The audit event factory collects the data associated with
the auditable security events and builds the audit data object. The
object is then sent to the audit service provider to be formatted
and recorded to a specified repository.
Before you begin
Before configuring an event factory, enable global security
in your environment. An event type filter and an audit service provider
need to be created before completing these steps
Procedure
- Click .
- Enter the unique name that should be associated with this
Audit event factory configuration in the Name field.
- Select either IBM audit event factory or Third
party event factory.
- Enter the Third party audit event factory class name. This step is only required if a Third party event factory is
being created.
- Select the appropriate audit service provider implementation
from the Audit service provider dropdown menu,
- Select the event type filter configuration to be used by
this audit event factory. The Filters list consists of
a list of the event type filter configurations that have been created
and are currently enabled.
- Select the event type filters that should be used from
the Selectable filter list.
- Click Add >> to add the selected event
type filter configurations to the Enabled filter lists.
- Enter any Custom properties that need to be included with
this audit event factory configuration. Custom properties
are only available for Third party event factory implementations.
- Click Apply.
Results
After successful completion of these steps, you will have
an event factory that can be used to gather auditable event data.
What to do next
After configuring an audit event factory, you can optionally
protect your data by configuring the security auditing subsystem to
sign and encrypt your audit logs.