Set audit event factories for security auditing
The audit event factory collects the data associated with the auditable security events and builds the audit data object. The object is then sent to the audit service provider to be formatted and recorded to a specified repository.
Before configuring an event factory, enable global security in the environment. An event type filter and an audit service provider need to be created before completing these steps
- Click Security > Security Auditing > Audit event factory configurations > New.
- Enter the unique name that should be associated with this Audit event factory configuration in the Name field.
- Select either IBM audit event factory or Third party event factory.
- Enter the Third party audit event factory class name. This step is only required if a Third party event factory is being created.
- Select the appropriate audit service provider implementation from the Audit service provider dropdown menu,
- Select the event type filter configuration to be used by this audit event factory. The Filters list consists of a list of the event type filter configurations that have been created and are currently enabled.
- Select the event type filters that should be used from the Selectable filter list.
- Click Add >> to add the selected event type filter configurations to the Enabled filter lists.
- Enter any Custom properties that need to be included with this audit event factory configuration. Custom properties are only available for Third party event factory implementations.
- Click Apply.
ResultsAfter successful completion of these steps, you will have an event factory that can be used to gather auditable event data.
Next stepsAfter configuring an audit event factory, optionally protect the data by configuring the security auditing subsystem to sign and encrypt the audit logs.
Audit event factory configuration collection
Audit event factory settings
Example: Generic Event Factory Interface
Set auditable events using scripting
Audit the security infrastructure