Depending on your need, you can change the default setting that IBM® Security Guardium® Key Lifecycle Manager uses to collect audit information.
About this task
You can use the
Audit page to change the audit information levels (Low, Medium, or High) that
are written to the audit log. Alternatively, you can use the following REST services to list and
change the Audit.event.types property in the SKLMConfig.properties
file:
Get Single Config Property REST Service and Update Config Property
REST Service
Note: You can specify the value of the Audit.event.types property to be
different than the value of an out-of-the-box audit level (Low, Medium, or High). The audit level is
then marked as Custom. You can create this audit level only by using the REST
interface. A Custom level audits all failure events, and success events for
the event types that you specify in the Audit.event.types property.
Your role must have the permission to the configure
action.
Procedure
-
Go to the appropriate page or directory:
-
Change the value of the audit information level:
- In the graphical user interface, select one of the following values for the Audit setting, then
click OK.
- Low
- Logs minimal audit
records.
Selecting
Low audits failure events only and sets the following property values in the
SKLMConfig.properties
file:
Audit.event.types = all
Audit.event.outcome = failure
- Medium
- Stores an intermediate number of audit records.
Selecting
Medium audits
all failure events and success events for selected event types, and sets the following property
values in the
SKLMConfig.properties
file:
Audit.event.types = runtime,authorization,authorization_terminate, resource_management,
key_management
Audit.event.outcome = success,failure
- High (default)
- Stores the maximum number of audit records.
Selecting
High audits all
failure and success events, and sets the following property values in the
SKLMConfig.properties
file:
Audit.event.types = all
Audit.event.outcome = success,failure
- Custom
- Stores audit records as per specification that is provided in the Server configuration
properties file.
You cannot select this option. It is automatically selected and available only
when the value of the Audit.event.outcome property is different than the value
of any of the out-of-the-box audit levels (Low, Medium, or High).
- REST interface:
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the
authentication process, see Authentication process for REST services.
- To run Get Single Config Property REST Service, send the HTTP GET request.
Pass the user authentication identifier that you obtained in
Step a
along with the
request message as shown in the following
example.GET https://localhost:<port>/SKLM/rest/v1/configProperties/
Audit.event.types
Content-Type: application/json
Accept : application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
Accept-Language : en
Success
response might
be:
Status Code : 200 OK
Content-Language: en
{"property":"Audit.event.types","value":"all"}
- Specify the required change. For example, you can use Update Config Property REST
Service to limit the selection to two event types to store in the audit log by sending the
following HTTP
request:
PUT https://localhost:<port>/SKLM/rest/v1/configProperties
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth authId=139aeh34567m
Accept-Language: en
{ "Audit.event.types": "runtime,audit_management"}
-
Restart the server. For instructions about how to stop and start the server, see Restarting the Guardium Key Lifecycle Manager server.
What to do next
Rerun an operation that previously returned an error. Then, examine the audit log for details.
For more information, see Audit records.