Set security auditing with scripting
Security auditing provides tracking and archiving of auditable events. This page uses wsadmin to enable and administer the security auditing configurations.
While security authentication and authorization ensures that users must have access to view protected resources, security auditing provides a mechanism to validate the integrity of a security computing environment. Security auditing collects and logs authentication, authorization, system management, security, and audit policy events in audit event records. We can analyze audit event records to determine possible security breaches, threats, attacks, and potential weaknesses in the security configuration of the environment. Enable security auditing in the environment. For example, the following list displays a sample of events to audit:
- Determine the time that a specific user attempted to access a resource.
- View information for successful and unsuccessful attempts to access resources.
- Review changes to resources that were made by a specific user.
- Determine the cause of unsuccessful login attempts.
Use the following task outline to enable and configure security auditing in the environment:
- Enable administrative security in the environment.
- Set auditable events.
The security auditing configuration provides four default auditable filters. Use this topic to configure filters for additional audit events.
- Set audit event factories. The security auditing configuration provides a default event factory. Use this topic to configure additional audit event factories.
- Set audit service providers.
The security auditing configuration provides a default service provider. Use this topic to configure additional audit service providers.
- Set the global audit policy.
After setting up audit event factories, service providers, and events, use this topic to enable security auditing.
ResultsAfter completing the steps to enable and configure security auditing, the profile of interest audits the security configurations for specific auditable event types.
What to do nextTo further configure security auditing, we can:
Set audit service providers
Set audit event factories
Set auditable events
Enable security auditing
Set security audit notifications
Encrypting security audit data
Signing security audit data
AuditEmitterCommands for AdminTask
AuditEventFactoryCommands for AdminTask
Enable and disable security