You can use the Jython scripting language to manage the security auditing system with the wsadmin tool. Use the commands and parameters in the AuditPolicyCommands group to enable and configure the security auditing system.
The disableAudit command disables security auditing in the audit.xml configuration file.
The user must have the auditor administrative role to run this command.
Target object
None.
Return value
The command returns a value of true if the system successfully disables security auditing.
Batch mode example usage
AdminTask.disableAudit()
AdminTask.disableAudit()
Interactive mode example usage
AdminTask.disableAudit('-interactive')
The disableVerboseAudit command disables the verbose capture of audit data for the security auditing system.
The user must have the auditor administrative role to run this command.
Target object
None.
Return value
The command returns a value of true if the system successfully disables the verbose capture of audit data.
Batch mode example usage
AdminTask.disableVerboseAudit()
AdminTask.disableVerboseAudit()
Interactive mode example usage
AdminTask.disableVerboseAudit('-interactive')
The enableAudit command enables security auditing in the audit.xml configuration file. By default, security auditing is disabled.
The user must have the auditor administrative role to run this command.
Target object
None.
Return value
The command returns a value of true if the system successfully enables security auditing.
Batch mode example usage
AdminTask.enableAudit()
AdminTask.enableAudit()
Interactive mode example usage
AdminTask.enableAudit('-interacive')
The enableVerboseAudit command sets the security auditing system to perform verbose capture of audit data.
The user must have the auditor administrative role to run this command.
Target object
None.
Return value
The command returns a value of true if the system successfully sets the security auditing system to perform verbose capture of audit data.
Batch mode example usage
AdminTask.enableVerboseAudit()
AdminTask.enableVerboseAudit()
Interactive mode example usage
AdminTask.enableVerboseAudit('-interactive')
The getAuditPolicy command retrieves each attribute that is associated with the audit policy in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
{{auditEventFactories {{{name auditEventFactoryImpl_1} {properties {}} {className com.ibm.ws.security.audit.AuditEventFactoryImpl} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608) DefaultAuditSpecification_2(cells/Node04Cell|audit.xml#AuditSpecification_1173199825609) DefaultAuditSpecification_3(cells/Node04Cell|audit.xml#AuditSpecification_1173199825610) DefaultAuditSpecification_4(cells/Node04Cell|audit.xml#AuditSpecification_1173199825611)} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1173199825608} {_Websphere_Config_Data_Type AuditEventFactory}}}} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditPolicy_1173199825608} {auditServiceProviders {{{auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608) DefaultAuditSpecification_2(cells/Node04Cell|audit.xml#AuditSpecification_1173199825609) DefaultAuditSpecification_3(cells/Node04Cell|audit.xml#AuditSpecification_1173199825610) DefaultAuditSpecification_4(cells/Node04Cell|audit.xml#AuditSpecification_1173199825611)} {name auditServiceProviderImpl_1} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608} {maxFileSize 1} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation ${PROFILE_ROOT}/logs/server1} {className com.ibm.ws.security.audit.BinaryEmitterImpl} {properties {}} {eventFormatterClass {}} {maxLogs 100}}}} {securityXmlSignerCertAlias auditSignCert} {properties {}} {securityXmlSignerScopeName (cell):Node04Cell:(node):Node04} {auditorPwd SweetShadowsPwd} {_Websphere_Config_Data_Type AuditPolicy} {securityXmlSignerKeyStoreName NodeDefaultSignersStore} {verbose false} {auditPolicy WARN} {encrypt false} {managementScope {}} {encryptionCert {}} {batching false} {auditorId SweetShadow} {auditEnabled false} {sign true}}
Batch mode example usage
AdminTask.getAuditPolicy()
AdminTask.getAuditPolicy()
Interactive mode example usage
AdminTask.getAuditPolicy('-interactive')
The getAuditSystemFailureAction command displays the action that the application server takes if a failure occurs in the security auditing subsystem.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
WARN | Specifies that the application server should notify the auditor, stop security auditing, and continue to run the application server process. |
NOWARN | Specifies that the application server should not notify the auditor, but should stop security auditing and continue to run the application server process |
FATAL | Specifies that the application server should notify the auditor, stop security auditing, and stop the application server process. |
Batch mode example usage
AdminTask.getAuditSystemFailureAction()
AdminTask.getAuditSystemFailureAction()
Interactive mode example usage
AdminTask.getAuditSystemFailureAction('-interactive')
The getAuditorId command retrieves the name of the user who is assigned as the auditor.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
The command returns the name of the user who is assigned as the auditor.
