Default Audit File Handler (auditFileHandler)
The default implementation of the audit file handler which emits audit events to a text file.
Name | Type | Default | Description |
---|---|---|---|
compact | boolean | false | When set to true, the entire audit record, which is in JSON format, will be printed on one line within the audit log. |
encrypt | boolean | false | Indicates whether the audit records in the audit file log will be encrypted. Default behavior is to not encrypt the audit records. |
encryptAlias | string | Alias name of the certificate that is used to encrypt the audit records. | |
encryptKeyStoreRef | A reference to top level keyStore element (string). | Location of the keystore containing the certificate used to encrypt the audit records. | |
eventsRef | List of references to top level auditEvent elements (comma-separated string). | A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log. | |
id | string | A unique configuration ID. | |
logDirectory | Path to a directory | ${server.output.dir}/logs | Location where the audit file log(s) will be written to. If not specified, the audit logs are written to the default log location for the server, WLP_OUTPUT_DIR/serverName/logs. |
maxFileSize | int | 20 | The maximum size, in MB, of each audit file log. |
maxFiles | int | 100 | Maximum number of audit file logs to save before the oldest audit file log is wrapped. If an enforced maximum file size exists, this setting is used to determine how many of each of the logs files are kept. |
sign | boolean | false | Indicates whether the audit records in the audit file log will be signed. Default behavior is to not sign the audit records. |
signingAlias | string | Alias name of the personal certificate that is used to sign the audit records. | |
signingKeyStoreRef | A reference to top level keyStore element (string). | Location of keystore that contains the personal certificate that is used to sign the audit records. |
encryptKeyStore
Location of the keystore containing the certificate used to encrypt the audit records.
Name | Type | Default | Description |
---|---|---|---|
fileBased | boolean | true | Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type. |
id | string | defaultKeyStore | A unique configuration ID. |
location | A file, directory or url. | ${server.output.dir}/resources/security/key.p12 | An absolute or relative path to the keystore file. If a relative path is provided, the server will attempt to locate the file in the ${server.output.dir}/resources/security directory. Use the keystore file for a file-based keystore, the keyring name for SAF keyrings, or the device configuration file for hardware cryptography devices. In the SSL minimal configuration, the location of the file is assumed to be ${server.output.dir}/resources/security/key.p12. |
password | Reversably encoded password (string) | The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password. | |
pollingRate | A period of time with millisecond precision | 500ms | Rate at which the server checks for updates to a keystore file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
readOnly | boolean | false | Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore. |
type | string | PKCS12 | A keystore type supported by the target SDK. |
updateTrigger |
| mbean | Keystore file update method or trigger. |
encryptKeyStore > keyEntry
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
keyPassword | Reversably encoded password (string) | Password of the private key entry in the keystore. | |
name | string | Name of the private key entry in the keystore. |
events
A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log.
Name | Type | Default | Description |
---|---|---|---|
eventName |
| The unique name of the audit event. For example: SECURITY_AUTHN or SECURITY_AUTHZ. | |
id | string | A unique configuration ID. | |
outcome |
| Defines the outcome for an audit event to gather and report. For example: SUCCESS, FAILURE, or DENIED. If no outcome is specified, then all outcomes for the particular audit event are emitted to the audit.log. |
signingKeyStore
Location of keystore that contains the personal certificate that is used to sign the audit records.
Name | Type | Default | Description |
---|---|---|---|
fileBased | boolean | true | Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type. |
id | string | defaultKeyStore | A unique configuration ID. |
location | A file, directory or url. | ${server.output.dir}/resources/security/key.p12 | An absolute or relative path to the keystore file. If a relative path is provided, the server will attempt to locate the file in the ${server.output.dir}/resources/security directory. Use the keystore file for a file-based keystore, the keyring name for SAF keyrings, or the device configuration file for hardware cryptography devices. In the SSL minimal configuration, the location of the file is assumed to be ${server.output.dir}/resources/security/key.p12. |
password | Reversably encoded password (string) | The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password. | |
pollingRate | A period of time with millisecond precision | 500ms | Rate at which the server checks for updates to a keystore file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
readOnly | boolean | false | Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore. |
type | string | PKCS12 | A keystore type supported by the target SDK. |
updateTrigger |
| mbean | Keystore file update method or trigger. |
signingKeyStore > keyEntry
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
keyPassword | Reversably encoded password (string) | Password of the private key entry in the keystore. | |
name | string | Name of the private key entry in the keystore. |