Configure security audit notifications
Configure the security auditing system to send email notifications to a distribution list, system log, or both a distribution list and a system log if a failure occurs in the audit subsystem. Security auditing provides tracking and archiving of auditable events.
Before configuring a notification object in the audit.xml configuration file, verify set up a security auditing subsystem and configured the security auditing policy.
We can configure the security auditing system to notify a specific person or group when a failure occurs in the audit subsystem. Use the following steps to enable security auditing email notifications, set the format of notification email, and secure email:
This topic references one or more of the application server log files. As a recommended alternative, we can configure the server to use the High Performance Extensible Logging (HPEL) log and trace infrastructure instead of using SystemOut.log , SystemErr.log, trace.log, and activity.log files on distributed and IBM i systems. We can also use HPEL in conjunction with the native z/OS logging facilities. If we are using HPEL, we can access all of the log and trace information using the LogViewer command-line tool from the server profile bin directory. See the information about using HPEL to troubleshoot applications for more information on using HPEL.
- Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
- Customize and enable security auditing email notifications.
Parameter Description Data Types Required -notificationName Unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Whether to log the notification to the SystemOut.log file. Boolean Yes -sendEmail Whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Whether to send the email be HTML or TEXT format. String No To create the audit notification object, specify the -notificationName, -logToSystemOut, and -sendEmail parameters:
AdminTask.createAuditNotification('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')
- Create an audit notification monitor object.
Create an audit notification monitor object to monitor the security auditing subsystem for possible failure.
parameters. Use the createAuditNotificationMonitor command and the following parameters to create a monitor object for the security
Parameter Description Data Types Required -notificationName Unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Whether to log the notification to the SystemOut.log file. Boolean Yes -sendEmail Whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Whether to send the email be HTML or TEXT format. String No To create the audit notification monitor object, specify the -notificationName, -logToSystemOut, and -sendEmail parameters:
AdminTask.createAuditNotificationMonitor('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')
- Save the configuration changes.
Use the following command example to save the configuration changes:
AdminConfig.save()
Results
The security auditing system notifies the specified recipients if a failure occurs in the security auditing system.
What to do next
Use the modifyAuditNotification command and the Audit Notification Commands (AdminTask) to manage your notification configuration.
Related tasks
Configure auditable events Encrypting security audit data Enable security auditing Signing security audit data Configure security auditing Start the wsadmin scripting client
AuditKeyStoreCommands (AdminTask) AuditEmitterCommands (AdminTask) AuditSigningCommands (AdminTask) AuditEncryptionCommands (AdminTask) AuditEventFactoryCommands (AdminTask) AuditFilterCommands (AdminTask) AuditNotificationCommands (AdminTask) AuditPolicyCommands (AdminTask) AuditEventFormatterCommands (AdminTask)