AuditEventFactoryCommands for AdminTask

AuditEventFactoryCommands for AdminTask

Use Jython to configure the security auditing system with wsadmin. Use the commands and parameters in the AuditEventFactoryCommands group to configure the default or a third-party audit event factory.
Use the following commands to configure the default audit event factory or a third-party audit event factory:

createAuditEventFactory
deleteAuditEventFactoryByName
deleteAuditEventFactoryByRef
getAuditEventFactory
getAuditEventFactoryClass
getAuditEventFactoryFilters
getAuditEventFactoryName
getAuditEventFactoryProvider
listAuditEventFactories
modifyAuditEventFactory
setAuditEventFactoryFilters

createAuditEventFactory

The createAuditEventFactory command creates an audit event factory in the security auditing system configuration. Use the default implementation of the audit event factory or use a third-party implementation. To configure a third-party implementation, use the optional -customProperties parameter to specify any properties necessary to configure the audit event factory implementation.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters

-uniqueName

Specifies a unique name that identifies the audit event factory. (String, required)

-className

Class implementation of the audit event factory interface. (String, required)

-provider

Specifies a reference to a predefined audit service provider implementation. (String, required)

-auditFilters

Specifies a reference or a group of references to predefined audit filters, using the following format: reference, reference, reference (String, required)

Optional parameters

-customProperties

Specifies any custom properties necessary to configure a third-party implementation. (String, optional)

Return value
The command returns the shortened reference ID for the newly created audit event factory.
Batch mode example usage

Use Jython string:
AdminTask.createAuditEventFactory('-uniqueName myeventfactory -className com.mycompany.myeventfactoryclass -provider AuditServiceProvider_1173199825608 -customProperties a=b -auditFilters AuditSpecification_1184598886859')

Use Jython list:
AdminTask.createAuditEventFactory(['-uniqueName', 'myeventfactory', '-className', 'com.mycompany.myeventfactoryclass', '-provider', 'AuditServiceProvider_1173199825608', '-customProperties', 'a=b', '-auditFilters', 'AuditSpecification_1184598886859'])

Interactive mode example usage

Jython...
AdminTask.createAuditEventFactory()

deleteAuditEventFactoryByName

The deleteAuditEventFactoryByName command deletes the audit event factory implementation in the audit.xml file that matches a specific unique name identifier.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters

-uniqueName

Unique name of the audit event factory implementation. (String, required)

Return value
The command returns a value of true if the system successfully deletes the audit event factory.
Batch mode example usage

Use Jython string:
AdminTask.deleteAuditEventFactoryByName('–uniqueName myeventfactory')

Use Jython list:
AdminTask.deleteAuditEventFactoryByName(['–uniqueName', 'myeventfactory'])

Interactive mode example usage

Jython...
AdminTask.deleteAuditEventFactoryByName('-interactive')

deleteAuditEventFactoryByRef

The deleteAuditEventFactoryByRef command deletes the audit event factory implementation that matches the reference ID of interest.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

Return value
The command returns a value of true if the system successfully deletes the audit event factory.
Batch mode example usage

Use Jython string:
AdminTask.deleteAuditEventFactoryByRef('–eventFactoryRef AuditEventFactory_1184688293515')

Use Jython list:
AdminTask.deleteAuditEventFactoryByRef(['–eventFactoryRef', 'AuditEventFactory_1184688293515'])

Interactive mode example usage

Jython...
AdminTask.deleteAuditEventFactoryByRef('–interactive')

getAuditEventFactory

The getAuditEventFactory command retrieves the list of attributes for the audit event factory implementation in the audit.xml file for a specific reference id.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

Return value The command returns an attribute list for the audit event factory implementation of interest, as the following example output displays:
{{name myeventfactory} {properties {{{validationExpression {}} {name a} {description {}} {value b} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#Property_1184688593531} {_Websphere_Config_Data_Type Property} {required false}}}} {className com.mycompany.myeventfactoryclass} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608)} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1184688293515} {_Websphere_Config_Data_Type AuditEventFactory}}

