+

Search Tips   |   Advanced Search

AuditKeyStoreCommands (AdminTask)

We can use the Jython scripting language to configure the security auditing system with wsadmin.sh. Use commands in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.

Use the following commands to manage audit key stores in the audit.xml configuration file:


createAuditKeyStore

Creates a keystore in the audit.xml file. The system uses this keystore to encrypt audit records.

User must have auditor role.

Target object: None.

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

-keyStoreType

Specifies a valid keystore type. The default keystore type is PKCS12. (String, required)

-keyStoreLocation

Location where the system creates the keystore. (String, required)

-keyStorePassword

Password for the keystore. (String, required)

-keyStorePasswordVerify

Verifies the password for the keystore. (String, required)

Optional parameters

-keyStoreProvider

Specifies a provider for the keystore. (String, optional)

-keyStoreIsFileBased

Specifies if the keystore is file-based. The default is true. (Boolean, optional)

-keyStoreHostList

Host list for the keystore. (String, optional)

-keyStoreInitAtStartup

Whether the system initializes the keystore on startup. The default is false. (Boolean, optional)

-keyStoreReadOnly

Whether the keystore is read-only or not. Default is false. (Boolean, optional)

-keyStoreStashFile

Whether the keystore needs a stash file. (Boolean, optional)

-enableCryptoOperations

Whether the keystore is an acceleration keystore. False default. (Boolean, optional)

-scopeName

Scope for the keystore. (String, optional)

-keyStoreDescription

Specifies a description for the keystore. (String, optional)

Return value

The command returns the ID of the new keystore, as the following example displays:

Batch mode example

Interactive mode


deleteAuditKeyStore

The deleteAuditKeyStore command removes the reference to an audit keystore from the audit.xml configuration file.

User must have auditor role.

Target object: None.

Required parameters

-keyStoreName

Name of the keystore. (String, required)

Optional parameters

-scopeName

Management scope of the keystore. (String, optional)

-removeKeyStoreFile

Whether to remove the keystore from the configuration. Specify this parameter if the keystore of interest is not in use. (Boolean, optional)

Return value

Returns true if the system successfully removes the reference to the keystore from the audit.xml configuration file.

Batch mode example

Interactive mode


getAuditKeyStoreInfo

The getAuditKeyStoreInfo command returns a list of attributes for the keystore that the system uses to encrypt audit records.

The user must have the monitor administrative role to run this command.

Target object: None.

Required parameters

-keyStoreName

Unique name to identify the keystore. (String, required)

Optional parameters

-scopeName

Management scope of the keystore. (String, optional)

Return value

The command returns a list of attributes for the keystore, as the following sample output displays: 

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{createStashFileForCMS false}
{description {keyStore description}}
{readOnly false}
{initializeAtStartup true}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}

Batch mode example

Interactive mode


listAuditKeyStores

The listAuditKeyStores command lists the attributes for the audit keystores within a specific management scope or for all audit keystores.

The user must have the monitor administrative role to run this command.

Target object: None.

Optional parameters

-scopeName

Management scope associated with the keystores of interest. (String, optional)

-all

Whether to list all keystores. When the -all parameter is set as true, it overrides the -scopeName parameter. (Boolean, optional)

Return value

The command returns a list of attributes for the scope of interest, as the following sample output displays: 

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1173199825578}
{createStashFileForCMS false}
{description {keyStore description}}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}
{readOnly false}
{initializeAtStartup true}
{usage {}}
{provider IBMJCE}{name AuditDefaultKeyStore}}
{{location c:\install_root\appserver\profiles\AppSrv01\config\cells}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1184700968484}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1184700968484}
{createStashFileForCMS false}
{description {}}
{managementScope {}}
{readOnly false}
{initializeAtStartup false}
{usage {}}
{provider IBMJCE}
{name mykeystore}}

Batch mode example

Interactive mode


modifyAuditKeyStore

The modifyAuditKeyStore command modifies the keystore reference in the audit.xml file. The command edits keystore that encrypts audit records.

User must have auditor role.

Target object: None.

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

Optional parameters

-scopeName

Scope name of this keystore. (String, optional)

-keyStoreType

Specifies valid keystore type. (String, optional)

-keyStoreLocation

Location where the system creates the keystore. (String, optional)

-keyStorePassword

Password for this keystore. (String, optional)

-keyStoreIsFileBased

Whether the keystore is file based. (Boolean, optional)

-keyStoreInitAtStartup

Whether the system should initialize the keystore at startup. (Boolean, optional)

-keyStoreReadOnly

Whether the keystore is read-only or editable. (Boolean, optional)

-keyStoreDescription

Specifies a description for the keystore. (String, optional)

Return value

Returns true if the system successfully modifies the keystore.

Batch mode example

Interactive mode

  • AuditEmitterCommands (AdminTask)
  • AuditSigningCommands (AdminTask)
  • AuditEncryptionCommands (AdminTask)
  • AuditEventFactoryCommands (AdminTask)
  • AuditFilterCommands (AdminTask)
  • AuditNotificationCommands (AdminTask)
  • AuditPolicyCommands (AdminTask)
  • AuditEventFormatterCommands (AdminTask)