Configuring audit service providers using scripting

Before enabling security auditing, use this task to configure audit service providers using the wsadmin tool. Security auditing provides tracking and archiving of auditable events.

Before you begin

Before configuring security audit service providers, enable administrative security in your environment.

Note: 이 주제는 하나 이상의 애플리케이션 서버 로그 파일을 참조합니다. 권장되는 대안은 분배 및 IBM® i 시스템에서 SystemOut.log, SystemErr.log, trace.logactivity.log 파일을 사용하는 대신 HPEL(High Performance Extensible Logging) 로그를 사용하고 인프라를 추적하도록 서버를 구성하는 것입니다. 원시 z/OS® 로깅 기능과 연계하여 HPEL을 사용할 수도 있습니다. HPEL을 사용하는 경우 서버 프로파일 바이너리 디렉토리의 LogViewer 명령행 도구를 사용하여 모든 로그에 액세스하고 정보를 추적할 수 있습니다. HPEL 사용에 대한 자세한 정보는 HPEL을 사용한 애플리케이션 문제점 해결 정보를 참조하십시오.

About this task

In order to enable security auditing in your environment, you must configure an audit service provider. The audit service provider writes the audit records and data to the back-end repository associated with the service provide implementation. The security auditing configuration provides a default service provider. Use this topic to customize your security auditing subsystem by creating additional audit service providers.

Use the following steps to configure your security auditing subsystem using the wsadmin tool:

Procedure

  1. Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
  2. Configure an audit service provider. You can use the default binary-based audit service provider, or use this step to create a new audit service provider.

    [z/OS]There are binary file-based and third-party audit service providers. In addition to the default binary file-based service provider, you can configure an SMF service provider or a third-party audit service providers.

    [AIX Solaris HP-UX Linux Windows][IBM i]There are binary file-based and third-party audit service providers. In addition to the default binary file-based service provider, you can configure a third-party audit service provider.

    Choose the type of audit service provider to create.

    • Use the createBinaryEmitter command and the following required parameters to create a default audit service provider:
      Table 1. Command parameters. This table describes the createBinaryEmitter command parameters.
      Parameter Description Data Type Required
      -uniqueName Specifies a unique name that identifies the audit service provider. String Yes
      -className Specifies the class implementation of the audit service provider interface. String Yes
      -fileLocation Specifies the file location for the audit service provider to write the audit logs. String Yes
      -auditFilters Specifies a reference or a group of references to predefined audit filters, using the following format: reference, reference, reference String Yes
      -wrapBehavior Specifies a string representing the customizable behavior for binary audit log wrapping.

      There are three values for this parameter: WRAP, NOWRAP and SILENT_FAIL

      If you use the WRAP option, when the maximum logs are reached, the oldest audit log is rewritten; notification is not sent to the auditor.

      The NOWRAP option does not rewrite over the oldest audit log. It stops the audit service, sends a notification to the SystemOut.log, and quiesces the application server.

      The SILENT_FAIL option does not rewrite over the oldest audit log. It also stops the audit service, but does allow the WebSphere process to continue. Notifications are not posted in the SystemOut.log.

      String Yes
      -maxFileSize Specifies the maximum size each audit log reaches before the system saves it with a timestamp and creates a new file. Specify the file size in megabytes. If you do not specify this parameter, the system sets the maximum file size to 10 megabytes. Integer No
      -maxLogs Specifies the maximum number of audit logs to create before rewriting the oldest log. If you do not specify this parameter, the system allows up to 100 audit logs before overwriting the oldest log. Integer No
      The following example creates a new audit service provider in your security auditing configuration:
      AdminTask.createBinaryEmitter('-uniqueName newASP  -wrapBehavior NOWRAP
      -className com.ibm.ws.security.audit.BinaryEmitterImpl -fileLocation /AUDIT_logs 
      -auditFilters "AuditSpecification_1173199825608, AuditSpecification_1173199825609, 
      AuditSpecification_1173199825610, AuditSpecification_1173199825611"')
    • Use the createThirdPartyEmitter command to use a third-party audit service provider. [z/OS]On the z/OS platform, an System Management Facility (SMF) service provider is considered a third-party audit service provider.
      Table 2. Command parameters. Use the following parameters with the createThirdPartyEmitter command:
      Parameter Description Data Type Required
      -uniqueName Specifies a unique name that identifies the audit service provider. String Yes
      -className Specifies the class implementation of the audit service provider interface. String Yes
      -eventFormatterClass Specifies the class that implements how the audit event is formatted for output. If you do not specify this parameter, the system uses the standard text format for output. String Yes
      -auditFilters Specifies a reference identifier or a group of reference identifiers to pre-defined audit filters, using the following format: reference, reference, reference. String Yes
      -customProperties Specifies any custom properties that might be required to configure a third party audit service provider. String No
      The following example creates a new third party audit service provider in your security auditing configuration:
      AdminTask.createThirdPartyEmitter('-uniqueName myAuditServiceProvider -className 
      com.mycompany.myclass -fileLocation /auditLogs -auditFilters 
      "AuditSpecification_1173199825608, AuditSpecification_1173199825609, 
      AuditSpecification_1173199825610, AuditSpecification_1173199825611"')
  3. Save your configuration changes.
    다음 명령 예제를 사용하여 구성 변경사항을 저장하십시오.
    AdminConfig.save()

What to do next

Enable security auditing in your environment.


주제 유형을 표시하는 아이콘 태스크 주제



시간소인 아이콘 마지막 업데이트 날짜: July 9, 2016 6:14
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=txml_7auditsp
파일 이름:txml_7auditsp.html