AuditEmitterCommands for AdminTask
Use Jython to configure audit service providers with wsadmin. Use the commands and parameters in the AuditEmitterCommands group to create, manage, and remove audit service providers from the security auditing system configuration.
Use the following commands to configure audit service providers:
- createBinaryEmitter
- createSMFEmitter
- createThirdPartyEmitter
- deleteAuditEmitterByRef
- deleteAuditEmitterByName
- getAuditEmitter
- getBinaryFileLocation
- getAuditEmitterFilters
- getBinaryFileSize
- getEmitterClass
- getEmitterUniqueId
- getMaxNumBinaryLogs
- listAuditEmitters
- modifyAuditEmitter
- setAuditEmitterFilters
createBinaryEmitter
The createBinaryEmitter command creates an entry in the audit.xml file to reference the configuration of the binary file emitter implementation of the audit service provider interface.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters
- -uniqueName
- Specifies a name to uniquely identify this implementation of the audit service provider interface. (String, required)
- -className
- Class that implements the audit service provider interface. (String, required)
- -fileLocation
- Location where the system writes the audit logs. (String, required)
- -auditFilters
- Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, required)
Optional parameters
- -eventFormatterClass
- Class that implements how the system formats the audit event for output. To use the default audit service provider, do not specify this parameter. (String, optional)
- -maxFileSize
- Maximum size that each log reaches before the system saves the audit log with a timestamp. Specify the size in megabytes. The default value is 10 MB. (Integer, optional)
- -maxLogs
- Maximum number of log files to create before the system rewrites the oldest audit log. The default value is 100 logs. (Integer, optional)
Return value The command returns the shortened reference ID for the audit service provider, as the following sample output displays:
AuditServiceProvider_1184686384968Batch mode example usage
- Use Jython string:
AdminTask.createBinaryEmitter('-uniqueName mybinaryemitter -className com.ibm.ws.security.audit.BinaryEmitterImpl -fileLocation c:\wasinstall\appserver\profiles\AppSrv01\logs\server1 -maxFileSize 20 -maxLogs 100 -auditFilters AuditSpecification_1173199825608')- Use Jython list:
AdminTask.createBinaryEmitter(['-uniqueName', 'mybinaryemitter', '-className', 'com.ibm.ws.security.audit.BinaryEmitterImpl', '-fileLocation', 'c:\wasinstall\appserver\profiles\AppSrv01\logs\server1', '-maxFileSize', '20', '-maxLogs', '100', '-auditFilters', 'AuditSpecification_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.createBinaryEmitter('-interactive')
createSMFEmitter
The createSMFEmitter command creates an entry in the audit.xml file to reference the configuration of an SMF implementation of the audit service provider interface. The encryption and signing of audit records is not supported for SMF implementations.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters
- -uniqueName
- Specifies a name to uniquely identify this implementation of the audit service provider interface. (String, required)
- -auditFilters
- Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, required)
Return value The command returns the shortened reference ID for the audit service provider, as the following sample output displays:
AuditServiceProvider_1184686384968Batch mode example usage
- Use Jython string:
AdminTask.createSMFEmitter('-uniqueName mySMFEmitter -auditFilters AuditSpecification_1173199825608')- Use Jython list:
AdminTask.createSMFEmitter(['-uniqueName', 'mySMFEmitter', '-auditFilters', 'AuditSpecification_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.createSMFEmitter('-interactive')
createThirdPartyEmitter
The createThirdPartyEmitter command creates an entry in the audit.xml configuration file to reference the configuration of a third party emitter implementation of the audit service provider interface. The encryption and signing of audit records is not supported for third party implementations.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters
- -uniqueName
- Specifies a name to uniquely identify this implementation of the audit service provider interface. (String, required)
- -className
- Class that implements the audit service provider interface. (String, required)
- -auditFilters
- Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, required)
Optional parameters
- -eventFormatterClass
- Class that implements how the system formats the audit event for output. (String, optional)
- -customProperties
- Specifies any custom properties that the system might need to configure the third party implementation of the audit service provider. Use the following format to specify the custom properties: name=value,name=value (String, optional)
Return value The command returns the shortened reference ID to the audit service provider, as the following example output displays:
AuditServiceProvider_1184686638218Batch mode example usage
- Use Jython string:
AdminTask.createThirdPartyEmitter('-uniqueName myThirdPartyEmitter -className com.mycompany.myemitterclass -eventFormatterClass com.mycompany.myeventformatterclass -auditFilters AuditSpecification_1173199825608')- Use Jython list:
AdminTask.createThirdPartyEmitter(['-uniqueName', 'myThirdPartyEmitter', '-className', 'com.mycompany.myemitterclass', '-eventFormatterClass', 'com.mycompany.myeventformatterclass', '-auditFilters', 'AuditSpecification_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.createThirdPartyEmitter('-interactive')
deleteAuditEmitterByRef
The deleteAuditEmitterByRef command deletes the audit service provider implementation that the system references with the reference id. If an event factory is using the audit service provider, the system generates an error that indicates that the system cannot remove the audit service provider.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Reference identifier of the audit service provider implementation to delete. (String, required)
Return value
The command returns a value of true if the system successfully removes the audit service provider.
