AuditEmitterCommands for the AdminTask object

You can use the Jython scripting language to configure audit service providers with the wsadmin tool. Use the commands and parameters in the AuditEmitterCommands group to create, manage, and remove audit service providers from your security auditing system configuration.

Note: Esse tópico faz referência a um ou mais arquivos de log do servidor de aplicativos. Como uma recomendação alternativa, é possível configurar o servidor para usar a infraestrutura de log e rastreio do High Performance Extensible Logging (HPEL) em vez de usar os arquivos SystemOut.log , SystemErr.log, trace.log e activity.log em sistemas distribuídos e IBM® i. Também é possível usar HPEL em conjunção com os recursos de criação de log z/OS® nativos. Se você estiver usando HPEL, será possível acessar todas as informações de log e rastreio usando a ferramenta de linha de comandos LogViewer a partir do diretório bin do perfil do servidor. Consulte as informações sobre a utilização do HPEL para resolução de problemas dos aplicativos para obter mais informações sobre o uso do HPEL.

createBinaryEmitter

The createBinaryEmitter command creates an entry in the audit.xml file to reference the configuration of the binary file emitter implementation of the audit service provider interface.

O usuário deve ter a função administrativa de auditor para executar esse comando.

Target object

None.

Required parameters

-uniqueName
Specifies a name to uniquely identify this implementation of the audit service provider interface. (String, required)
-className
Specifies the class that implements the audit service provider interface. (String, required)
-fileLocation
Specifies the location where the system writes the audit logs. (String, required)
-auditFilters
Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, required)
-wrapBehavior
Specifies a string representing the customizable behavior for binary audit log wrapping. (String, required).

There are three values for this parameter: WRAP, NOWRAP and SILENT_FAIL

If you use the WRAP option, when the maximum logs are reached, the oldest audit log is rewritten; notification is not sent to the auditor.

The NOWRAP option does not rewrite over the oldest audit log. It stops the audit service, sends a notification to the SystemOut.log, and quiesces the application server.

The SILENT_FAIL option does not rewrite over the oldest audit log. It also stops the audit service, but does allow the WebSphere process to continue. Notifications are not posted in the SystemOut.log.

Note: If you use the NOWRAP or SILENT_FAIL options, when the server is stopped as a result of the logs being maxed-out, a stopserver is performed, or because the server abends in some way, you must archive the binary audit logs before you restart the server.
[z/OS]
Note: The control region (CR) and each servant region (SR) each have their own binary audit logs. The binary audit logs associated with the control region end in a _CR.log suffix, and servant region binary audit logs end with a _SR.log suffix.

The maximum number of archived binary logs applies to both the CR and the SR regions. For example, if the maximum number of archived binary logs is 10, then the CR region and each SR region also have a maximum of 10 archived binary logs.

The auditing behavior that is applied when the maximum number of archived binary logs is reached applies only to that region whose archived logs have reached their configured maximum. For example, if the SR region has reached its maximum number of archived logs, then the behavior is applied only to the SR region. If the CR region has not yet reached its maximum number of archived logs, auditing still continues in that region.

Optional parameters

-eventFormatterClass
Specifies the class that implements how the system formats the audit event for output. If you want to use the default audit service provider, do not specify this parameter. (String, optional)
-maxFileSize
Specifies the maximum size that each log reaches before the system saves the audit log with a timestamp. Specify the size in megabytes. The default value is 10 MB. (Integer, optional)
-maxLogs
Specifies the maximum number of log files to create before the system rewrites the oldest audit log. The default value is 100 logs. (Integer, optional)

Return value

The command returns the shortened reference ID for the audit service provider, as the following sample output displays:
AuditServiceProvider_1184686384968

Batch mode example usage

  • Using Jython string:
    AdminTask.createBinaryEmitter('-uniqueName mybinaryemitter -className 
    com.ibm.ws.security.audit.BinaryEmitterImpl -fileLocation 
    c:\wasinstall\appserver\profiles\AppSrv01\logs\server1 -maxFileSize 20 -maxLogs 
    100 –wrapBehavior NOWRAP -auditFilters AuditSpecification_1173199825608')
  • Using Jython list:
    AdminTask.createBinaryEmitter(['-uniqueName', 'mybinaryemitter', '-className', 
    'com.ibm.ws.security.audit.BinaryEmitterImpl', '-fileLocation', 
    'c:\wasinstall\appserver\profiles\AppSrv01\logs\server1', '-maxFileSize', 
    '20', '-maxLogs', '100', '–wrapBehavior', 'NOWRAP', '-auditFilters', 
    'AuditSpecification_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.createBinaryEmitter('-interactive')

createSMFEmitter

The createSMFEmitter command creates an entry in the audit.xml file to reference the configuration of an SMF implementation of the audit service provider interface. The encryption and signing of audit records is not supported for SMF implementations.

