Configuring security audit notifications using scripting

Configure the security auditing system to send email notifications to a distribution list, system log, or both a distribution list and a system log if a failure occurs in the audit subsystem. Security auditing provides tracking and archiving of auditable events.

Before you begin

Before configuring a notification object in the audit.xml configuration file, verify that you set up a security auditing subsystem and configured the security auditing policy.

About this task

You can configure the security auditing system to notify a specific person or group when a failure occurs in the audit subsystem. Use the following steps to enable security auditing email notifications, set the format of notification email, and secure email:

Procedure

  1. Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
  2. Customize and enable security auditing email notifications.
    Table 1. Command parameters.

    Use the createAuditNotification command and the following parameters to configure notifications:

    Parameter Description Data Types Required
    -notificationName Specifies a unique name to assign the audit notification object in the audit.xml file. String Yes
    -logToSystemOut Specifies whether to log the notification to the SystemOut.log file. Boolean Yes
    -sendEmail Specifies whether to email notifications. Boolean Yes
    -emailList Specifies the email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No
    -emailFormat Specifies whether to send the email be HTML or TEXT format. String No
    To create the audit notification object, you must specify the -notificationName, -logToSystemOut, and -sendEmail parameters, as the following example demonstrates:
    AdminTask.createAuditNotification('-notificationName defaultEmailNotification 
    -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) 
    -emailFormat HTML')
  3. Create an audit notification monitor object.
    Create an audit notification monitor object to monitor the security auditing subsystem for possible failure.
    Table 2. Command parameters.

    Use the createAuditNotificationMonitor command and the following parameters to create a monitor object for the security auditing system:

    Parameter Description Data Types Required
    -notificationName Specifies a unique name to assign the audit notification object in the audit.xml file. String Yes
    -logToSystemOut Specifies whether to log the notification to the SystemOut.log file. Boolean Yes
    -sendEmail Specifies whether to email notifications. Boolean Yes
    -emailList Specifies the email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No
    -emailFormat Specifies whether to send the email be HTML or TEXT format. String No
    To create the audit notification monitor object, you must specify the -notificationName, -logToSystemOut, and -sendEmail parameters, as the following example demonstrates:
    AdminTask.createAuditNotificationMonitor('-notificationName defaultEmailNotification 
    -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) 
    -emailFormat HTML')
  4. Save your configuration changes.
    Use the following command example to save your configuration changes:
    AdminConfig.save()

Results

The security auditing system notifies the specified recipients if a failure occurs in the security auditing system.

What to do next

Use the modifyAuditNotification command and the Audit Notification Commands command group for the AdminTask object to manage your notification configuration.




In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Oct 21, 2010 10:04:34 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-mp&topic=txml_7auditnotify
File name: txml_7auditnotify.html