Batch mode example usage
- Use Jython string:
AdminTask.deleteAuditEmitterByRef('–emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTask.deleteAuditEmitterByRef(['–emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.deleteAuditEmitterByRef('-interactive')
deleteAuditEmitterByName
The deleteAuditEmitterByName command deletes the audit service provider implementation that the system references with the unique name. If an event factory is using the audit service provider, the system generates an error that indicates that the system cannot remove the audit service provider.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters
- -uniqueName
- Name that uniquely identifies this implementation of the audit service provider interface to delete. (String, required)
Return value
The command returns a value of true if the system successfully deletes the audit service provider implementation.
Batch mode example usage
- Use Jython string:
AdminTask.deleteAuditEmitterByName('-uniqueName mybinaryemitter')- Use Jython list:
AdminTask.deleteAuditEmitterByName(['-uniqueName', 'mybinaryemitter'])
Interactive mode example usage
- Jython...
AdminTask.deleteAuditEmitterByName('-interactive')
getAuditEmitter
The getAuditEmitter command returns the attributes for the audit service provider of interest.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a audit service provider implementation. (String, required)
Return value The command returns an attribute list for the audit service provider specified by the -emitterRef parameter, as the following example output displays:
{{auditSpecifications myfilter(cells/CHEYENNENode04Cell|audit.xml#AuditSpecification_1184598886859)} {name auditServiceProviderImpl_1} {_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvider_1173199825608} {maxFileSize 1} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation ${PROFILE_ROOT}/logs/server1} {className com.ibm.ws.security.audit.BinaryEmitterImpl} {properties {}} {eventFormatterClass {}} {maxLogs 100}}Batch mode example usage
- Use Jython string:
AdminTask.getAuditEmitter('-emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTask.getAuditEmitter(['-emitterRef AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.getEmitterClass('-interactive')
getBinaryFileLocation
The getBinaryFileLocation command returns the file location of the binary file audit logs.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a binary file audit service provider implementation. (String, required)
Return value The command returns the file path of the audit log, as the following example displays:
$profile_root/logs/server1Batch mode example usage
- Use Jython string:
AdminTask.getBinaryFileLocation('-emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTask.getBinaryFileLocation(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.getBinaryFileLocation('-interactive')
getAuditEmitterFilters
The getAuditEmitterFilters command returns a list of defined filters for the audit service provider implementation of interest.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Audit service provider implementation of interest. We can specify a reference to the service provider object. (String, required)
Return value The command returns a list of defined filters in a shortened format, as the following example output displays:
AUTHN:SUCCESS,AUTHN:INFO,AUTHZ:SUCCESS,AUTHZ:INFOBatch mode example usage
- Use Jython string:
AdminTask.getAuditEmitterFilters('-emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTask.getAuditEmitterFilters(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.getAuditEmitterFilters('-interactive')
getBinaryFileSize
The getBinaryFileSize command returns the maximum file size of the binary audit log that is defined for the audit service provider of interest in the audit.xml configuration file.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a binary file audit service provider implementation. (String, required)
Return value
The command returns the integer value of the maximum file size in megabytes.
Batch mode example usage
- Use Jython string:
AdminTask.getBinaryFileSize('-emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTask.getBinaryFileSize(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.getBinaryFileSize('-interactive')
getEmitterClass
The getEmitterClass command returns the class name of the audit service provider emitter implementation.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a audit service provider implementation. (String, required)
Return value
The command returns the class name of the audit service provider implementation.
Batch mode example usage
- Use Jython string:
AdminTask.getEmitterClass('-emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTask.getEmitterClass(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.getEmitterClass('-interactive')
getEmitterUniqueId
The getEmitterUniqueId command returns the unique identifier of the audit service provider implementation.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a service provider implementation. (String, required)
Return value
The command returns the unique ID of the audit service provider of interest.
Batch mode example usage
- Use Jython string:
AdminTask.getEmitterUniqueId('-emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTask.getEmitterUniqueId(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.getEmitterUniqueId('-interactive')
getMaxNumBinaryLogs
The getMaxNumBinaryLogs command returns the maximum number of binary audit logs that is defined for the audit service provider of interest in the audit.xml configuration file.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a binary file audit service provider implementation. (String, required)
Return value
The command returns the integer value that represents the maximum number of binary audit logs in the configuration.
Batch mode example usage
- Use Jython string:
AdminTaskgetMaxNumBinaryLogs('-emitterRef AuditServiceProvider_1173199825608')- Use Jython list:
AdminTaskgetMaxNumBinaryLogs(['-emitterRef', 'AuditServiceProvider_1173199825608'])
Interactive mode example usage
- Jython...