O usuário deve ter a função administrativa de auditor para executar esse comando.

Target object

None.

Required parameters

-uniqueName
Specifies a name to uniquely identify this implementation of the audit service provider interface. (String, required)
-auditFilters
Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, required)

Return value

The command returns the shortened reference ID for the audit service provider, as the following sample output displays:
AuditServiceProvider_1184686384968

Batch mode example usage

  • Using Jython string:
    AdminTask.createSMFEmitter('-uniqueName mySMFEmitter -auditFilters 
    AuditSpecification_1173199825608')
  • Using Jython list:
    AdminTask.createSMFEmitter(['-uniqueName', 'mySMFEmitter', '-auditFilters', 
    'AuditSpecification_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.createSMFEmitter('-interactive')

createThirdPartyEmitter

The createThirdPartyEmitter command creates an entry in the audit.xml configuration file to reference the configuration of a third party emitter implementation of the audit service provider interface. The encryption and signing of audit records is not supported for third party implementations.

O usuário deve ter a função administrativa de auditor para executar esse comando.

Target object

None.

Required parameters

-uniqueName
Specifies a name to uniquely identify this implementation of the audit service provider interface. (String, required)
-className
Specifies the class that implements the audit service provider interface. (String, required)
-auditFilters
Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, required)

Optional parameters

-eventFormatterClass
Specifies the class that implements how the system formats the audit event for output. (String, optional)
-customProperties
Specifies any custom properties that the system might need to configure the third party implementation of the audit service provider. Use the following format to specify the custom properties: name=value,name=value (String, optional)

Return value

The command returns the shortened reference ID to the audit service provider, as the following example output displays:
AuditServiceProvider_1184686638218

Batch mode example usage

  • Using Jython string:
    AdminTask.createThirdPartyEmitter('-uniqueName myThirdPartyEmitter -className 
    com.mycompany.myemitterclass -eventFormatterClass com.mycompany.myeventformatterclass 
    -auditFilters AuditSpecification_1173199825608')
  • Using Jython list:
    AdminTask.createThirdPartyEmitter(['-uniqueName', 'myThirdPartyEmitter', '-className', 
    'com.mycompany.myemitterclass', '-eventFormatterClass', 'com.mycompany.myeventformatterclass', 
    '-auditFilters', 'AuditSpecification_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.createThirdPartyEmitter('-interactive')

deleteAuditEmitterByRef

The deleteAuditEmitterByRef command deletes the audit service provider implementation that the system references with the reference id. If an event factory is using the audit service provider, the system generates an error that indicates that the system cannot remove the audit service provider.

O usuário deve ter a função administrativa de auditor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies the reference identifier of the audit service provider implementation to delete. (String, required)

Return value

The command returns a value of true if the system successfully removes the audit service provider.

Batch mode example usage

  • Using Jython string:
    AdminTask.deleteAuditEmitterByRef('–emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTask.deleteAuditEmitterByRef(['–emitterRef', 'AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.deleteAuditEmitterByRef('-interactive')

deleteAuditEmitterByName

The deleteAuditEmitterByName command deletes the audit service provider implementation that the system references with the unique name. If an event factory is using the audit service provider, the system generates an error that indicates that the system cannot remove the audit service provider.

O usuário deve ter a função administrativa de auditor para executar esse comando.

Target object

None.

Required parameters

-uniqueName
Specifies the name that uniquely identifies this implementation of the audit service provider interface to delete. (String, required)

Return value

The command returns a value of true if the system successfully deletes the audit service provider implementation.

Batch mode example usage

  • Using Jython string:
    AdminTask.deleteAuditEmitterByName('-uniqueName mybinaryemitter')
  • Using Jython list:
    AdminTask.deleteAuditEmitterByName(['-uniqueName', 'mybinaryemitter'])

Interactive mode example usage

  • Using Jython:
    AdminTask.deleteAuditEmitterByName('-interactive')

getAuditEmitter

The getAuditEmitter command returns the attributes for the audit service provider of interest.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a audit service provider implementation. (String, required)

Return value

The command returns an attribute list for the audit service provider specified by the -emitterRef parameter, as the following example output displays:
{{auditSpecifications myfilter(cells/CHEYENNENode04Cell|audit.xml#AuditSpecification_1184598886859)}
{name auditServiceProviderImpl_1}
{_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvider_1173199825608}
{maxFileSize 1}
{_Websphere_Config_Data_Type AuditServiceProvider}
{fileLocation ${PROFILE_ROOT}/logs/server1}
{className com.ibm.ws.security.audit.BinaryEmitterImpl}
{properties {}}
{eventFormatterClass {}}
{maxLogs 100}}

