Specifying levels of audit information

Depending on your need, you can change the default setting that IBM Security Key Lifecycle Manager uses to collect audit information.

1. Go to the appropriate page or directory:
   • Graphical user interface:

     Log on to the graphical user interface. Click IBM Security Key Lifecycle Manager > Configuration > Audit and Debug.

   • Command-line interface
     1. Go to the <WAS_HOME>/bin directory. For example,

        Windows

        cd drive:\Program Files\IBM\WebSphere\AppServer\bin

        Linux

        cd /opt/IBM/WebSphere/AppServer/bin

     2. Start the wsadmin interface by using an authorized user ID, such as SKLMAdmin. For example,

        Windows

        wsadmin.bat -username SKLMAdmin -password mypwd -lang jython

        Linux

        ./wsadmin.sh -username SKLMAdmin -password mypwd -lang jython

   • REST interface:
     • Open a REST client.
2. Change the value for the audit information level:
   • In the graphical user interface, select a low, medium, or high value for the Audit setting, then click OK.

     Low

     Stores minimal audit records.

     Selecting Low sets the following property values in the SKLMConfig.properties file:

     • Audit.event.types = runtime, authorization, authorization_terminate, resource_management, key_management
     • Audit.event.outcome = failure

     Medium (default)

     Stores an intermediate number of audit records.

     Selecting Medium sets the following property values in the SKLMConfig.properties file:

     • Audit.event.types = runtime,authorization,authorization_terminate, resource_management, key_management
     • Audit.event.outcome = success,failure

     High

     Stores the maximum number of audit records.

     Selecting High sets the following property values in the SKLMConfig.properties file:

     • Audit.event.types = all
     • Audit.event.outcome = success,failure

   • Command-line interface:
     1. Type the tklmConfigGetEntry command on one line to get the current value of the target property in the SKLMConfig.properties file. For example, to determine which event types are included in the audit log, type on one line:

        wsadmin>print AdminTask.tklmConfigGetEntry 
        	('[-name Audit.event.types]')

        An example response might be:

        All

     2. Specify the required change. For example, to limit the selection to two event types to store in the audit log, type on one line:

        print AdminTask.tklmConfigUpdateEntry 
        	('[-name Audit.event.types -value runtime,audit_management]')

   • REST interface:
     1. Obtain a unique user authentication identifier to access IBM Security Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
     2. To run Get Single Config Property REST Service, send the HTTP GET request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.

        GET https://localhost:<port>/SKLM/rest/v1/configProperties/
        Audit.event.types
        Content-Type: application/json
        Accept : application/json
        Authorization: SKLMAuth userAuthId=139aeh34567m
        Accept-Language : en

        Success response might be:

        Status Code : 200 OK
        Content-Language: en
        {"property":"Audit.event.types","value":"all"}

     3. Specify the required change. For example, you can use Update Config Property REST Service to limit the selection to two event types to store in the audit log by sending the following HTTP request:

        PUT https://localhost:<port>/SKLM/rest/v1/configProperties
        Content-Type: application/json
        Accept: application/json
        Authorization: SKLMAuth authId=139aeh34567m
        Accept-Language: en
        { "Audit.event.types": "runtime,audit_management"}

3. Restart the server. For instructions about how to stop and start the server, see Restarting the IBM Security Key Lifecycle Manager server.