Configuring auditing on the appliance

Edit online

Use the Audit Configuration feature to enable logging of audit events.

About this task

IBM® Verify Identity Access provides the capability to collect audit messages. The audit configuration feature is used to manage auditing for all auditable components. Any changes made using this feature are reflected in all applicable components.
  • Enabling verbose auditing applies to the AAC, Federation, and LMI components only.

  • Setting an audit tag value applies to the AAC, Federation, and LMI components only.

  • Enablement of JSON auditing applies to all components.

For example, if JSON auditing is enabled, this is reflected in the format of audit events in all of the components that have auditing enabled.

To send audit events to a remote syslog server use the remote syslog forwarding page. For more information, see Forwarding logs to a remote syslog server.

The grid lists each of the individual audit groups that can be enabled. This includes groups from the following audit types:
  • Runtime. These are the audit events generated in AAC or Federation during a runtime flow. These groups will only be shown if one or both of the Advanced Access Control or Federation components being activated.
  • Management. These are the audit events generated when managing the configuration of AAC or Federation components. These groups are displayed only if one or both of the Advanced Access Control or Federation components being activated.
  • LMI. These are the audit events generated when managing the configuration of non AAC or Federation components.
  • Runtime Component. These are the audit events generated by the runtime component. There are 3 separate sub components that can be enabled:
    • audit.azn
    • audit.authn
    • audit.mgnt

      Enabling this component results in a new logcfg entry in the aznapi-configuration stanza of the ivmgrd.conf file. For example:

      logcfg = audit.azn:file path=audit.log,log_id=PDMgrAudit

      The path and log_id values are always set to their default values. If a logcfg entry already exists with different values, it is marked as custom in the grid. Any changes made to the audit configuration will reset this entry to the default values as shown above.

      Enabling or disabling JSON auditing results in the existing audit-json entry in the aznapi-configuration stanza being updated.

      These groups are displayed only if the Base Appliance component is activated.

  • Reverse Proxy. These are the audit events generated by the reverse proxy instances. There are 3 separate sub components that can be enabled for each instance:
    • audit.azn
    • audit.authn
    • audit.http

      Enabling this component results in a new logcfg entry in the aznapi-configurationstanza of the instance configuration file. For example:

      logcfg = audit.azn:file path=audit.log,log_id=webseal-instance

      The path and log_id are always set to these values. If a logcfg entry already exists with different values it will be marked in the grid as custom. Any changes made to the audit configuration results in this being set to the default entry as shown above.

      Enabling or disabling JSON auditing results in the the existing audit-json entry in the aznapi-configuration stanza being updated.

      These groups are only shown if the Base Appliance component is activated.

Enable auditing by completing the steps in the audit configuration page to use a common auditing configuration that is used by all components.

Procedure

  1. From the top menu, select Monitor Analysis and Diagnostics > Logs > Audit Configuration.
  2. If required, select Enable verbose audit events to include more information in the audit event. This will enable verbose auditing for all of the LMI, Runtime, and Management groups.
  3. If required, select Enable JSON audit format to log audit events as JSON, not as XML. This will enable JSON auditing for all groups.
  4. If required, enter a value in the Tag field to include an identifiable tag in audit events. This will enable verbose auditing for all of the LMI, Runtime, and Management groups.
  5. Use the grid tools to manage the audit configuration for the various audit groups. This allows the separate auditing component groups to be enabled or disabled individually.
    For descriptions of each audit component group, see Audit Component Groups.
    To enable or disable one or more components:
    • Select the component groups to be enabled or disabled and click the Enable or Disable button; or
    • Click the Enable all or Disable all button to update the entire list of component groups.
    The Reset button can be used to set the list of component groups back to their current saved values.
  6. Click Save. Otherwise, click Refresh to discard the changes you made.