Set security audit notifications using scripting
Set the security auditing system to send email notifications to a distribution list, system log, or both a distribution list and a system log if a failure occurs in the audit subsystem. Security auditing provides tracking and archiving of auditable events.
Before configuring a notification object in the audit.xml configuration file, verify set up a security auditing subsystem and configured the security auditing policy.
Configure the security auditing system to notify a specific person or group when a failure occurs in the audit subsystem. Use the following steps to enable security auditing email notifications, set the format of notification email, and secure email:
- Launch the wsadmin scripting tool using the Jython scripting language.
- Customize and enable security auditing email notifications.
Use the createAuditNotification command and the following parameters to configure notifications:
Table 1. Command parameters
Parameter Description Data Types Required -notificationName Specifies a unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Specifies whether to log the notification to SystemOut.log. Boolean Yes -sendEmail Specifies whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Specifies whether to send the email be HTML or TEXT format. String No
To create the audit notification object, specify the -notificationName, -logToSystemOut, and -sendEmail parameters...
AdminTask.createAuditNotification('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')- Create an audit notification monitor object. Create an audit notification monitor object to monitor the security auditing subsystem for possible failure. Use the createAuditNotificationMonitor command and the following parameters to create a monitor object for the security auditing system:
Table 2. Command parameters
Parameter Description Data Types Required -notificationName Specifies a unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Specifies whether to log the notification to SystemOut.log. Boolean Yes -sendEmail Specifies whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Specifies whether to send the email be HTML or TEXT format. String No
To create the audit notification monitor object, specify the -notificationName, -logToSystemOut, and -sendEmail parameters...
AdminTask.createAuditNotificationMonitor('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')- Save the configuration changes...
AdminConfig.save()
Results
The security auditing system notifies the specified recipients if a failure occurs in the security auditing system.
What to do next
Use the modifyAuditNotification command and the Audit Notification Commands to manage your notification configuration.
Related tasks
Set auditable events using scripting
Encrypting security audit data using scripting
Enable security auditing using scripting
Signing security audit data using scripting
Set security auditing using scripting
Related
AuditKeyStoreCommands
AuditEmitterCommands for AdminTask
AuditSigningCommands
AuditEncryptionCommands
AuditEventFactoryCommands for AdminTask
AuditFilterCommands
AuditNotificationCommands
AuditPolicyCommands
AuditEventFormatterCommands