Batch mode example usage

Use Jython string:
AdminTask.getAuditEventFactory('-eventFactoryRef AuditEventFactory_1184688293515')

Use Jython list:
AdminTask.getAuditEventFactory(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])

Interactive mode example usage

Jython...
AdminTask.getAuditEventFactory('-interactive')

getAuditEventFactoryClass

The getAuditEventFactoryClass command retrieves the class name of the audit event factory implementation that matches a specific reference ID in the audit.xml configuration file.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

Return value The command returns the class name of the audit event factory of interest, as the following sample output displays:
com.mycompany.myeventfactoryclass

Batch mode example usage

Use Jython string:
AdminTask.getAuditEventFactoryClass('-eventFactoryRef AuditEventFactory_1184688293515')

Use Jython list:
AdminTask.getAuditEventFactoryClass(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])

Interactive mode example usage

Jython...
AdminTask.getAuditEventFactoryClass('-interactive')

getAuditEventFactoryFilters

The getAuditEventFactoryFilters command retrieves a list of defined filters for the passed-in event factory.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

Return value The command returns a list of the defined filters for the event factory reference of interest in a shortened format, as the following sample output displays:
AUTHN:SUCCESS,AUTHN:INFO,AUTHZ:SUCCESS,AUTHZ:INFO

Batch mode example usage

Use Jython string:
AdminTask.getAuditEventFactoryFilters('-eventFactoryRef AuditEventFactory_1184688293515')

Use Jython list:
AdminTask.getAuditEventFactoryFilters(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])

Interactive mode example usage

Jython...
AdminTask.getAuditEventFactoryFilters('-interactive')

getAuditEventFactoryName

The getAuditEventFactoryName command retrieves the unique name of the audit event factory implementation that matches a specific reference ID in the audit.xml configuration file.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

Return value The command returns the name of the audit event factory, as the following sample output displays:
myeventfactory

Batch mode example usage

Use Jython string:
AdminTask.getAuditEventFactoryName('-eventFactoryRef AuditEventFactory_1184688293515')

Use Jython list:
AdminTask.getAuditEventFactoryName(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])

Interactive mode example usage

Jython...
AdminTask.getAuditEventFactoryName('-interactive')

getAuditEventFactoryProvider

The getAuditEventFactoryProvider command retrieves the object name of the audit service provider that a specific audit event factory implementation uses in the audit.xml configuration file.
The user must have the monitor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

Return value The command returns the object name of the audit service provider for the audit event factory of interest, as the following sample output displays:
auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)

Batch mode example usage

Use Jython string:
AdminTask.getAuditEventFactoryProvider('-eventFactoryRef AuditEventFactory_1184688293515')

Use Jython list:
AdminTask.getAuditEventFactoryProvider(['-eventFactoryRef', 'AuditEventFactory_1184688293515'])

Interactive mode example usage

Jython...
AdminTask.getAuditEventFactoryProvider('-interactive')

