Security Auditing detail
The Security auditing subsystem can be enabled and configured from this page, by users assigned the auditor role.
From the admin console, click...
Security > Security Auditing
If Enable security auditing is not selected, then all of the other fields on this page will be disabled.
Enable security auditing
The Enable security auditing check box allows users to enable or disable Security Auditing. By default, Security Auditing will not be enabled. This field corresponds with the auditEnabled field in the audit.xml file.
Audit subsystem failure action
The Audit subsystem failure action setting describes the behavior of the application server in the event of a failure in the auditing subsystem. Audit Notifications must be configured in order for notifications of a failure in the audit subsystem to be logged. If security auditing is not enabled, then these actions will not be performed. Failures can include an error in the interface or in the event processing. By default, the audit subsystem failure action setting is set to No warning.
The Audit subsystem failure action dropdown menu has the following options:
- No warning
The No warning action specifies that the auditor will not be notified of a failure in the audit subsystem. The product will continue processing but audit reporting will be disabled.
- Log warning
The Log warning action specifies that the auditor will be notified of a failure in the audit subsystem. The product will continue processing but audit reporting will be disabled.
- Terminate server
The Terminate server action specifies the application server to gracefully quiesce when an unrecoverable error occurs in the auditing subsystem. If email notifications are configured, the auditor will be sent a notification an error has occurred. If logging to the system log is configured, the notification of the failure will be logged to the system file.
Primary auditor user name
The Primary auditor user name dropdown menu defines a valid user which exists in the current user registry and for whom the auditor role has been given. By default, this field is blank and is a required field.
Enable verbose auditing
The Enable verbose auditing option determines the amount of audit data that is reported in an audit record. Verbose mode captures all the auditable data points, whereas not enabling verbose mode captures only a subset of the available data. This option is disabled by default.
Auditing the security infrastructure Event type filters collection Audit service provider collection Audit event factory configuration collection Audit encryption keystores and certificates collection Audit record encryption configuration settings Audit record signing configuration settings Audit monitor collection