Batch mode example usage
AdminTask.getAuditorId()
AdminTask.getAuditorId()
Interactive mode example usage
AdminTask.getAuditorId('-interactive')
The isAuditEnabled command determines whether the security auditing is enabled in your configuration. By default, auditing is not enabled in the audit.xml configuration file.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
The command returns a value of true if security auditing is enabled in your environment. If the command returns a value of false, security auditing is disabled.
Batch mode example usage
AdminTask.isAuditEnabled()
AdminTask.isAuditEnabled()
Interactive mode example usage
AdminTask.isAuditEnabled('-interactive')
The isVerboseAuditEnabled command determines whether or not the security auditing system verbosely captures audit data.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
The command returns a value of true if the security auditing system is configured to verbosely capture audit data.
Batch mode example usage
AdminTask.isVerboseAuditEnabled()
AdminTask.isVerboseAuditEnabled()
Interactive mode example usage
AdminTask.isVerboseAuditEnabled('-interactive')
The mapAuditGroupIDsOfAuthorizationGroup command maps the special subjects to users in the registry.
The user must have the monitor administrative role to run this command.
Target object
None.
Return value
The command does not return output.
Batch mode example usage
AdminTask.mapAuditGroupIDsOfAuthorizationGroup()
AdminTask.mapAuditGroupIDsOfAuthorizationGroup()
Interactive mode example usage
AdminTask.mapAuditGroupIDsOfAuthorizationGroup('-interactive')
The modifyAuditPolicy command modifies the audit policy attributes in the audit.xml configuration file. You can use this command to modify one or multiple attributes.
The user must have the auditor administrative role to run this command.
Target object
None.
Optional parameters
WARN | Specifies that the application server should notify the auditor, stop security auditing, and continue to run the application server process. |
NOWARN | Specifies that the application server should not notify the auditor, but should stop security auditing and continue to run the application server process |
FATAL | Specifies that the application server should notify the auditor, stop security auditing, and stop the application server process. |
Return value
The command returns a value of true if the system successfully updates the security auditing system policy.
Batch mode example usage
AdminTask.modifyAuditPolicy('-auditEnabled true -auditPolicy NOWARN -auditorId testuser -auditorPwd testuserpwd -sign false -encrypt false -verbose false')
AdminTask.modifyAuditPolicy(['-auditEnabled', 'true', '-auditPolicy', 'NOWARN', '-auditorId', 'testuser', '-auditorPwd', 'testuserpwd', '-sign', 'false', '-encrypt', 'false', '-verbose', 'false'])
Interactive mode example usage
AdminTask.modifyAuditPolicy('-interactive')
The setAuditSystemFailureAction command sets the action that the application server takes if the security auditing subsystem fails.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
WARN | Specifies that the application server should notify the auditor, stop security auditing, and continue to run the application server process. |
NOWARN | Specifies that the application server should not notify the auditor, but should stop security auditing and continue to run the application server process |
FATAL | Specifies that the application server should notify the auditor, stop security auditing, and stop the application server process. |
Return value
The command returns a value of true if the system successfully updates the security auditing system policy.
Batch mode example usage
AdminTask.setAuditSystemFailureAction('-action NOWARN')
AdminTask.setAuditSystemFailureAction(['-action', 'NOWARN'])
Interactive mode example usage
AdminTask.setAuditSystemFailureAction('-interactive')
The resetAuditSystemFailureAction command sets the action that the application server takes if the security auditing system fails to the NOWARN setting.
The user must have the auditor administrative role to run this command.
Target object
None.
Return value
The command returns a value of true if the system successfully updates your configuration.
Batch mode example usage
AdminTask.resetAuditSystemFailureAction()
AdminTask.resetAuditSystemFailureAction()
Interactive mode example usage
AdminTask.resetAuditSystemFailureAction('-interactive')
The setAuditorId command sets the name of the user to assign as the auditor.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully updates your configuration.
Batch mode example usage
AdminTAsk.setAuditorId('-name myAdmin')
AdminTAsk.setAuditorId(['-name', 'myAdmin'])
Interactive mode example usage
AdminTAsk.setAuditorId('-interactive')
The setAuditorPwd command sets the password for the auditor.
The user must have the auditor administrative role to run this command.
Target object
None.
Required parameters
Return value
The command returns a value of true if the system successfully updates your configuration.
Batch mode example usage
AdminTask.setAuditorPwd('-password myAdminPassword')
AdminTask.setAuditorPwd(['-password', 'myAdminPassword'])
Interactive mode example usage
AdminTask.setAuditorPwd('-interactive')