The
audit event factory collects the data associated with the auditable
security events and builds the audit data object. The object is then
sent to the audit service provider to be formatted and recorded to
a specified repository.
Before you begin
Before configuring
an event factory, enable global security in your environment. An event
type filter and an audit service provider need to be created before
completing these steps
About this task
Procedure
- Click .
- Enter the unique name that
should be associated with this Audit event factory configuration in
the Name field.
- Select either IBM
audit event factory or Third party event factory.
- Enter the Third party audit event factory
class name. This step is only required if a Third party
event factory is being created.
-
Select the appropriate audit service provider implementation
from the Audit service provider dropdown menu,
- Select
the event type filter configuration to be used by this audit event
factory. The Filters list consists of a list of the event
type filter configurations that have been created and are currently
enabled.
- Select the event type filters
that should be used from the Selectable filter list.
- Click Add >> to add the selected event
type filter configurations to the Enabled filter lists.
- Enter any Custom properties that need
to be included with this audit event factory configuration. Custom
properties are only available for Third party event factory implementations.
- Click Apply.
Results
After
successful completion of these steps, you will have an event factory
that can be used to gather auditable event data.
What to do next
After
configuring an audit event factory, you can optionally protect your
data by configuring the security auditing subsystem to sign and encrypt
your audit logs.