Depending on your need, you can change the default setting that IBM Security Guardium Key Lifecycle Manager uses to collect audit information.
About this task
You can use the Audit page to change the audit information levels (Low or
High) that are written to the audit log. Alternatively, you can use the following REST services to
list and change the Audit.event.types property in the SKLMConfig.properties
file:
Get Single Config Property REST Service and Update Config Property
REST Service
Note: You can specify the value of the Audit.event.types property to be
different than the value of the set audit level (Low or High). The audit level is then marked as
Custom. You can create this audit level only by using the REST interface. A
Custom level audits all failure events, and success events for the event
types that you specify in the Audit.event.types property.
Your role must have the permission to the configure
action.
Procedure
-
Go to the appropriate page or directory.
-
Change the value of the audit information level.
- In the graphical user interface, select one of the following values for the Audit setting, then
click OK.
- Low
- Logs minimal audit records.
Selecting
Low audits failure events only
and sets the following property values in the
SKLMConfig.properties
file.
Audit.event.types = all
Audit.event.outcome = failure
- High (default)
- Stores the maximum number of audit records.
Selecting
High audits all
failure and success events, and sets the following property values in the
SKLMConfig.properties
file.
Audit.event.types = all
Audit.event.outcome = success,failure
- Custom
- Stores audit records based on the specification that is provided in the configuration properties
file.
You cannot select this option. It is automatically selected and available only when the
value of the Audit.event.outcome property is different than the value of the
set audit level (Low or High).
- REST interface
- Obtain the user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the
authentication process, see Authentication process for REST services.
- To run Get Single Config Property REST Service, send the HTTP GET request.
Pass the user authentication identifier that you obtained in
Step a
along with the
request message as shown in the following
example.GET https://localhost:<port>/SKLM/rest/v1/configProperties/
Audit.event.types
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language : en
Success response might be as shown in the following
example.
Status Code : 200 OK
Content-Language: en
{"property":"Audit.event.types","value":"all"}
- Specify the necessary change. For example, you can use Update Config Property REST
Service to limit the selection to two event types to store in the audit log by sending the
following HTTP
request:
PUT https://localhost:<port>/SKLM/rest/v1/configProperties
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language: en
{ "Audit.event.types": "runtime,audit_management"}
What to do next
Rerun an operation that previously returned an error. Then, examine the audit log for details.
For more information, see Audit records.