WebSEAL server activity auditing
The Security Verify Access event logging mechanism can capture common events and activity generated by WebSEAL. Event logging provides a structured hierarchy for capturing information for auditing purposes. Event logging also supports the use of alternative destinations for logging output, such as files and remote servers.
To implement event logging, we use the logcfg event logging stanza entry to define one or more log agents (loggers) that gather a specific category of audit information from the event pool and direct this information to a destination.
The logcfg stanza entries are entered in the [pdaudit-filter] stanza of the pdaudit.conf configuration file. The pdaudit.conf configuration file is a component of the Common Auditing and Reporting Service (CARS).
WebSEAL still supports event logging configuration through the [aznapi-configuration] stanza in the WebSEAL configuration file. The format of the logcfg event logging stanza entries remains the same Whether entered in the [pdaudit-filter] stanza of the pdaudit.conf configuration file or the [aznapi-configuration] stanza of the WebSEAL configuration file.
For complete information about the event logging mechanism, see the Auditing topics in the IBM Knowledge Center. WebSEAL also supports traditional auditing and logging of HTTP events. Use this traditional mechanism only for situations that require compatibility with older installations of ISAM. See Traditional auditing and logging of HTTP events and Traditional auditing mechanism.
Parent topic: Server administration
Related concepts
- WebSEAL instance management
- Error message logging
- Traditional auditing and logging of HTTP events
- Configuration data log file
Related tasks
Related reference