Default Audit File Handler (auditFileHandler)

The default implementation of the audit file handler which emits audit events to a text file.

Name	Type	Default	Description
compact	boolean	false	When set to true, the entire audit record, which is in JSON format, will be printed on one line within the audit log.
encrypt	boolean	false	Indicates whether the audit records in the audit file log will be encrypted. Default behavior is to not encrypt the audit records.
encryptAlias	string		Alias name of the certificate that is used to encrypt the audit records.
encryptKeyStoreRef	A reference to top level keyStore element (string).		Location of the keystore containing the certificate used to encrypt the audit records.
eventsRef	List of references to top level auditEvent elements (comma-separated string).		A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log.
id	string		A unique configuration ID.
logDirectory	Path to a directory	${server.output.dir}/logs	Location where the audit file log(s) will be written to. If not specified, the audit logs are written to the default log location for the server, WLP_OUTPUT_DIR/serverName/logs.
maxFileSize	int Min: 0	20	The maximum size, in MB, of each audit file log.
maxFiles	int Min: 0	100	Maximum number of audit file logs to save before the oldest audit file log is wrapped. If an enforced maximum file size exists, this setting is used to determine how many of each of the logs files are kept.
sign	boolean	false	Indicates whether the audit records in the audit file log will be signed. Default behavior is to not sign the audit records.
signingAlias	string		Alias name of the personal certificate that is used to sign the audit records.
signingKeyStoreRef	A reference to top level keyStore element (string).		Location of keystore that contains the personal certificate that is used to sign the audit records.

Name

Type

Default

Description

compact

boolean

false

When set to true, the entire audit record, which is in JSON format, will be printed on one line within the audit log.

encrypt

boolean

false

Indicates whether the audit records in the audit file log will be encrypted. Default behavior is to not encrypt the audit records.

encryptAlias

string

Alias name of the certificate that is used to encrypt the audit records.

encryptKeyStoreRef

A reference to top level keyStore element (string).

Location of the keystore containing the certificate used to encrypt the audit records.

eventsRef

List of references to top level auditEvent elements (comma-separated string).

A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log.

string

A unique configuration ID.

logDirectory

Path to a directory

${server.output.dir}/logs

Location where the audit file log(s) will be written to. If not specified, the audit logs are written to the default log location for the server, WLP_OUTPUT_DIR/serverName/logs.

maxFileSize

int
Min: 0

The maximum size, in MB, of each audit file log.

maxFiles

int
Min: 0

100

Maximum number of audit file logs to save before the oldest audit file log is wrapped. If an enforced maximum file size exists, this setting is used to determine how many of each of the logs files are kept.

sign

boolean

false

Indicates whether the audit records in the audit file log will be signed. Default behavior is to not sign the audit records.

signingAlias

string

Alias name of the personal certificate that is used to sign the audit records.

signingKeyStoreRef

A reference to top level keyStore element (string).

Location of keystore that contains the personal certificate that is used to sign the audit records.

encryptKeyStore

Location of the keystore containing the certificate used to encrypt the audit records.

Name	Type	Default	Description
fileBased	boolean	true	Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type.
id	string	defaultKeyStore	A unique configuration ID.
location	A file, directory or url.	${server.output.dir}/resources/security/key.p12	An absolute or relative path to the keystore file. If a relative path is provided, the server will attempt to locate the file in the ${server.output.dir}/resources/security directory. Use the keystore file for a file-based keystore, the keyring name for SAF keyrings, or the device configuration file for hardware cryptography devices. In the SSL minimal configuration, the location of the file is assumed to be ${server.output.dir}/resources/security/key.p12.
password	Reversably encoded password (string)		The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password.
pollingRate	A period of time with millisecond precision	500ms	Rate at which the server checks for updates to a keystore file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
readOnly	boolean	false	Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore.
type	string	PKCS12	A keystore type supported by the target SDK.
updateTrigger	disabled mbean polled	mbean	Keystore file update method or trigger. disabled Disables all update monitoring. Changes to the keystore file will not be applied while the server is running. mbean Server will only update the keystore when prompted by the FileNotificationMbean. The FileNotificationMbean is typically called by an external program such as an integrated development environment or a management application. polled Server will scan for keystore file changes at the polling interval and update if the keystore file has detectable changes. Polled does not apply to non file-based keystores such as SAF keyrings.

Name

Type

Default

Description

fileBased

boolean

true

Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type.

string

defaultKeyStore

A unique configuration ID.

location

A file, directory or url.

${server.output.dir}/resources/security/key.p12

An absolute or relative path to the keystore file. If a relative path is provided, the server will attempt to locate the file in the ${server.output.dir}/resources/security directory. Use the keystore file for a file-based keystore, the keyring name for SAF keyrings, or the device configuration file for hardware cryptography devices. In the SSL minimal configuration, the location of the file is assumed to be ${server.output.dir}/resources/security/key.p12.

password

Reversably encoded password (string)

The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password.

pollingRate

A period of time with millisecond precision

500ms

Rate at which the server checks for updates to a keystore file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

readOnly

boolean

false

Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore.

type

string

PKCS12

A keystore type supported by the target SDK.

updateTrigger

disabled
mbean
polled

mbean

Keystore file update method or trigger.
disabled
Disables all update monitoring. Changes to the keystore file will not be applied while the server is running.
mbean
Server will only update the keystore when prompted by the FileNotificationMbean. The FileNotificationMbean is typically called by an external program such as an integrated development environment or a management application.
polled
Server will scan for keystore file changes at the polling interval and update if the keystore file has detectable changes. Polled does not apply to non file-based keystores such as SAF keyrings.

encryptKeyStore > keyEntry

A unique configuration ID.

