Network Deployment (Distributed operating systems), v8.0 > Reference > Sets
Auditable security events
Auditable security events are security events that have audit instrumentation added to the security run time code to enable them to be recorded. Event filters are configured to specify which auditable security events are recorded to the audit log files.
The following list describes each valid auditable event that you can specify as an enabled event type when creating an event filter:
For each audit event type, specify an outcome. Valid outcomes include SUCCESS, FAILURE, REDIRECT, ERROR, DENIED, WARNING, and INFO. Not all outcomes are applicable with all event types.
Event types. Valid auditable events can be specified as an enabled event type when creating an event filter:
Event name Description SECURITY_AUTHN Audits all authentication events SECURITY_AUTHN_MAPPING Audits events that record mapping of credentials where two user identities are involved SECURITY_AUTHN_TERMINATE Audits authentication termination events such as a timeout, terminated session, or user-initiated logging out SECURITY_AUTHZ Audits events related to authorization checks when the system enforces access control policies SECURITY_RUNTIME Audits runtime events such as the starting and the stopping of security servers. This event type is not meant for administrative operations performed by a system administrator as such operations need to use the other SECURITY_MGMT_* event types. SECURITY_MGMT_AUDIT Audits events that record operations related to the audit subsystem such as starting audit, stopping audit, turning audit on or off, changing configuration of audit filters or level, archiving audit data, purging audit data, and so on. SECURITY_RESOURCE_ACCESS Audits events that record all accesses to a resource. Examples are all accesses to a file, all HTTP requests and responses to a given web page, and all accesses to a critical database table SECURITY_SIGNING Audits events that record signing such as signing operations used to validate parts of a SOAP Message for web services SECURITY_ENCRYPTION Audits events that record encryption information such as encryption for web services SECURITY_AUTHN_DELEGATION Audits events that record delegation, including identity assertion, RunAs, and low assertion. Used when the client identity is propagated or when delegation involves the use of a special identity. This event type is also used when switching user identities within a given session. SECURITY_AUTHN_CREDS_MODIFY Audits events to modify credentials for a given user identity Support for the SECURITY_RUNTIME auditing event type has been fully implemented for this release of WAS. It audits runtime events such as the starting and the stopping of security servers.
Create security auditing event type filters