Security auditing provides tracking and archiving of auditable
events. This topic uses the wsadmin tool to enable and administer your security
auditing configurations.
About this task
While security authentication and authorization ensures that users
must have access to view protected resources, security auditing provides a
mechanism to validate the integrity of a security computing environment. Security
auditing collects and logs authentication, authorization, system management,
security, and audit policy events in audit event records. You can analyze
audit event records to determine possible security breaches, threats, attacks,
and potential weaknesses in the security configuration of your environment.
Enable security auditing in your environment. For example, the following list
displays a sample of events to audit:
- Determine the time that a specific user attempted to access a resource.
- View information for successful and unsuccessful attempts to access resources.
- Review changes to resources that were made by a specific user.
- Determine the cause of unsuccessful login attempts.
Use the following task outline to enable and configure security auditing
in your environment: