WAS v8.5 > Reference > Commands (wsadmin scripting)

AuditKeyStoreCommands command group for AdminTask

We can use the Jython scripting language to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditKeyStoreCommands group to configure audit keystores in the security auditing system.

Use the following commands to manage audit key stores in the audit.xml configuration file:


createAuditKeyStore

Creates a keystore in the audit.xml file. The system uses this keystore to encrypt audit records.

The user must have the auditor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

-keyStoreType

Specifies a valid keystore type. The default keystore type is PKCS12. (String, required)

-keyStoreLocation

Location where the system creates the keystore. (String, required)

-keyStorePassword

Password for the keystore. (String, required)

-keyStorePasswordVerify

Verifies the password for the keystore. (String, required)

Optional parameters

-keyStoreProvider

Specifies a provider for the keystore. (String, optional)

-keyStoreIsFileBased

Specifies if the keystore is file-based. The default is true. (Boolean, optional)

-keyStoreHostList

Specifies the host list for the keystore. (String, optional)

-keyStoreInitAtStartup

Whether the system initializes the keystore on startup. The default is false. (Boolean, optional)

-keyStoreReadOnly

Whether the keystore is read-only or not. Default is false. (Boolean, optional)

-keyStoreStashFile

Whether the keystore needs a stash file. (Boolean, optional)

-enableCryptoOperations

Whether the keystore is an acceleration keystore. False default. (Boolean, optional)

-scopeName

Scope for the keystore. (String, optional)

-keyStoreDescription

Description for the keystore. (String, optional)

Return value

The command returns the ID of the new keystore, as the following example displays:

Batch mode example usage

Interactive mode example usage


deleteAuditKeyStore

The deleteAuditKeyStore command removes the reference to an audit keystore from the audit.xml configuration file.

The user must have the auditor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName

Name of the keystore. (String, required)

Optional parameters

-scopeName

Specifies the management scope of the keystore. (String, optional)

-removeKeyStoreFile

Whether to remove the keystore from the configuration. Specify this parameter if the keystore of interest is not in use. (Boolean, optional)

Return value

The command returns a value of true if the system successfully removes the reference to the keystore from the audit.xml configuration file.

Batch mode example usage

Interactive mode example usage


getAuditKeyStoreInfo

The getAuditKeyStoreInfo command returns a list of attributes for the keystore the system uses to encrypt audit records.

The user must have the monitor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName

Unique name to identify the keystore. (String, required)

Optional parameters

-scopeName

Specifies the management scope of the keystore. (String, optional)

Return value

The command returns a list of attributes for the keystore, as the following sample output displays:

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{createStashFileForCMS false}
{description {keyStore description}}
{readOnly false}
{initializeAtStartup true}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}

Interactive mode example usage


listAuditKeyStores

The listAuditKeyStores command lists the attributes for the audit keystores within a specific management scope or for all audit keystores.

The user must have the monitor administrative role to run this command.

Target object

None.

Optional parameters

-scopeName

Specifies the management scope associated with the keystores of interest. (String, optional)

-all

Whether to list all keystores. When the -all parameter is set as true, it overrides the -scopeName parameter. (Boolean, optional)

Return value

The command returns a list of attributes for the scope of interest, as the following sample output displays:

{{location ${CONFIG_ROOT}/audittrust.p12}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1173199825578}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1173199825578}
{createStashFileForCMS false}
{description {keyStore description}}
{managementScope (cells/Node04Cell|audit.xml#ManagementScope_1173199825608)}
{readOnly false}
{initializeAtStartup true}
{usage {}}
{provider IBMJCE}{name AuditDefaultKeyStore}}
{{location c:\install_root\appserver\profiles\AppSrv01\config\cells}
{password *****}
{_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#KeyStore_1184700968484}
{_Websphere_Config_Data_Version {}}
{useForAcceleration false}
{slot 0}
{type PKCS12}
{additionalKeyStoreAttrs {}}
{fileBased true}
{_Websphere_Config_Data_Type KeyStore}
{customProviderClass {}}
{hostList {}}
{keyStoreRef KeyStore_1184700968484}
{createStashFileForCMS false}
{description {}}
{managementScope {}}
{readOnly false}
{initializeAtStartup false}
{usage {}}
{provider IBMJCE}
{name mykeystore}}

Batch mode example usage

Interactive mode example usage


modifyAuditKeyStore

The modifyAuditKeyStore command modifies the keystore reference in the audit.xml file. The command edits keystore that encrypts audit records.

The user must have the auditor administrative role to run this command.

Target object

None.

Required parameters

-keyStoreName

Unique name of the keystore. (String, required)

Optional parameters

-scopeName

Scope name of this keystore. (String, optional)

-keyStoreType

Specifies valid keystore type. (String, optional)

-keyStoreLocation

Location where the system creates the keystore. (String, optional)

-keyStorePassword

Password for this keystore. (String, optional)

-keyStoreIsFileBased

Whether the keystore is file based. (Boolean, optional)

-keyStoreInitAtStartup

Whether the system should initialize the keystore at startup. (Boolean, optional)

-keyStoreReadOnly

Whether the keystore is read-only or editable. (Boolean, optional)

-keyStoreDescription

Description for the keystore. (String, optional)

Return value

The command returns a value of true if the system successfully modifies the keystore.

Interactive mode example usage


Reference:

AuditEmitterCommands for AdminTask
AuditSigningCommands command group for AdminTask
AuditEncryptionCommands command group for AdminTask
AuditEventFactoryCommands for AdminTask
AuditFilterCommands command group for AdminTask
AuditNotificationCommands command group for AdminTask
AuditPolicyCommands command group for AdminTask
AuditEventFormatterCommands command group for AdminTask


+

Search Tips   |   Advanced Search