Before enabling security auditing, use this task to configure
audit service providers using the wsadmin tool. Security auditing
provides tracking and archiving of auditable events.
Before you begin
Before configuring security audit service providers, enable
administrative security in your environment.
About this task
In order to enable security auditing in your environment,
you must configure an audit service provider. The audit service provider
writes the audit records and data to the back-end repository associated
with the service provide implementation. The security auditing configuration
provides a default service provider. Use this topic to customize your
security auditing subsystem by creating additional audit service providers.
Use
the following steps to configure your security auditing subsystem
using the wsadmin tool:
Procedure
- Launch the wsadmin scripting tool using the Jython scripting
language. See the Starting the wsadmin scripting client article for
more information.
- Configure an audit service provider. You can use the default
binary-based audit service provider, or use this step to create a
new audit service provider.
There are binary file-based and third-party
audit service providers. In addition to the default binary file-based
service provider, you can configure a third-party audit service provider.
Choose
the type of audit service provider to create.
- Use the createBinaryEmitter command and the following required
parameters to create a default audit service provider.
Table 1. Command parameters. This table lists
required parameters for the createBinaryEmitter command.
Parameter |
Description |
Data Type |
Required |
-uniqueName |
Specifies a unique name that identifies the
audit service provider. |
String |
Yes |
-className |
Specifies the class implementation of the audit
service provider interface. |
String |
Yes |
-fileLocation |
Specifies the file location for the audit service
provider to write the audit logs. |
String |
Yes |
-auditFilters |
Specifies a reference or a group of references
to predefined audit filters, using the following format: reference, reference, reference |
String |
Yes |
-maxFileSize |
Specifies the maximum size each audit log reaches
before the system saves it with a timestamp and creates a new file.
Specify the file size in megabytes. If you do not specify this parameter,
the system sets the maximum file size to 10 megabytes. |
Integer |
No |
-maxLogs |
Specifies the maximum number of audit logs to
create before rewriting the oldest log. If you do not specify this
parameter, the system allows up to 100 audit logs before overwriting
the oldest log. |
Integer |
No |
The following example creates a new audit service provider
in your security auditing configuration:
AdminTask.createBinaryEmitter('-uniqueName newASP -className
com.ibm.ws.security.audit.BinaryEmitterImpl -fileLocation /AUDIT_logs
-auditFilters "AuditSpecification_1173199825608, AuditSpecification_1173199825609,
AuditSpecification_1173199825610, AuditSpecification_1173199825611"')
- Use the createThirdPartyEmitter command to use a third-party
audit service provider. Use the following parameters
with the createThirdPartyEmitter command.
Table 2. Command parameters. This table lists
parameters used with the createThirdPartyEmitter command,
Parameter |
Description |
Data Type |
Required |
-uniqueName |
Specifies a unique name that identifies the
audit service provider. |
String |
Yes |
-className |
Specifies the class implementation of the audit
service provider interface. |
String |
Yes |
-eventFormatterClass |
Specifies the class that implements how the
audit event is formatted for output. If you do not specify this parameter,
the system uses the standard text format for output. |
String |
Yes |
-auditFilters |
Specifies a reference identifier or a group
of reference identifiers to pre-defined audit filters, using the following
format: reference, reference, reference. |
String |
Yes |
-customProperties |
Specifies any custom properties that might be
required to configure a third party audit service provider. |
String |
No |
The following example creates a new third party audit service
provider in your security auditing configuration:
AdminTask.createThirdPartyEmitter('-uniqueName myAuditServiceProvider -className
com.mycompany.myclass -fileLocation /auditLogs -auditFilters
"AuditSpecification_1173199825608, AuditSpecification_1173199825609,
AuditSpecification_1173199825610, AuditSpecification_1173199825611"')
- Save your configuration changes.
Use the following command example to save your configuration
changes:
AdminConfig.save()
What to do next
Enable security auditing in your environment.