Audit logs

The audit log file can be created in simple text format or in XML format. The size of each audit record varies depending on the event, the string length, and the number of parameters associated with the audit event and the format selected.

Audit events are recorded in the audit log file on the IBM® InfoSphere® Information Server Services tier. Logging in to or out of any InfoSphere Information Server client application or command-line tool logs events. Audit events are logged for managing the users, groups, or security roles in the InfoSphere Information Server console, InfoSphere Information Server Web console, the IBM InfoSphere FastTrack client, and the InfoSphere DataStage® Administrator client. Some command-line tools, such as DirectoryCommand, also log events.

Log file sizing

With the default values of com.ibm.iis.isf.audit.file.size=10000000 and com.ibm.iis.isf.audit.file.count=5, when the file grows to approximately 10 million bytes, it is renamed to ISauditLog_1.log. A new ISauditLog_0.log file is created to hold the most recent audit events. Up to five files can be created, at which time, when the current ISauditLog_0.log file exceeds the size limit of 10 million bytes, the oldest log is deleted, the other files are renamed, and a new file with generation number 0 is created. The higher the generation number of the file, the older the audit events.

Log file formats

The simple text format allows easy viewing and the XML format is convenient for formatting or parsing the logs with custom applications. Both file formats can be created at the same time. The XML format produces larger audit records and thus fewer events per file than the simple text format. When XML format is used, the Java™ logger creates the XML file and adds the XML file header. The logger is initialized on each startup of IBM WebSphere® Application Server at which time the XML header is written to the file. If the logger is configured for com.ibm.iis.isf.audit.file.append=true, the XML header is written to the current end of the file causing multiple XML file header elements to appear in the log file making the XML malformed. Configure com.ibm.iis.isf.audit.file.append as false when configured for com.ibm.iis.isf.audit.file.format=xml or both. However, com.ibm.iis.isf.audit.file.append=false means the current 0 generation log file is renamed to generation 1 and a new generation 0 log file is created each time IBM WebSphere Application Server restarts. So certain log files might not be the full maximum size in length when you use com.ibm.iis.isf.audit.file.append=false.