IBM Support

How to check DASH's user login?

Technical Blog Post


Abstract

How to check DASH's user login?

Body

Currently there are 2 methods that can be use to track the JazzSM user's login to the Dashboard Application Server Hub URL.

 

Method 1

To find out which users are active or currently login to the DASH URL, you can use this procedure.

1) Login to the DASH using Administrator credentials

2) Go to Console settings->Users Roles

3) To check the Active Users that are currently login, checked the Active Users only and click Search .

4) It will return the lists of users that are currently login to the JazzSM server.

 

There had been an APAR fixes for this procedure where it does not fully shown all the active users when the list is longer than 9.

It will be fix in the DASH 3.1.3.0 CP3 onward. For more information click on the link below.

https://www-01.ibm.com/support/docview.wss?uid=swg1IV83315

 

Method 2

This procedure will allow the admin to monitor the DASH users who login to JazzSM/DASH along with their IP address and other information

DASH provides a script “configureConsoleAudit.sh/.bat “ to enable audit capability in Websphere. By using this script you can enable or disable security auditing.

Usage:

configureConsoleAudit.sh smadmin password [true|false]

Where smadmin is userid which is DASH Administrator user, and password is the password for this user.
true/false : enable/disable audit feature.

 

Example;
cd <JazzSMHOME>/ui/bin
$ ./configureConsoleAudit.sh smadmin password true

Note : JazzSM server needs to be restarted after enabling/disabling the audit capability.

 

DASH Audit Log files

Websphere generates a Binary Audit log file, which contains the audit records for various actions that is performed in DASH. The log file is created in the following directory:

<JazzSMHOME>/profile/logs/server1

The log file is named as “BinaryAudit_JazzSMNode01Cell_JazzSMNode01_server1.log”. Binary Audit log file can be signed/encrypted for protection of audit data. Please refer to Websphere documentation in IBM Knowledge center for details on this :

Audit Record and Event Types

Following are Audit event types and audit Filters:

SECURITY_AUTHN : This event type represents the authentication flow:

 

For example : when an end user login, a SECURITY_AUTHN event type will be recorded in audit log files.

Example : Seq = 12751 | Event Type = SECURITY_AUTHN | Outcome = SUCCESSFUL | OutcomeReason = SUCCESS | OutcomeReasonCode = 5 | SessionId = 2EEYlMJY_5faSiMYNkTtlNJ | RemoteHost = RUCHIRA-009027144166.raleigh.ibm.com | RemoteAddr = 9.27.144.166 | RemotePort = 1171 | ProgName = /kts.do | Action = webAuth | AppUserName = smadmin | ResourceName = POST | RegistryUserName = defaultWIMFileBasedRealm/smadmin | AccessDecision = authnSuccess | ResourceType = web | ResourceUniqueId = 0 | PermissionsChecked = null | PermissionsGranted = null | RolesChecked = null | RolesGranted = null | CreationTime = Thu Jul 07 08:35:27 EDT 2014 | GlobalInstanceId = 0 | EventTrailId = null | FirstCaller = /UNAUTHENTICATED | Realm = defaultWIMFileBasedRealm | RegistryType = WIMUserRegistry | AuthnType = challengeResponse | Provider = WebSphere | ProviderStatus = providerSuccess

 

SECURITY_AUTHN_TERMINATE : This event type represents the logout action. For example : when a user logout from DASH console, an audit record is recorded.

Example : Seq = 18516 | Event Type = SECURITY_AUTHN_TERMINATE | Outcome = SUCCESS | OutcomeReason = SUCCESS | OutcomeReasonCode = 9 | SessionId = cdkX1qziTdc2NcCIEfuNhKr | RemoteHost = localhost.localdomain | RemoteAddr = 0:0:0:0:0:0:0:1 | RemotePort = 32825 | ProgName = isclite | Action = logout | AppUserName = smadmin | ResourceName = GET | RegistryUserName = null | AccessDecision = logoutSuccess | ResourceType = web | ResourceUniqueId = 0 | PermissionsChecked = null | PermissionsGranted = null | RolesChecked = null | RolesGranted = null | CreationTime = Fri Jul 08 09:20:39 EDT 2014 | GlobalInstanceId = 0 | EventTrailId = -20674659 | FirstCaller = smadmin | Realm = defaultWIMFileBasedRealm | RegistryType = WIMUserRegistry | AuthnType = challengeResponse | TerminateReason = logout | Provider = TIPLogout | ProviderStatus = providerSuccess | LogoutAction:29bhE1--dc9Cjm0vsA2gr-g = Logout SuccessFully

 

SECURITY_MGMT_REGISTRY : The audit event represents the “authorization”. Various access control operations on DASH resources such as role management, page management, portlet management actions are all recorded as this event. Please see below sections on what actions are reported as this event type.

Example : Seq = 22469 | Event Type = SECURITY_MGMT_REGISTRY | Outcome = SUCCESS | OutcomeReason = SUCCESS | OutcomeReasonCode = 7 | SessionId = null | RemoteHost = null | RemoteAddr = null | RemotePort = null | ProgName = isclite | Action = acl | AppUserName = smadmin | ResourceName = null | RegistryUserName = null | AccessDecision = RolesGranted | ResourceType = web | ResourceUniqueId = 0 | PermissionsChecked = null | PermissionsGranted = null | RolesChecked = null | RolesGranted = null | CreationTime = Fri Jul 15 08:26:52 EDT 2014 | GlobalInstanceId = 0 | EventTrailId = 1614842881 | FirstCaller = smadmin | Realm = defaultWIMFileBasedRealm | RegistryType = WIMUserRegistry | MgmtType = null | MgmtCommand = null | Removed subject (user) 'smadmin' from the roleAssignment object = SUCCESS

Seq = 22465 | Event Type = SECURITY_MGMT_REGISTRY | Outcome = SUCCESS | OutcomeReason = SUCCESS | OutcomeReasonCode = 7 | SessionId = null | RemoteHost = null | RemoteAddr = null | RemotePort = null | ProgName = isclite | Action = acl | AppUserName = smadmin | ResourceName = null | RegistryUserName = null | AccessDecision = RolesGranted | ResourceType = web | ResourceUniqueId = 0 | PermissionsChecked = null | PermissionsGranted = null | RolesChecked = null | RolesGranted = null | CreationTime = Fri Jul 15 08:26:52 EDT 2014 | GlobalInstanceId = 0 | EventTrailId = 1614842881 | FirstCaller = smadmin | Realm = defaultWIMFileBasedRealm | RegistryType = WIMUserRegistry | MgmtType = null | MgmtCommand = null | Update Argus Store = Role mapping update in Argus Store

 

Note:

You may notice slow performance from DASH with above traces enabled. In that case please make a backup copy of below file and then manually enable the features you need and disable the remaining ones. Restart JazzSM after this change.


<JazzSMHOME>/profile/config/cells/JazzSMNode01Cell/audit.xml

 

Additionally please do manual housekeeping on the <JazzSMHOME>/profile/logs/server1 directory as there will be many logs generated once this feature is enabled.

These feature are from the Websphere Application server and you can refer to the following information to enable more Event Types others than the 4 describe above.

https://www.ibm.com/support/knowledgecenter/en/SSAW57_8.5.5/com.ibm.websphere.nd.multiplatform.doc/ae/rsec_sa_event_types.html

[{"Business Unit":{"code":"BU004","label":"Hybrid Cloud"},"Product":{"code":"","label":""},"Component":"","Platform":[{"code":"","label":""}],"Version":"","Edition":""}]

UID

ibm11080099