Configure user and group audit logging

Edit online

You can enable and disable logging of user and group actions.

About this task

User and group interactions with Netcool Configuration Manager can be logged to file. Logging is on by default. The default file is /opt/IBM/tivoli/netcool/ncm/logs/audit.log.

The log file contains the following types of information:

  • Successful and unsuccessful user logins to Netcool Configuration Manager through the Java API, NSN, Netcool Configuration Manager presentation server, configuration GUI, or compliance GUI.
  • Details of the creation, inactivation, reactivation, and modification of Netcool Configuration Manager user definitions.
  • Details of the creation, deletion, and modification of Netcool Configuration Manager group definitions.
Tip:

When a user authenticates using the Netcool Configuration Manager Java API, the authentication is logged to the audit.log file. Subsequent connections by that user might not be logged, because the user has already authenticated and the user session contains the authentication token.

Whether the user needs to authenticate again depends on the settings in the Websphere Application Server console for Authentication cache settings timeout and LTPA Token time out.

For more information about these settings, refer to the information about authentication cache timeout and configuring the Lightweight Third Party Authentication mechanism in the Websphere Application Server Knowledge Center at: https://www.ibm.com/support/knowledgecenter/en/SSEQTP/mapfiles/product_welcome_was.html

To configure user and group audit logging, complete the following steps:

Procedure

  1. Edit the following file: /opt/IBM/tivoli/netcool/ncm/config/properties/logging/log4j.properties.
  2. Change the value of the log4j.appender.AUDITFILE.Threshold property to OFF to disable the logging, or ON to enable it.
  3. Restart the presentation server.

Example

Below is an example of the type of information logged to file for the creation and removal of a user Tom123.

2019.10.03 11:59:58 GMT+00:00 WebContainer : 5          INFO    com.intelliden.icos.iweb.servlet.LoginFilter :: User administrator logged into DASH server
2019.10.03 12:00:30 GMT+00:00 WebContainer : 3          INFO    com.intelliden.datawrapper.accounts.handlers.AbstractHandler :: User Tom123 was created by user administrator. User Tom123 has group/groups 'observer'  assigned
2019.10.03 12:00:36 GMT+00:00 WebContainer : 1          INFO    com.intelliden.datawrapper.accounts.handlers.AbstractHandler :: User Tom123 was inactivated by user administrator