Configure security audit notifications using scripting
Configure the security auditing system to send email notifications to a distribution list, system log, or both a distribution list and a system log if a failure occurs in the audit subsystem. Security auditing provides tracking and archiving of auditable events.
Before configuring a notification object in the audit.xml configuration file, verify that we set up a security auditing subsystem and configured the security auditing policy.
We can configure the security auditing system to notify a specific person or group when a failure occurs in the audit subsystem. Use the following steps to enable security auditing email notifications, set the format of notification email, and secure email:
IBM recommends using the High Performance Extensible Logging (HPEL) log and trace infrastructure . We view HPEL log and trace information using the logViewer .
Tasks
- Launch the wsadmin scripting tool using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
- Customize and enable security auditing email notifications.
Parameter Description Data Types Required -notificationName Unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Specifies whether to log the notification to the SystemOut.log file. Boolean Yes -sendEmail Specifies whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Specifies whether to send the email be HTML or TEXT format. String No To create the audit notification object, specify the -notificationName, -logToSystemOut, and -sendEmail parameters, as the following example demonstrates:
AdminTask.createAuditNotification('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')- Create an audit notification monitor object.
Create an audit notification monitor object to monitor the security auditing subsystem for possible failure.
Parameter Description Data Types Required -notificationName Unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Specifies whether to log the notification to the SystemOut.log file. Boolean Yes -sendEmail Specifies whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Specifies whether to send the email be HTML or TEXT format. String No To create the audit notification monitor object, we must specify the -notificationName, -logToSystemOut, and -sendEmail parameters:
AdminTask.createAuditNotificationMonitor('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')- Save the configuration changes.
AdminConfig.save()
The security auditing system notifies the specified recipients if a failure occurs in the security auditing system.
What to do next
Use the modifyAuditNotification command and the Audit Notification Commands .to manage your notification configuration.
Configure auditable events using scripting Encrypting security audit data using scripting Enable security auditing using scripting Signing security audit data using scripting Configure security auditing using scripting Start the wsadmin scripting client AuditKeyStoreCommands AuditEmitterCommands for the AdminTask object AuditSigningCommands AuditEncryptionCommands AuditEventFactoryCommands for the AdminTask object AuditFilterCommands AuditNotificationCommands AuditPolicyCommands AuditEventFormatterCommands