Default Audit File Handler (auditFileHandler)

The default implementation of the audit file handler which emits audit events to a text file.

NameTypeDefaultDescription

compact

boolean

false

When set to true, the entire audit record, which is in JSON format, will be printed on one line within the audit log.

encrypt

boolean

false

Indicates whether the audit records in the audit file log will be encrypted. Default behavior is to not encrypt the audit records.

encryptAlias

string

Alias name of the certificate used to encrypt the audit records.

encryptKeyStoreRef

A reference to top level keyStore element (string).

Location of the keystore containing the certificate used to encrypt the audit records.

eventsRef

List of references to top level auditEvent elements (comma-separated string).

A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log.

id

string

A unique configuration ID.

logDirectory

Path to a directory

${server.output.dir}/logs

Location where the audit file log(s) will be written to. If not specified, the audit logs are written to the default log location for the server, WLP_OUTPUT_DIR/serverName/logs.

maxFileSize

int
Min: 0

20

The maximum size, in MB, of each audit file log.

maxFiles

int
Min: 0

100

Maximum number of audit file logs to save before the oldest audit file log is wrapped. If an enforced maximum file size exists, this setting is used to determine how many of each of the logs files are kept.

sign

boolean

false

Indicates whether the audit records in the audit file log will be signed. Default behavior is to not sign the audit records.

signingAlias

string

Alias name of the personal certificate used to sign the audit records.

signingKeyStoreRef

A reference to top level keyStore element (string).

Location of keystore that contains the personal certificate that is used to sign the audit records.

events

A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log.

NameTypeDefaultDescription

eventName

  • JMX_MBEAN

  • JMX_MBEAN_ATTRIBUTES

  • JMX_MBEAN_REGISTER

  • JMX_NOTIFICATION

  • SECURITY_API_AUTHN

  • SECURITY_API_AUTHN_TERMINATE

  • SECURITY_AUDIT_MGMT

  • SECURITY_AUTHN

  • SECURITY_AUTHN_DELEGATION

  • SECURITY_AUTHN_FAILOVER

  • SECURITY_AUTHN_TERMINATE

  • SECURITY_AUTHZ

  • SECURITY_JMS_AUTHN

  • SECURITY_JMS_AUTHZ

  • SECURITY_MEMBER_MGMT

The unique name of the audit event. For example: SECURITY_AUTHN or SECURITY_AUTHZ.
JMX_MBEAN
Audit record for any create, query, invoke MBean operations
JMX_MBEAN_ATTRIBUTES
Audit record for any query, create or update to MBean attributes.
JMX_MBEAN_REGISTER
Audit record for any register or unregister MBean operations.
JMX_NOTIFICATION
Audit record of any addition or removal of notification listeners.
SECURITY_API_AUTHN
Audit record for any authentication which passes through the authentication API, excluding logouts.
SECURITY_API_AUTHN_TERMINATE
Audit record for any authentication logout which passes through the authentication API.
SECURITY_AUDIT_MGMT
Audit record of the starting and stopping of audit services.
SECURITY_AUTHN
Audit record for any security authentication event, excluding logouts.
SECURITY_AUTHN_DELEGATION
Audit record for any delegation, identify assertion, and runAS. Used when switching user identities within a given session.
SECURITY_AUTHN_FAILOVER
Audit record for any authentication failover event.
SECURITY_AUTHN_TERMINATE
Audit record for any authentication logout event.
SECURITY_AUTHZ
Audit record for any security authorization events.
SECURITY_JMS_AUTHN
Audit record for any JMS authentication events.
SECURITY_JMS_AUTHZ
Audit record for any JMS auhorization events.
SECURITY_MEMBER_MGMT
Audit record for all user and group management events, including creation, reading, updating and deleting of user and group records.

id

string

A unique configuration ID.

outcome

  • CHALLENGE

  • DENIED

  • ERROR

  • FAILURE

  • INFO

  • REDIRECT

  • SUCCESS

  • WARNING

Defines the outcome for an audit event to gather and report. For example: SUCCESS, FAILURE, or DENIED. If no outcome is specified, then all outcomes for the particular audit event are emitted to the audit.log.