Administrative audit messages in system logs

The product provides administrative audit messages in system logs that contain some audit information. The audit messages described in this topic are part of the standard product audit stream and do not provide administrative event auditing information such as who changed files.

Note: 這個主題參照一或多個應用程式伺服器日誌檔。 此外,在分散式和 IBM® i 系統上,另外也建議您可以配置伺服器來使用「高效能可延伸記載 (HPEL)」日誌和追蹤基礎架構,而不使用 SystemOut.logSystemErr.log, trace.logactivity.log 檔案。HPEL 與原生 z/OS® 記載機能也可以一起使用。如果您使用 HPEL,則可以從伺服器設定檔 bin 目錄,利用 LogViewer 指令行工具來存取您所有的日誌和追蹤資訊。請參閱有關利用 HPEL 疑難排解應用程式的資訊,以取得更多使用 HPEL 的相關資訊。
Important: The functionality described in this topic uses system logs and is not a part of the security auditing subsystem. The audit information captured by this functionality does not correspond with the audit information captured by the security auditing subsystem. For information about the security auditing subsystem, see the topic on auditing the security infrastructure.

Administrative audits use the same trace logging facility as the rest of the product, and do not use the logging facility that is a part of the security auditing subsystem. The audits are available in both the activity.log file and the SystemOut.log of the server that performs the action. You do not need to enable trace to produce the audits. However, through the Repository service console page, you can control whether configuration change auditing is done. This type of audit is done by default. Operational command auditing is always enabled. Information about which user performed the change is available only when security is enabled.

You can do administrative audits with or without the security audit facility.

The following administrative actions are audited:
  • All configuration changes, in terms of the configuration documents that are created, modified, or deleted.
  • Certain operational changes like starting and stopping nodes, clusters, servers, and applications. These managed bean (MBean) operations provide administrative auditing:
    Table 1. Administrative auditing MBean operations. The MBean types provide administrative auditing MBean operations.
    MBean type MBean operations
    CellSync syncNode
    Cluster start, stop, stopImmediate, rippleStart
    NodeAgent launchProcess, stopNode, restart
    Server stop, stopImmediate
    AppManagement startApplication, stopApplication

Configuration change audits have ADMRxxxxI message IDs, where xxxx is the message number. Operational audits have ADMN10xxI message IDs, where 10xx is the message number.

Here are some audit examples from a WebSphere® Application Server, Network Deployment environment.

The following audit example is from the deployment manager SystemOut.log file:
[7/23/03 17:04:49:089 CDT] 39c26dad FileRepositor A ADMR0015I: Document 
cells/ellingtonNetwork/security.xml was modified by user u1.
   [7/23/03 17:04:49:269 CDT] 3ea0edb5 FileRepositor A ADMR0016I: Document 
cells/ellingtonNetwork/nodes/ellington/app.policy was created by user u1.
   ...
   [7/23/03 17:13:54:081 CDT] 39a572a1 AdminHelper   A ADMN1008I: Attempt 
made to start the SamplesGallery application. (User ID = u1)
   ...
The following audit example is from the node agent SystemOut.log file:
[7/23/03 17:38:43:461 CDT]  23d1326 AdminHelper   A ADMN1000I: Attempt 
made to launch server1 on node ellington. (User ID = u1)
The following audit example is from the application serverSystemOut.log file:
[7/23/03 17:39:59:360 CDT] 24865373 AdminHelper   A ADMN1020I: Attempt 
made to stop the server1 server. (User ID = u1)
The message text is split for printing purposes.

指出主題類型的圖示 參照主題



時間戳記圖示 前次更新: July 9, 2016 11:12
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=ragt_radminrepos
檔名:ragt_radminrepos.html