Audit service provider settings

Use this page to define the implementation details of the audit service provider. There are three types of audit service providers: binary file-based, third party and SMF.

To view this administrative console page, click one of the following paths:
  • Security > Security auditing > Audit service provider > audit_service_provider_name.
  • Security > Security auditing > Audit service provider > New > Binary File-based emitter.
  • Security > Security auditing > Audit service provider > New > Third party emitter.
  • [z/OS]Security > Security auditing > Audit service provider > New > SMF emitter.

Name

Specifies the unique name associated with the audit service provider.

Third party emitter class name

Specifies the name of the class for this implementation. This field is only present for Third party emitter implementations.

Audit file location

Specifies the path to the binary log file.

Audit file size

Specifies the maximum size of a single binary log file. This value is defined in megabytes.

Maximum number of audit log files

Specifies the maximum number of binary log files to create before the oldest is replaced.

Note: The maximum number of logs does not include the current binary log that is being written to. It is a reference to the maximum number of archived (timestamped) logs. The total number of binary logs that can exist for a server process is the maximum number of archived logs plus the current log.

Audit log wrapping

Specifies the wrapping behavior of the binary audit log when the maximum number of binary audit log files is reached.

There are customizable options available when specifying the default audit log wrapping behavior. This is only applicable to the Binary Audit Log implementation. Choose from one of the following options:

WRAP
If you select this option, when the maximum audit logs are reached, the oldest audit log is rewritten; notification is not sent to the auditor. This is the default option, and mimics the default behavior in WebSphere® Application Server Version 7.0.
NOWRAP
This option does not rewrite over the oldest audit log. It stops the audit service, sends a notification to the SystemOut.log, and quiesces the application server.
SILENT_FAIL
This option does not rewrite over the oldest audit log. It also stops the audit service, but does allow the WebSphere process to continue. Notifications are not posted in the SystemOut.log.
Note: If audit notification of failures in the audit subsystem is configured, and SILENT_FAIL is selected, the auditor is not notified of the audit subsystem failure. The SILENT_FAIL option takes precedence
Note: If you use the NOWRAP or SILENT_FAIL options, when the server is stopped as a result of the logs being maxed-out, a stopserver is performed, or because the server abends in some way, you must archive the binary audit logs before you restart the server.
Note: 這個主題參照一或多個應用程式伺服器日誌檔。 此外,在分散式和 IBM® i 系統上,另外也建議您可以配置伺服器來使用「高效能可延伸記載 (HPEL)」日誌和追蹤基礎架構,而不使用 SystemOut.logSystemErr.log, trace.logactivity.log 檔案。HPEL 與原生 z/OS® 記載機能也可以一起使用。如果您使用 HPEL,則可以從伺服器設定檔 bin 目錄,利用 LogViewer 指令行工具來存取您所有的日誌和追蹤資訊。請參閱有關利用 HPEL 疑難排解應用程式的資訊,以取得更多使用 HPEL 的相關資訊。

Event formatting module class name

Specifies a class used to format the generic event into a format that is specific to the audit service provider implementation. For example, a third party audit service provider implementation might have an event formatting class that takes the generic event and translates it into XML data.

Selectable filters

Specifies the available event filters. To enable a filter for an implementation, select the filter from the Selectable event filters list and then click >.

Enabled filters

Specifies the event filters that are currently enabled for an implementation. To disable a filter for an implementation, select the filter from the Enabled filters list and then click <.

Custom properties

Specifies any custom properties that might be used to add properties to a third party implementation. Custom properties are not available for binary file-based implementations or SMF implementations.

  • Name
  • Value

指出主題類型的圖示 參照主題



時間戳記圖示 前次更新: July 9, 2016 11:20
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-nd-mp&topic=usec_sa_asp_detail
檔名:usec_sa_asp_detail.html