AuditKeyStoreCommands

Use Jython to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.

Use the following commands to manage audit key stores in the audit.xml configuration file:

• createAuditKeyStore
• deleteAuditKeyStore
• getAuditKeyStoreInfo
• listAuditKeyStores
• modifyAuditKeyStore

 

createAuditKeyStore

Creates a keystore in the audit.xml file. The system uses this keystore to encrypt audit records.

The user must have the auditor admin role to run this command.

Target object

None.

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

-keyStoreType

Specifies a valid keystore type. The default keystore type is PKCS12. (String, required)

-keyStoreLocation

Location where the system creates the keystore. (String, required)

-keyStorePassword

Password for the keystore. (String, required)

-keyStorePasswordVerify

Verifies the password for the keystore. (String, required)

Optional parameters

-keyStoreProvider

Provider for the keystore. (String, optional)

-keyStoreIsFileBased

Specifies if the keystore is file-based. The default is true. (Boolean, optional)

-keyStoreHostList

Host list for the keystore. (String, optional)

-keyStoreInitAtStartup

Specifies whether the system initializes the keystore on startup. The default is false. (Boolean, optional)

-keyStoreReadOnly

Specifies whether the keystore is read-only or not. Default is false. (Boolean, optional)

-keyStoreStashFile

Specifies whether the keystore needs a stash file. (Boolean, optional)

-enableCryptoOperations

Specifies whether the keystore is an acceleration keystore. False default. (Boolean, optional)

-scopeName

Scope for the keystore. (String, optional)

-keyStoreDescription

Description for the keystore. (String, optional)

Return value The command returns the ID of the new keystore, as the following example displays:

KeyStore_1173199825578

Batch mode example usage

• Use Jython string:

  AdminTask.createAuditKeyStore('-keyStoreName mynewkeystore -keyStoreLocation 
  c:\install_root\appserver\profiles\AppSrv01\config\cells -keyStorePassword 
  myPwd -keyStorePasswordVerify myPwd -keyStoreProvider IBMJCE -scopeName (cell):Node04Cell')
  

• Use Jython list:

  AdminTask.createAuditKeyStore(['-keyStoreName', 'mynewkeystore', '-keyStoreLocation', 
  'c:\install_root\appserver\profiles\AppSrv01\config\cells', '-keyStorePassword', 
  'myPwd', '-keyStorePasswordVerify', 'myPwd', '-keyStoreProvider', 'IBMJCE', 
  '-scopeName', '(cell):Node04Cell'])
  

Interactive mode example usage

• Jython...

  AdminTask.createAuditKeyStore('-interactive')
  

 

deleteAuditKeyStore

The deleteAuditKeyStore command removes the reference to an audit keystore from the audit.xml configuration file.

The user must have the auditor admin role to run this command.

Target object

None.

Required parameters

-keyStoreName

Name of the keystore. (String, required)

Optional parameters

-scopeName

Management scope of the keystore. (String, optional)

-removeKeyStoreFile

Specifies whether to remove the keystore from the configuration. Specify this parameter if the keystore of interest is not in use. (Boolean, optional)

Return value

The command returns a value of true if the system successfully removes the reference to the keystore from the audit.xml configuration file.

Batch mode example usage

• Use Jython string:

  AdminTask.deleteAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName 
  (cell):Node04Cell -removeKeyStoreFile false')
  

• Use Jython list:

  AdminTask.deleteAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName', 
  '(cell):Node04Cell', '-removeKeyStoreFile', 'false'])
  

Interactive mode example usage

• Jython...

  AdminTask.deleteAuditKeyStore('-interactive')
  

 

getAuditKeyStoreInfo

The getAuditKeyStoreInfo command returns a list of attributes for the keystore that the system uses to encrypt audit records.

The user must have the monitor admin role to run this command.

Target object

None.

