Network Deployment (Distributed operating systems), v8.0 > Scripting the application serving environment (wsadmin) > Scripting for security > Configure security with scripting > Configure security auditing using scripting
Configure security audit notifications using scripting
Configure the security auditing system to send email notifications to a distribution list, system log, or both a distribution list and a system log if a failure occurs in the audit subsystem. Security auditing provides tracking and archiving of auditable events.
Before configuring a notification object in the audit.xml configuration file, verify that you set up a security auditing subsystem and configured the security auditing policy.
We can configure the security auditing system to notify a specific person or group when a failure occurs in the audit subsystem. Use the following steps to enable security auditing email notifications, set the format of notification email, and secure email:
New feature: Beginning in WAS v8.0 you can configure the server to use the High Performance Extensible Logging (HPEL) log and trace infrastructure instead of using SystemOut.log , SystemErr.log, trace.log, and activity.log files or native z/OS logging facilities. If you are using HPEL, you can access all of your log and trace information using the LogViewer command-line tool from your server profile bin directory. See the information about using HPEL to troubleshoot applications for more information on using HPEL.New feature:
Procedure
- Launch wsadmin.sh using the Jython scripting language. See the Starting the wsadmin scripting client article for more information.
- Customize and enable security auditing email notifications.
Command parameters. Use the createAuditNotification command and the following parameters to configure notifications:
Parameter Description Data Types Required -notificationName Unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Whether to log the notification to the SystemOut.log file. Boolean Yes -sendEmail Whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Whether to send the email be HTML or TEXT format. String No To create the audit notification object, specify the -notificationName, -logToSystemOut, and -sendEmail parameters, as the following example demonstrates:
AdminTask.createAuditNotification('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')
- Create an audit notification monitor object.
Create an audit notification monitor object to monitor the security auditing subsystem for possible failure.
Command parameters. Use the createAuditNotificationMonitor command and the following parameters to create a monitor object for the security auditing system:
Parameter Description Data Types Required -notificationName Unique name to assign the audit notification object in the audit.xml file. String Yes -logToSystemOut Whether to log the notification to the SystemOut.log file. Boolean Yes -sendEmail Whether to email notifications. Boolean Yes -emailList Email address or email distribution list to email notifications. The format for this parameter is: admin@company.com(smtp-server.mycompany.com) String No -emailFormat Whether to send the email be HTML or TEXT format. String No To create the audit notification monitor object, you must specify the -notificationName, -logToSystemOut, and -sendEmail parameters:
AdminTask.createAuditNotificationMonitor('-notificationName defaultEmailNotification -logToSystemOut true -sendEmail true -emailList administrator@mycompany.com(smtp-server.mycompany.com) -emailFormat HTML')
- Save the configuration changes.
Save the configuration changes:
AdminConfig.save()
Results
The security auditing system notifies the specified recipients if a failure occurs in the security auditing system.
What to do next
Use the modifyAuditNotification command and the Audit Notification Commands command group to manage your notification configuration.
Configure auditable events using scripting
Encrypting security audit data using scripting
Enable security auditing using scripting
Signing security audit data using scripting
Configure security auditing using scripting
Start the wsadmin scripting client using wsadmin.sh
Related
AuditKeyStoreCommands command group
AuditEmitterCommands
AuditSigningCommands command group
AuditEncryptionCommands command group
AuditEventFactoryCommands
AuditFilterCommands command group
AuditNotificationCommands command group
AuditPolicyCommands command group
AuditEventFormatterCommands command group