceProvider_1173199825608')
AdminTask.getAuditEmitter(['-emitterRef AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.getEmitterClass('-interactive')
The getBinaryFileLocation command returns the file location of the binary file audit logs.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
$profile_root/logs/server1
Batch mode example usage
AdminTask.getBinaryFileLocation('-emitterRef AuditServiceProvider_1173199825608')
AdminTask.getBinaryFileLocation(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.getBinaryFileLocation('-interactive')
The getAuditEmitterFilters command returns a list of defined filters for the audit service provider implementation of interest.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
AUTHN:SUCCESS,AUTHN:INFO,AUTHZ:SUCCESS,AUTHZ:INFO
Batch mode example usage
AdminTask.getAuditEmitterFilters('-emitterRef AuditServiceProvider_1173199825608')
AdminTask.getAuditEmitterFilters(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.getAuditEmitterFilters('-interactive')
The getBinaryFileSize command returns the maximum file size of the binary audit log that is defined for the audit service provider of interest in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns the integer value of the maximum file size in megabytes.
Batch mode example usage
AdminTask.getBinaryFileSize('-emitterRef AuditServiceProvider_1173199825608')
AdminTask.getBinaryFileSize(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.getBinaryFileSize('-interactive')
The getEmitterClass command returns the class name of the audit service provider emitter implementation.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns the class name of the audit service provider implementation.
Batch mode example usage
AdminTask.getEmitterClass('-emitterRef AuditServiceProvider_1173199825608')
AdminTask.getEmitterClass(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.getEmitterClass('-interactive')
The getEmitterUniqueId command returns the unique identifier of the audit service provider implementation.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns the unique ID of the audit service provider of interest.
Batch mode example usage
AdminTask.getEmitterUniqueId('-emitterRef AuditServiceProvider_1173199825608')
AdminTask.getEmitterUniqueId(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.getEmitterUniqueId('-interactive')
The getMaxNumBinaryLogs command returns the maximum number of binary audit logs that is defined for the audit service provider of interest in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns the integer value that represents the maximum number of binary audit logs in the configuration.
Batch mode example usage
AdminTaskgetMaxNumBinaryLogs('-emitterRef AuditServiceProvider_1173199825608')
AdminTaskgetMaxNumBinaryLogs(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
AdminTask.getMaxNumBinaryLogs('-interactive')
The listAuditEmitters command returns a list of configured audit service provider implementation objects and the corresponding attributes.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
{{auditSpecifications myfilter(cells/CHEYENNENode04Cell|audit.xml#AuditSpecifica tion_1184598886859)} {name auditServiceProviderImpl_1} {_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvid er_1173199825608} {maxFileSize 1} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation ${PROFILE_ROOT}/logs/server1} {className com.ibm.ws.security.audit.BinaryEmitterImpl} {properties {}} {auditSpecRef1 AuditSpecification_1184598886859} {eventFormatterClass {}} {maxLogs 100} {emitterRef AuditServiceProvider_1173199825608}} {{auditSpecifications DefaultAuditSpecification_1(cells/CHEYENNENode04Cell|audit .xml#AuditSpecification_1173199825608)} {name mythirdpartyemitter} {_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvid er_1184686638218} {maxFileSize 0} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation {}} {className com.mycompany.myemitterclass} {properties {}} {auditSpecRef1 AuditSpecification_1173199825608} {eventFormatterClass com.mycompany.myeventformatterclass} {maxLogs 0} {emitterRef AuditServiceProvider_1184686638218}}
Batch mode example usage
AdminTask.listAuditEmitters()
AdminTask.listAuditEmitters()
Interactive mode example usage
AdminTask.listAuditEmitters('-interactive')
The modifyAuditEmitter command modifies the attributes of an audit service provider implementation object.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Optional parameters
You can set the com.ibm.audit.field.length.limit custom property to specify the length at which variable-length audit data is truncated. For more information, see the documentation about the security custom properties.
Return value
The command returns a value of true if the system successfully modifies the audit service provider of interest.
Batch mode example usage
AdminTask.modifyAuditEmitter('-emitterRef AuditServiceProvider_1184686638218 -auditFilters AuditSpecification_1173199825608 -fileLocation c:\wasinstall\appserver\profiles\AppSrv01\mylogs -maxFileSize 14 -maxLogs 200')
AdminTask.modifyAuditEmitter(['-emitterRef', 'AuditServiceProvider_1184686638218', '-auditFilters', 'AuditSpecification_1173199825608', '-fileLocation', 'c:\wasinstall\appserver\profiles\AppSrv01\mylogs', '-maxFileSize', '14', '-maxLogs', '200'])
Interactive mode example usage
AdminTask.modifyAuditEmitter('-interactive')
The setAuditEmitterFilters command sets the filters for an audit service provider implementation.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully sets the filters for the audit service provider.
Batch mode example usage
AdminTask.setAuditEmitterFilters('-emitterRef AuditServiceProvider_1173199825608 -filtersRef AuditSpecification_1184598886859')
AdminTask.setAuditEmitterFilters(['-emitterRef', 'AuditServiceProvider_1173199825608', '-filtersRef', 'AuditSpecification_1184598886859'])
Interactive mode example usage
AdminTask.setAuditEmitterFilters('-interactive')