+

Search Tips   |   Advanced Search

Enable the security auditing subsystem

Security auditing will not be performed unless the audit security subsystem has been enabled. Global security must be enabled for the security audit subsystem to function, as no security auditing occurs if global security is not also enabled.

The recording of auditable security events is achieved by enabled the security auditing subsystem.

Enable the security auditing subsystem...

  1. Click...

      Security > Security auditing > Enable security auditing

    The Enable security auditing check box is not selected by default. This check box must be selected to allow security auditing to be performed with the configurations been specified in the audit.xml file.

    The audit.xml file is used to store the audit subsystem configurations. Changes to the security auditing subsystem should be made with the user interface or the wsadmin utility. This file should not be edited manually.

  2. Select the action from the Audit subsystem failure action dropdown menu to be perform when an audit subsystem failure occurs.

    Notifications configured to warn of a security auditing subsystem failure will not be posted if the No Warning option is selected for this field. If we select either the Log warning or the Terminate server option, then we must also configure a notification for the action to be performed.

  3. Select the Auditor ID from the dropdown menu.

    The auditor role is needed to make changed to the security auditing configurations. By default, when auditing is first enabled, the primary administrator is also given the auditor role. The primary administrator can then add the auditor role to other users. After the auditor role is added to other users, the auditor role can be removed from the administrator to create a separation of authority between the auditor and the administrator. The Auditor ID is the user considered to be the primary auditor.

  4. Optional: Select Enable verbose auditing.

    When an auditable event is recorded, a default set of audit data is included in the audit data object and recorded to the repository. An additional set of audit data is made available by enabling verbose auditing.

  5. Click Apply.

  6. Restart the application server.

    The application server must be restarted before the changes go into effect.

The successful competition of these steps results in the security auditing subsystem being enabled.


What to do next

After enabling the security auditing subsystem, refinements can be made to the configuration. We might want to modify the access control of the audit subsystem to separate the authority of the administrator from the authority of the auditor. If no changes to the access control are needed, then we can configure the types of auditable security events should be recorded. To configure the types of events that are recorded, click Event type filters.


Subtopics


  • Auditing the security infrastructure
  • Enable security auditing using scripting
  • Configure security audit subsystem failure notifications