Batch mode example usage

  • Using Jython string:
    AdminTask.getAuditEmitter('-emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTask.getAuditEmitter(['-emitterRef AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getEmitterClass('-interactive')

getBinaryFileLocation

The getBinaryFileLocation command returns the file location of the binary file audit logs.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a binary file audit service provider implementation. (String, required)

Return value

The command returns the file path of the audit log, as the following example displays:
$profile_root/logs/server1

Batch mode example usage

  • Using Jython string:
    AdminTask.getBinaryFileLocation('-emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTask.getBinaryFileLocation(['-emitterRef', 'AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getBinaryFileLocation('-interactive')

getAuditEmitterFilters

The getAuditEmitterFilters command returns a list of defined filters for the audit service provider implementation of interest.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies the audit service provider implementation of interest. You can specify a reference to the service provider object. (String, required)

Return value

The command returns a list of defined filters in a shortened format, as the following example output displays:
AUTHN:SUCCESS,AUTHN:INFO,AUTHZ:SUCCESS,AUTHZ:INFO

Batch mode example usage

  • Using Jython string:
    AdminTask.getAuditEmitterFilters('-emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTask.getAuditEmitterFilters(['-emitterRef', 'AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getAuditEmitterFilters('-interactive')

getBinaryFileSize

The getBinaryFileSize command returns the maximum file size of the binary audit log that is defined for the audit service provider of interest in the audit.xml configuration file.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a binary file audit service provider implementation. (String, required)

Return value

The command returns the integer value of the maximum file size in megabytes.

Batch mode example usage

  • Using Jython string:
    AdminTask.getBinaryFileSize('-emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTask.getBinaryFileSize(['-emitterRef', 'AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getBinaryFileSize('-interactive')

getEmitterClass

The getEmitterClass command returns the class name of the audit service provider emitter implementation.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a audit service provider implementation. (String, required)

Return value

The command returns the class name of the audit service provider implementation.

Batch mode example usage

  • Using Jython string:
    AdminTask.getEmitterClass('-emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTask.getEmitterClass(['-emitterRef', 'AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getEmitterClass('-interactive')

getEmitterUniqueId

The getEmitterUniqueId command returns the unique identifier of the audit service provider implementation.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a service provider implementation. (String, required)

Return value

The command returns the unique ID of the audit service provider of interest.

Batch mode example usage

  • Using Jython string:
    AdminTask.getEmitterUniqueId('-emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTask.getEmitterUniqueId(['-emitterRef', 'AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getEmitterUniqueId('-interactive')

getMaxNumBinaryLogs

The getMaxNumBinaryLogs command returns the maximum number of binary audit logs that is defined for the audit service provider of interest in the audit.xml configuration file.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a binary file audit service provider implementation. (String, required)

Return value

The command returns the integer value that represents the maximum number of binary audit logs in the configuration.

Batch mode example usage

  • Using Jython string:
    AdminTaskgetMaxNumBinaryLogs('-emitterRef AuditServiceProvider_1173199825608')
  • Using Jython list:
    AdminTaskgetMaxNumBinaryLogs(['-emitterRef', 'AuditServiceProvider_1173199825608'])

Interactive mode example usage

  • Using Jython:
    AdminTask.getMaxNumBinaryLogs('-interactive')

listAuditEmitters

The listAuditEmitters command returns a list of configured audit service provider implementation objects and the corresponding attributes.

O usuário deve ter a função administrativa de monitor para executar esse comando.

Target object

None.

Return value

The command returns an array list of audit service provider implementation objects and attributes, as the following example output displays:
{{auditSpecifications myfilter(cells/CHEYENNENode04Cell|audit.xml#AuditSpecifica
tion_1184598886859)}
{name auditServiceProviderImpl_1}
{_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvid
er_1173199825608}
{maxFileSize 1}
{_Websphere_Config_Data_Type AuditServiceProvider}
{fileLocation ${PROFILE_ROOT}/logs/server1}
{className com.ibm.ws.security.audit.BinaryEmitterImpl}
{properties {}}
{auditSpecRef1 AuditSpecification_1184598886859}
{eventFormatterClass {}}
{maxLogs 100}
{emitterRef AuditServiceProvider_1173199825608}}
{{auditSpecifications DefaultAuditSpecification_1(cells/CHEYENNENode04Cell|audit
.xml#AuditSpecification_1173199825608)}
{name mythirdpartyemitter}
{_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvid
er_1184686638218}
{maxFileSize 0}
{_Websphere_Config_Data_Type AuditServiceProvider}
{fileLocation {}}
{className com.mycompany.myemitterclass}
{properties {}}
{auditSpecRef1 AuditSpecification_1173199825608}
{eventFormatterClass com.mycompany.myeventformatterclass}
{maxLogs 0}
{emitterRef AuditServiceProvider_1184686638218}}

