Audit the security infrastructure


+

Search Tips   |   Advanced Search


Overview

Use the Auditing Facility to...

Before enabling the security auditing subsystem, enable global security.

Each time a Java EE 5 application accesses a secured resource, any internal application server process with an audit point included can be recorded as an auditable event, including...

The auditing subsystem provides the ability to audit...

Restriction: Audit instrumentation has not been included in the Web services client run time.

Events can be recorded into audit log files, that can be signed and encrypted, in order to...

The security auditing configuration provides...

The default implementation writes to a binary text-file based log, which can be read using the Audit Reader.

 

Audit the security infrastructure

  1. Enable the security auditing subsystem

    Global security must be enabled for the security audit subsystem to function.

  2. Assign the Auditor role to a user

    We can separate the auditing role from the authority of the administrator. When Security Auditing is initially enabled, the cell administrator has auditor privileges. If the environment requires separation of privileges, then changes will need to be made to the default role assignments.

  3. Create security auditing event type filters

    In general, for easier analysis, we want to record a only specific subset of auditable event types in the audit logs.

  4. Set the audit service provider.

    A default audit service provider implementation is available. A third party implementation can also be coded and used.

  5. Set audit event factories for security auditing

    The factory...

    • Gathers data associated with the auditable events
    • Creates an audit data object
    • Sends audit data object to the audit service provider to be formatted and recorded to the repository
  6. Protect the security audit data

    To ensure that access to the data is restricted and tamper proof, we can encrypt and sign the audit data.

  7. Set security audit subsystem failure notifications

    Generate alerts when the security auditing subsystem experiences a failure. Alerts can go to System logs or e-mail

 

Related tasks

Enable the security auditing subsystem
Create security auditing event type filters
Set security audit subsystem failure notifications
Set the default audit service providers for security auditing
Set a third party audit service providers for security auditing
Set audit event factories for security auditing
Protecting the security audit data
Use the audit reader
Set security auditing using scripting
Securing resources