AdminTask.getMaxNumBinaryLogs('-interactive')
listAuditEmitters
The listAuditEmitters command returns a list of configured audit service provider implementation objects and the corresponding attributes.
The user must have the monitor admin role to run this command.
Target object
None.
Return value The command returns an array list of audit service provider implementation objects and attributes, as the following example output displays:
{{auditSpecifications myfilter(cells/CHEYENNENode04Cell|audit.xml#AuditSpecifica tion_1184598886859)} {name auditServiceProviderImpl_1} {_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvid er_1173199825608} {maxFileSize 1} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation ${PROFILE_ROOT}/logs/server1} {className com.ibm.ws.security.audit.BinaryEmitterImpl} {properties {}} {auditSpecRef1 AuditSpecification_1184598886859} {eventFormatterClass {}} {maxLogs 100} {emitterRef AuditServiceProvider_1173199825608}} {{auditSpecifications DefaultAuditSpecification_1(cells/CHEYENNENode04Cell|audit .xml#AuditSpecification_1173199825608)} {name mythirdpartyemitter} {_Websphere_Config_Data_Id cells/CHEYENNENode04Cell|audit.xml#AuditServiceProvid er_1184686638218} {maxFileSize 0} {_Websphere_Config_Data_Type AuditServiceProvider} {fileLocation {}} {className com.mycompany.myemitterclass} {properties {}} {auditSpecRef1 AuditSpecification_1173199825608} {eventFormatterClass com.mycompany.myeventformatterclass} {maxLogs 0} {emitterRef AuditServiceProvider_1184686638218}}Batch mode example usage
Interactive mode example usage
- Jython...
AdminTask.listAuditEmitters('-interactive')
modifyAuditEmitter
The modifyAuditEmitter command modifies the attributes of an audit service provider implementation object.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a audit service provider implementation. (String, required)
- -auditFilters
- Specifies a reference or a group of references to predefined audit filters. Use the following format to specify multiple references: reference,reference,reference (String, required)
- -fileLocation
- Location where the system writes the audit logs. (String, required)
Optional parameters
- -className
- Class name to use to identify the implementation. (String, optional)
- -eventFormatterClass
- Class that implements how the system formats the audit event for output. To use the default audit service provider, do not specify this parameter. (String, optional)
- -customProperties
- List of custom properties formatted as name and value pairs in the following format: name=value,name=value. (String, optional)
- -maxFileSize
- Maximum size that each log reaches before the system saves the audit log with a timestamp. Specify the size in megabytes. The default value is 10 MB. (Integer, optional)
- -maxLogs
- Maximum number of log files to create before the system rewrites the oldest audit log. The default value is 100 logs. (Integer, optional)
Return value
The command returns a value of true if the system successfully modifies the audit service provider of interest.
Batch mode example usage
- Use Jython string:
AdminTask.modifyAuditEmitter('-emitterRef AuditServiceProvider_1184686638218 -auditFilters AuditSpecification_1173199825608 -fileLocation c:\wasinstall\appserver\profiles\AppSrv01\mylogs -maxFileSize 14 -maxLogs 200')- Use Jython list:
AdminTask.modifyAuditEmitter(['-emitterRef', 'AuditServiceProvider_1184686638218', '-auditFilters', 'AuditSpecification_1173199825608', '-fileLocation', 'c:\wasinstall\appserver\profiles\AppSrv01\mylogs', '-maxFileSize', '14', '-maxLogs', '200'])
Interactive mode example usage
- Jython...
AdminTask.modifyAuditEmitter('-interactive')
setAuditEmitterFilters
The setAuditEmitterFilters command sets the filters for an audit service provider implementation.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters
- -emitterRef
- Specifies a reference to a audit service provider implementation. (String, required)
- -filtersRef
- Specifies one or more references to defined audit filters. Use the following format to specify more than one filter reference: reference,reference,reference (String, required)
Return value
The command returns a value of true if the system successfully sets the filters for the audit service provider.
Batch mode example usage
- Use Jython string:
AdminTask.setAuditEmitterFilters('-emitterRef AuditServiceProvider_1173199825608 -filtersRef AuditSpecification_1184598886859')- Use Jython list:
AdminTask.setAuditEmitterFilters(['-emitterRef', 'AuditServiceProvider_1173199825608', '-filtersRef', 'AuditSpecification_1184598886859'])
Interactive mode example usage
- Jython...
AdminTask.setAuditEmitterFilters('-interactive')
Related
AuditKeyStoreCommands
AuditSigningCommands
AuditEncryptionCommands
AuditEventFactoryCommands for AdminTask
AuditFilterCommands
AuditNotificationCommands
AuditPolicyCommands
AuditEventFormatterCommands