The audit service provider is used to format the audit
data object that was sent by the audit event factory. After being
formatted, the audit data is recorded to the repository defined in
the audit service provider configuration.
Before you begin
Before configuring the audit service provider, enable global
security in your environment.
About this task
This task configures the audit service provider used to record
generated audit records.
Procedure
- Click .
- Click New and then select Binary file based emitter.
- Enter the unique name that should be associated with this
audit service provider in the Name field.
- Enter the file location of the binary log file in the Audit
log file location field.
Avoid trouble: When
the server is stopped, the current audit file will be saved with a
timestamp in the file name; this is to facilitate archiving and to
allow you to easily determine the audit files for specific periods.
When you start the server again, audit data will be written to a new
audit file that does not include the timestamp in the name.
- Optional: Enter the maximum size allowed for
a single binary log file in the Audit log file size field.
This
field is specified in megabytes. After the maximum audit file size
is reached, a new audit file will be created or an existing audit
file will be overwritten. If the maximum number of audit log files
has not been set, the default maximum file value used is 10 megabytes.
There is no audit archiving utility included with the product. You
are responsible for the archiving of your audit data.
- Optional: In the Maximum number of audit log
files field, enter the maximum number of audit logs to be stored before
the oldest is overwritten.
The default value for this
field is 100. The value of 100 is also used if the field is empty.
Note: The
maximum number of logs does not include the current binary log that
is being written to. It is a reference to the maximum number of archived
(timestamped) logs. The total number of binary logs that can exist
for a server process is the maximum number of archived logs plus the
current log.
Also under this field, there are additional
options to select the behavior when the maximum number of logs is
reached. The choices are:
- oldest
- If you select this option, when the maximum audit logs are reached,
the oldest audit log is rewritten; notification is not sent to the
auditor.
- stop server
- This option does not rewrite over the oldest audit log. It stops
the audit service, sends a notification to the SystemOut.log, and
quiesces the application server.
- stop logging
- This option does not rewrite over the oldest audit log. It also
stops the audit service, but does allow the WebSphere process to continue.
Notifications are not posted in the SystemOut.log.
- Select the filters to be used by this audit service provider.
The Selectable filter list consists of a list of the configured
filters that have been configured and are currently enabled.
- Select the filters that should be audited from the Selectable
filter list.
- Click Add >> to add the selected filters
to the Enabled filter list.
- Click Apply.
Results
After completing these steps, your audit data will be sent
to the specified repository in the format required by that repository.
What to do next
After creating an audit service provider, the audit service
provider must be associated with an audit event factory provide the
audit data objects to the audit service provider. Next you should
configure an audit event factory.