Batch mode example usage

  • Using Jython string:
    AdminTask.listAuditEmitters()
  • Using Jython list:
    AdminTask.listAuditEmitters()

Interactive mode example usage

  • Using Jython:
    AdminTask.listAuditEmitters('-interactive')

modifyAuditEmitter

The modifyAuditEmitter command modifies the attributes of an audit service provider implementation object.

O usuário deve ter a função administrativa de auditor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a audit service provider implementation. (String, required)

Optional parameters

-className
Specifies the class name to use to identify the implementation. (String, optional)
-eventFormatterClass
Specifies the class that implements how the system formats the audit event for output. If you want to use the default audit service provider, do not specify this parameter. (String, optional)
-customProperties
Specifies a list of custom properties formatted as name and value pairs in the following format: name=value,name=value. (String, optional)

[z/OS]You can set the com.ibm.audit.field.length.limit custom property to specify the length at which variable-length audit data is truncated. For more information, see the documentation about the security custom properties.

-auditFilters
Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, optional)
-fileLocation
Specifies the location where the system writes the audit logs. (String, optional)
-maxFileSize
Specifies the maximum size that each log reaches before the system saves the audit log with a timestamp. Specify the size in megabytes. The default value is 10 MB. (Integer, optional)
-maxLogs
Specifies the maximum number of log files to create before the system rewrites the oldest audit log. The default value is 100 logs. (Integer, optional)
-wrapBehavior
Specifies a string representing the customizable behavior for binary audit log wrapping. (String, optional).

There are three values for this parameter: WRAP, NOWRAP and SILENT_FAIL

If you use the WRAP option, when the maximum logs are reached, the oldest audit log is rewritten; notification is not sent to the auditor.

The NOWRAP option does not rewrite over the oldest audit log. It stops the audit service, sends a notification to the SystemOut.log, and quiesces the application server.

The SILENT_FAIL option does not rewrite over the oldest audit log. It also stops the audit service, but does allow the WebSphere process to continue. Notifications are not posted in the SystemOut.log.

Return value

The command returns a value of true if the system successfully modifies the audit service provider of interest.

Batch mode example usage

  • Using Jython string:
    AdminTask.modifyAuditEmitter('-emitterRef AuditServiceProvider_1184686638218 
    –wrapBehavior NOWRAP -auditFilters AuditSpecification_1173199825608
    -fileLocation c:\wasinstall\appserver\profiles\AppSrv01\mylogs -maxFileSize 
    14 -maxLogs 200')
  • Using Jython list:
    AdminTask.modifyAuditEmitter(['-emitterRef', 'AuditServiceProvider_1184686638218', 
    '–wrapBehavior', 'NOWRAP' '-auditFilters', 'AuditSpecification_1173199825608', '-fileLocation', 
    'c:\wasinstall\appserver\profiles\AppSrv01\mylogs', '-maxFileSize', '14', '-maxLogs', 
    '200'])

Interactive mode example usage

  • Using Jython:
    AdminTask.modifyAuditEmitter('-interactive')

setAuditEmitterFilters

The setAuditEmitterFilters command sets the filters for an audit service provider implementation.

O usuário deve ter a função administrativa de auditor para executar esse comando.

Target object

None.

Required parameters

-emitterRef
Specifies a reference to a audit service provider implementation. (String, required)
-filtersRef
Specifies one or more references to defined audit filters. Use the following format to specify more than one filter reference: reference,reference,reference (String, required)

Return value

The command returns a value of true if the system successfully sets the filters for the audit service provider.

Batch mode example usage

  • Using Jython string:
    AdminTask.setAuditEmitterFilters('-emitterRef AuditServiceProvider_1173199825608 
    -filtersRef AuditSpecification_1184598886859')
  • Using Jython list:
    AdminTask.setAuditEmitterFilters(['-emitterRef', 'AuditServiceProvider_1173199825608', 
    '-filtersRef', 'AuditSpecification_1184598886859'])

Interactive mode example usage

  • Using Jython:
    AdminTask.setAuditEmitterFilters('-interactive')

Ícone que indica o tipo de tópico Tópico de Referência



Ícone de registro de data e hora Última atualização: July 9, 2016 7:53
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=rxml_7audit2
Nome do arquivo: rxml_7audit2.html