Reputation: 33
IBM WebSphere Application Server - Auditing the security
The summary of the security auditing is generating HTML report from binary audit log after enabling the security auditing and some configurations; but the generated HTML report is not completed(full information) and not meaningful.
What i mean is for example when i created a user, it's not audited. When i gave it some roles; these actions have been audited but unclear way.
I have two questions:
- Does not it audit each action that the user do it like create/delete user.?
- Is there a way to format that HTML report to be clear and meaningful or Are there extra configurations to generate HTML report or other report to be clear?
Upvotes: 0
Views: 1497
Answers (1)
Reputation: 18050
Does not it audit each action that the user do it like create/delete user?
Auditing is not recording all the user actions.
The security auditing subsystem has the ability to capture the following types of auditable events:
- Authentication
- Authorization
- Principal/Credential Mapping
- Audit policy management
- Delegation
For more details see Auditing the security infrastructure
Is there a way to format that HTML report?
There is no way to provide format of that HTML report by default. You may only specify what will be in the report using report mode were valid values include basic, complete, or custom. See binaryAuditLogReader command for more details.
If you need custom formatting you may need to implement your own audit service provider. For more info see here:
Upvotes: 1
Related Questions
- Detect if Websphere Liberty is secured?
- WebSphere Java Security Issue :
- Checklist When IBM WebSphere Application server is running up
- JavaEE application security auditing
- WAS 8.5 Admin console - Give only access to Deployment
- Websphere console - Monitor server events such as server restart
- Secure IBM HTTP Server
- How to see Websphere application Server (WAS) responses
- Websphere 6.1 - Configuring Security
- Security in WAS 6.1