Required parameters

-keyStoreName

Unique name to identify the keystore. (String, required)

Optional parameters

-scopeName

Management scope of the keystore. (String, optional)

Return value The command returns a list of attributes for the keystore, as the following sample output displays:

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{createStashFileForCMS false}
{description {keyStore description}}
{readOnly false}
{initializeAtStartup true}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}

Batch mode example usage

• Use Jython string:

  AdminTask.getAuditKeyStoreInfo('-keyStoreName AuditDefaultKeyStore')
  

• Use Jython list:

  AdminTask.getAuditKeyStoreInfo(['-keyStoreName', 'AuditDefaultKeyStore'])
  

Interactive mode example usage

• Jython...

  AdminTask.getAuditKeyStoreInfo('-interactive')
  

 

listAuditKeyStores

The listAuditKeyStores command lists the attributes for the audit keystores within a specific management scope or for all audit keystores.

The user must have the monitor admin role to run this command.

Target object

None.

Optional parameters

-scopeName

Management scope associated with the keystores of interest. (String, optional)

-all

Specifies whether to list all keystores. When the -all parameter is set as true, it overrides the -scopeName parameter. (Boolean, optional)

Return value The command returns a list of attributes for the scope of interest, as the following sample output displays:

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1173199825578}
{createStashFileForCMS false}
{description {keyStore description}}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}
{readOnly false}
{initializeAtStartup true}
{usage {}}
{provider IBMJCE}{name AuditDefaultKeyStore}}
{{location c:\install_root\appserver\profiles\AppSrv01\config\cells}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1184700968484}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1184700968484}
{createStashFileForCMS false}
{description {}}
{managementScope {}}
{readOnly false}
{initializeAtStartup false}
{usage {}}
{provider IBMJCE}
{name mykeystore}}

Batch mode example usage

• Use Jython string:

  AdminTask.listAuditKeyStores('-scopeName (cell):Node04Cell')
  

• Use Jython list:

  AdminTask.listAuditKeyStores(['-scopeName', '(cell):Node04Cell'])
  

Interactive mode example usage

• Jython...

  AdminTask.listAuditKeyStores('-interactive')
  

 

modifyAuditKeyStore

The modifyAuditKeyStore command modifies the keystore reference in the audit.xml file. The command edits keystore that encrypts audit records.

The user must have the auditor admin role to run this command.

Target object

None.

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

Optional parameters

-scopeName

Scope name of this keystore. (String, optional)

-keyStoreType

Specifies valid keystore type. (String, optional)

-keyStoreLocation

Location where the system creates the keystore. (String, optional)

-keyStorePassword

Password for this keystore. (String, optional)

-keyStoreIsFileBased

Specifies whether the keystore is file based. (Boolean, optional)

-keyStoreInitAtStartup

Specifies whether the system should initialize the keystore at startup. (Boolean, optional)

-keyStoreReadOnly

Specifies whether the keystore is read-only or editable. (Boolean, optional)

-keyStoreDescription

Description for the keystore. (String, optional)

Return value

The command returns a value of true if the system successfully modifies the keystore.

Batch mode example usage

• Use Jython string:

  AdminTask.modifyAuditKeyStore('-keyStoreName AuditDefaultKeyStore -scopeName 
  (cell):Node04Cell -keyStoreType PKCS12 -keyStoreLocation 
  c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12 
  -keyStorePassword myPwd')
  

• Use Jython list:

  AdminTask.modifyAuditKeyStore(['-keyStoreName', 'AuditDefaultKeyStore', '-scopeName', 
  '(cell):Node04Cell', '-keyStoreType', 'PKCS12', '-keyStoreLocation', 
  'c:\install_root\appserver\profiles\AppSrv01\config\cells\Node04Cell\audittrust.p12', 
  '-keyStorePassword', 'myPwd'])
  

Interactive mode example usage

• Jython...

  AdminTask.modifyAuditKeyStore('-interactive')
  

---

 

Related

AuditEmitterCommands for AdminTask
AuditSigningCommands
AuditEncryptionCommands
AuditEventFactoryCommands for AdminTask
AuditFilterCommands
AuditNotificationCommands
AuditPolicyCommands
AuditEventFormatterCommands