NCIM audit logging
You can configure the GUI to log user interactions with the NCIM database.
About this task
You can configure the GUI to keep a log of HTTP requests made by a GUI user that interact with the NCIM topology database.
NCIM audit logging is disabled by default.
The logged information is contained in the .log
file for the
component that performed the logged action.
The default format of log messages is: [timestamp] [thread name or ID] [Java
class name].[reason] AUDIT: [read or write] [URL] [username] [session ID]
[request parameters]
.
[Java class name]
- Which part of the application the message came from.
[reason]
- The reason is
enter
for the start of a request, orfail
for a request that failed to complete successfully. Afail
reason might be followed by letters that give a more specific reason for the failure. There is no message to indicate that the request succeeded, because most requests succeed. [read or write]
- If
read
, the request was read-only. Ifwrite
, the request potentially modified some customer data. You must look at the request parameters to determine whether data was modified. The fields that are written afterread
orwrite
are defined by theaudit.log.message.template
andaudit.log.exclude.parameters
. [URL]
- The URL requested by the user in a browser excluding the host and port.
[username], [session ID]
- These parameters are reported by WebSphere Application Server, and can be used to follow the activity of a user's session.
[request parameters]
- The parameters of the HTTP request, either in the URL or the request body.
Parameters listed in the
audit.log.exclude.parameters
property are not logged.
An example log message follows: [2022-09-02T17:35:53.953] [WebContainer : 5] RetrieveMibInfo.enter AUDIT: read /ibm/console/ncp_mibbrowser/RetrieveMibInfo defaultWIMFileBasedRealm/itnmadmin zmrre8l_Tn4_B_Q5RcOCOGo variable -> "1.3.6.1.2.1.2.2.1.10"
To configure NCIM audit logging, complete the following steps: