Set the default audit service providers for security auditing


The audit service provider is used to format the audit data object that was sent by the audit event factory. After being formatted, the audit data is recorded to the repository defined in the audit service provider configuration.

Before configuring the audit service provider, enable global security in the environment.

This task configures the audit service provider used to record generated audit records.

 

  1. Click Security > Security Auditing > Audit service provider.

  2. Click New and then select Binary file based emitter.

  3. Enter the unique name that should be associated with this audit service provider in the Name field.

  4. Enter the file location of the binary log file in the Audit log file location field.

  5. Enter the maximum size allowed for a single binary log file in the Audit log file size field.

    This field is specified in megabytes. After the maximum audit file size is reached, a new audit file will be created or an existing audit file will be overwritten. If the maximum number of audit log files has not been set, the default maximum file value used is 10 megabytes. There is no audit archiving utility included with WAS ND. we are responsible for the archiving of the audit data.

  6. In the Maximum number of audit log files field, enter the maximum number of audit logs to be stored before the oldest is overwritten.

    The default value for this field is 100. The value of 100 is also used if the field is empty.

  7. Select the filters to be used by this audit service provider. The Selectable filter list consists of a list of the configured filters that have been configured and are currently enabled.

    1. Select the filters that should be audited from the Selectable filter list.

    2. Click Add >> to add the selected filters to the Enabled filter list.

  8. Click Apply.

 

Results

After completing these steps, the audit data will be sent to the specified repository in the format required by that repository.

 

Next steps

After creating an audit service provider, the audit service provider must be associated with an audit event factory provide the audit data objects to the audit service provider. Next you should configure an audit event factory.


Audit service provider collection
Audit service provider settings
Example: Base Generic Emitter Interface

 

Related tasks


Set auditable events using scripting
Audit the security infrastructure