Configure the security auditing system to send email notifications
to a distribution list, system log, or both a distribution list and
a system log if a failure occurs in the audit subsystem. Security
auditing provides tracking and archiving of auditable events.
Before you begin
Before configuring a notification object in the audit.xml
configuration file, verify that you set up a security auditing subsystem
and configured the security auditing policy.
About this task
You can configure the security auditing system to notify
a specific person or group when a failure occurs in the audit subsystem.
Use the following steps to enable security auditing email notifications,
set the format of notification email, and secure email:
New feature: This topic
references one or more of the application server log files. Beginning
in WebSphere Application Server Version 8.0 you can configure the
server to use the High Performance Extensible Logging (HPEL) log and
trace infrastructure instead of using
SystemOut.log ,
SystemErr.log,
trace.log, and
activity.log files or native z/OS logging
facilities. If you are using HPEL, you can access all of your log
and trace information using the LogViewer command-line tool from your
server profile bin directory. See the information about using HPEL
to troubleshoot applications for more information on using HPEL.
newfeat
Procedure
- Launch the wsadmin scripting tool using the Jython scripting
language. See the Starting the wsadmin scripting client article for
more information.
- Customize and enable security auditing email notifications.
Table 1. Command parameters. Use the createAuditNotification command and the following parameters
to configure notifications:
Parameter |
Description |
Data Types |
Required |
-notificationName |
Specifies a unique name to assign the audit
notification object in the audit.xml file. |
String |
Yes |
-logToSystemOut |
Specifies whether to log the notification to
the SystemOut.log file. |
Boolean |
Yes |
-sendEmail |
Specifies whether to email notifications. |
Boolean |
Yes |
-emailList |
Specifies the email address or email distribution
list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) |
String |
No |
-emailFormat |
Specifies whether to send the email be HTML or TEXT format. |
String |
No |
To create the audit notification object, you must specify
the -notificationName, -logToSystemOut, and -sendEmail parameters,
as the following example demonstrates:
AdminTask.createAuditNotification('-notificationName defaultEmailNotification
-logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com)
-emailFormat HTML')
- Create an audit notification monitor object.
Create
an audit notification monitor object to monitor the security auditing
subsystem for possible failure.
Table 2. Command
parameters. Use the createAuditNotificationMonitor command
and the following parameters to create a monitor object for the security
auditing system:
Parameter |
Description |
Data Types |
Required |
-notificationName |
Specifies a unique name to assign the audit
notification object in the audit.xml file. |
String |
Yes |
-logToSystemOut |
Specifies whether to log the notification to
the SystemOut.log file. |
Boolean |
Yes |
-sendEmail |
Specifies whether to email notifications. |
Boolean |
Yes |
-emailList |
Specifies the email address or email distribution
list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) |
String |
No |
-emailFormat |
Specifies whether to send the email be HTML or TEXT format. |
String |
No |
To create the audit notification monitor object, you
must specify the -notificationName, -logToSystemOut, and -sendEmail
parameters, as the following example demonstrates:
AdminTask.createAuditNotificationMonitor('-notificationName defaultEmailNotification
-logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com)
-emailFormat HTML')
- Save your configuration changes.
Use the following command example to save your configuration changes:
AdminConfig.save()
Results
The security auditing system notifies the specified recipients
if a failure occurs in the security auditing system.
What to do next
Use the modifyAuditNotification command and the Audit
Notification Commands command group for the AdminTask object to manage
your notification configuration.