You can configure additional audit event types to track
and archive various events. Use the following command to list all
supported auditable events:
print AdminTask.getSupportedAuditEvents()
Use
the createAuditFilter command with the -eventType and -outcome parameters
to enable one or multiple audit events and outcomes. You can specify
multiple event types and multiple outcomes separated by a comma with
one command invocation. The following list describes each valid auditable
event that you can specify with the -eventType parameter:
Table 2. Event types. Valid auditable events can be specified as an enabled event
type when creating an event filter:
Event name |
Description |
SECURITY_AUTHN |
Audits all authentication events |
SECURITY_AUTHN_MAPPING |
Audits events that record mapping of credentials
where two user identities are involved |
SECURITY_AUTHN_TERMINATE |
Audits authentication termination events such
as a timeout, terminated session, or user-initiated logging out |
SECURITY_AUTHZ |
Audits events related to authorization checks
when the system enforces access control policies |
SECURITY_RUNTIME |
Audits runtime events such as the starting and
the stopping of security servers. This event type is not meant for
administrative operations performed by a system administrator as such
operations need to use the other SECURITY_MGMT_* event types. |
SECURITY_MGMT_AUDIT |
Audits events that record operations related
to the audit subsystem such as starting audit, stopping audit, turning
audit on or off, changing configuration of audit filters or level,
archiving audit data, purging audit data, and so on. |
SECURITY_RESOURCE_ACCESS |
Audits events that record all accesses to a
resource. Examples are all accesses to a file, all HTTP requests and
responses to a given web page, and all accesses to a critical database
table |
SECURITY_SIGNING |
Audits events that record signing such as signing
operations used to validate parts of a SOAP Message for web services |
SECURITY_ENCRYPTION |
Audits events that record encryption information
such as encryption for web services |
SECURITY_AUTHN_DELEGATION |
Audits events that record delegation, including
identity assertion, RunAs, and low assertion. Used when the client
identity is propagated or when delegation involves the use of a special
identity. This event type is also used when switching user identities
within a given session. |
SECURITY_AUTHN_CREDS_MODIFY |
Audits events to modify credentials for a given
user identity |
Important: The following security audit event
types are not used in this release of
WebSphere® Application Server:
- SECURITY_MGMT_KEY
- SECURITY_RUNTIME_KEY
- SECURITY_MGMT_PROVISIONING
- SECURITY_MGMT_REGISTRY
- SECURITY_RUNTIME
-
SECURITY_AUTHN_CREDS_MODIFY ![[Updated in June 2012]](../../deltaend.gif)
jun2012
For each audit event type, you must specify
an outcome. Valid outcomes include SUCCESS, FAILURE, REDIRECT, ERROR,
DENIED, WARNING, and INFO. The following command example creates an
audit filter to log users who receive an error when modifying credentials:
AdminTask.createAuditFilter('-name uniqueFilterName -eventType
SECURITY_RESOURCE_ACCESS,SECURITY_AUTHN_DELEGATION ![[Updated in June 2012]](../../deltaend.gif)
jun2012
-outcome ERROR,REDIRECT')