Audit logging configuration
The Auditing service creates an audit trail of security-related events. These events include all security-related settings changes and user login and logout operations. You can configure which audit events to log and how much information to include based on your auditing requirements.
The auditing configuration is controlled by the iisAdmin command. Security auditing trails assist in the detection of access to controlled information and application usage. Monitoring and analysis of the logged audit information can lead to improvements in the control of data access and the prevention of malicious or careless unauthorized access to sensitive data or configuration settings. The monitoring of application and individual user access, including system administration actions, provides an historic record of activity. This information allows you to adjust user or group security roles to enable or prevent access to application features. This information can also assist in showing compliance with corporate security policies.
The following events log audit records:
- Creation and removal of users and groups
- Assignment or removal of a user from a group
- User password changes (does not log the password)
- Changes to security roles assigned to users or groups
- Changes to user or group permissions on a project and the associated project-level security roles that are assigned
- Changes to mapped engine credentials
- User login
- User logout
- Session termination
- Session timeout
- Changes to audit logging configuration settings
See Types of audit events for more information about these events.
Configuring auditing events
cd IS_install_path/ASBServer/bin ./iisAdmin.sh -set -key value -value value
cd IS_install_path\ASBServer\bin iisAdmin.bat -set -key value -value value
./iisAdmin.sh -set -key com.ibm.iis.isf.audit.event.LOGOUT -value ALL
Audit log files
The default naming convention for the audit files is ISauditLog_N.log.
- IBM® WebSphere® Application Server Network Deployment
WAS_install_path/profiles/InfoSphere/logs
WAS_install_path\profiles\InfoSphere\logs
- IBM WebSphere Application Server Liberty Profile
IS_install_path/wlp/usr/servers/iis/logs
IS_install_path\wlp\usr\servers\iis\logs