listAuditEventFactories

The listAuditEventFactories command retrieves a list of audit event factory objects and their attributes defined in the audit.xml file.
The user must have the monitor admin role to run this command.
Target object
None.
Return value The command returns an array list of audit event factories and attributes, as the following example output displays:
{{auditSpecifications DefaultAuditSpecification_1(cells/Node04Cell|audit.xml#AuditSpecification_1173199825608) DefaultAuditSpecification_2(cells/Node04Cell|audit.xml#AuditSpecification_1173199825609) DefaultAuditSpecification_3(cells/Node04Cell|audit.xml#AuditSpecification_1173199825610) DefaultAuditSpecification_4(cells/Node04Cell|audit.xml#AuditSpecification_1173199825611)} {name auditEventFactoryImpl_1} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1173199825608} {_Websphere_Config_Data_Type AuditEventFactory} {auditSpecRef4 AuditSpecification_1173199825611} {properties {}} {auditSpecRef3 AuditSpecification_1173199825610} {className com.ibm.ws.security.audit.AuditEventFactoryImpl} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {auditSpecRef2 AuditSpecification_1173199825609} {auditSpecRef1 AuditSpecification_1173199825608} {auditEventFactoryRef AuditEventFactory_1173199825608} {emitterRef AuditServiceProvider_1173199825608}} {{auditSpecifications myfilter(cells/Node04Cell|audit.xml#AuditSpecification_1184598886859)} {name myeventfactory} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#AuditEventFactory_1184688293515} {_Websphere_Config_Data_Type AuditEventFactory} {className com.mycompany.myeventfactoryclass} {auditServiceProvider auditServiceProviderImpl_1(cells/Node04Cell|audit.xml#AuditServiceProvider_1173199825608)} {properties {{{validationExpression {}} {name a} {description {}} {value b} {_Websphere_Config_Data_Id cells/Node04Cell|audit.xml#Property_1184688293546} {_Websphere_Config_Data_Type Property} {required false}}}} {auditSpecRef1 AuditSpecification_1184598886859} {auditEventFactoryRef AuditEventFactory_1184688293515} {emitterRef AuditServiceProvider_1173199825608}}

Batch mode example usage

Use Jython string:
AdminTask.listAuditEventFactories()

Use Jython list:
AdminTask.listAuditEventFactories()

Interactive mode example usage

Use Jython string:
AdminTask.listAuditEventFactories('-interactive')

modifyAuditEventFactory

The modifyAuditEventFactory command modifies the attributes of the audit event factory implementation that the command references with the reference id.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

Optional parameters

-provider

Reference ID of an audit service provider implementation. (String, optional)

-className

Name of the class that implements the audit event factory interface. (String, optional)

-customProperties

Specifies one or more custom properties to associate with the audit event factory of interest. Use the following format: name=value, name=value (String, optional)

-auditFilters

List of references to audit filters that exist in the configuration. We can separate each item in the list with a comma (,), a semicolon (;), or a space. (String, optional)

Return value
The command returns a value of true if the system successfully updates the security auditing system configuration.
Batch mode example usage

Use Jython string:
AdminTask.modifyAuditEventFactory('-eventFactoryRef AuditEventFactory_1184688293515 -provider AuditServiceProvider_1173199825608 -customProperties b=c')

Use Jython list:
AdminTask.modifyAuditEventFactory(['-eventFactoryRef', 'AuditEventFactory_1184688293515', '-provider', 'AuditServiceProvider_1173199825608', '-customProperties', 'b=c'])

Interactive mode example usage

Jython...
AdminTask.modifyAuditEventFactory('-interactive')

setAuditEventFactoryFilters

The setAuditEventFactoryFilters command sets the filters for an audit event factory implementation.
The user must have the auditor admin role to run this command.
Target object
None.
Required parameters

-eventFactoryRef

Specifies an audit event factory implementation. This parameter can be a reference to the event factory object. (String, required)

-filtersRef

List of references to defined audit filters. (String, required)

Return value
The command returns a value of true if the system successfully sets the filters for the audit event factory.
Batch mode example usage

Use Jython string:
AdminTask.setAuditEventFactoryFilters('-eventFactoryRef AuditEventFactory_1184688293515 -filtersRef AuditSpecification_1173199825608')

Use Jython list:
AdminTask.setAuditEventFactoryFilters(['-eventFactoryRef', 'AuditEventFactory_1184688293515', '-filtersRef', 'AuditSpecification_1173199825608'])

Interactive mode example usage

Use Jython string:
AdminTask.setAuditEventFactoryFilters('-interactive')

Related

AuditKeyStoreCommands
AuditEmitterCommands for AdminTask
AuditSigningCommands
AuditEncryptionCommands
AuditFilterCommands
AuditNotificationCommands
AuditPolicyCommands
AuditEventFormatterCommands