Name	Type	Description
id	string	A unique configuration ID.
keyPassword	Reversably encoded password (string) Required	Password of the private key entry in the keystore.
name	string Required	Name of the private key entry in the keystore.

Name

Type

Default

Description

string

A unique configuration ID.

keyPassword

Reversably encoded password (string)
Required

Password of the private key entry in the keystore.

name

string
Required

Name of the private key entry in the keystore.

events

A definition of an audit event and audit outcome to emit an audit record for to an audit log. If no events are specified, then all events and all outcomes will be emitted to the audit log.

Name	Type	Description
eventName	APPLICATION_TOKEN_MANAGEMENT JMX_MBEAN JMX_MBEAN_ATTRIBUTES JMX_MBEAN_REGISTER JMX_NOTIFICATION SECURITY_API_AUTHN SECURITY_API_AUTHN_TERMINATE SECURITY_AUDIT_MGMT SECURITY_AUTHN SECURITY_AUTHN_DELEGATION SECURITY_AUTHN_FAILOVER SECURITY_AUTHN_TERMINATE SECURITY_AUTHZ SECURITY_JMS_AUTHN SECURITY_JMS_AUTHZ SECURITY_MEMBER_MGMT SECURITY_SAF_AUTHZ SECURITY_SAF_AUTHZ_DETAILS	The unique name of the audit event. For example: SECURITY_AUTHN or SECURITY_AUTHZ. APPLICATION_TOKEN_MANAGEMENT Audit record for OAuth application token and password management JMX_MBEAN Audit record for any create, query, invoke MBean operations JMX_MBEAN_ATTRIBUTES Audit record for any query, create or update to MBean attributes. JMX_MBEAN_REGISTER Audit record for any register or unregister MBean operations. JMX_NOTIFICATION Audit record of any addition or removal of notification listeners. SECURITY_API_AUTHN Audit record for any authentication which passes through the authentication API, excluding logouts. SECURITY_API_AUTHN_TERMINATE Audit record for any authentication logout which passes through the authentication API. SECURITY_AUDIT_MGMT Audit record of the starting and stopping of audit services. SECURITY_AUTHN Audit record for any security authentication event, excluding logouts. SECURITY_AUTHN_DELEGATION Audit record for any delegation, identify assertion, and runAS. Used when switching user identities within a given session. SECURITY_AUTHN_FAILOVER Audit record for any authentication failover event. SECURITY_AUTHN_TERMINATE Audit record for any authentication logout event. SECURITY_AUTHZ Audit record for any security authorization events. SECURITY_JMS_AUTHN Audit record for any JMS authentication events. SECURITY_JMS_AUTHZ Audit record for any JMS auhorization events. SECURITY_MEMBER_MGMT Audit record for all user and group management events, including creation, reading, updating and deleting of user and group records. SECURITY_SAF_AUTHZ Audit record for SAF Authorization event. SECURITY_SAF_AUTHZ_DETAILS Audit record for SAF Authorization event when the SAF authorization service is configured to report additional information about authorization failures and a SAFAuthorizationException is thrown.
id	string	A unique configuration ID.
outcome	CHALLENGE DENIED ERROR FAILURE INFO REDIRECT SUCCESS WARNING	Defines the outcome for an audit event to gather and report. For example: SUCCESS, FAILURE, or DENIED. If no outcome is specified, then all outcomes for the particular audit event are emitted to the audit.log.

Name

Type

Default

Description

eventName

APPLICATION_TOKEN_MANAGEMENT
JMX_MBEAN
JMX_MBEAN_ATTRIBUTES
JMX_MBEAN_REGISTER
JMX_NOTIFICATION
SECURITY_API_AUTHN
SECURITY_API_AUTHN_TERMINATE
SECURITY_AUDIT_MGMT
SECURITY_AUTHN
SECURITY_AUTHN_DELEGATION
SECURITY_AUTHN_FAILOVER
SECURITY_AUTHN_TERMINATE
SECURITY_AUTHZ
SECURITY_JMS_AUTHN
SECURITY_JMS_AUTHZ
SECURITY_MEMBER_MGMT
SECURITY_SAF_AUTHZ
SECURITY_SAF_AUTHZ_DETAILS

The unique name of the audit event. For example: SECURITY_AUTHN or SECURITY_AUTHZ.
APPLICATION_TOKEN_MANAGEMENT
Audit record for OAuth application token and password management
JMX_MBEAN
Audit record for any create, query, invoke MBean operations
JMX_MBEAN_ATTRIBUTES
Audit record for any query, create or update to MBean attributes.
JMX_MBEAN_REGISTER
Audit record for any register or unregister MBean operations.
JMX_NOTIFICATION
Audit record of any addition or removal of notification listeners.
SECURITY_API_AUTHN
Audit record for any authentication which passes through the authentication API, excluding logouts.
SECURITY_API_AUTHN_TERMINATE
Audit record for any authentication logout which passes through the authentication API.
SECURITY_AUDIT_MGMT
Audit record of the starting and stopping of audit services.
SECURITY_AUTHN
Audit record for any security authentication event, excluding logouts.
SECURITY_AUTHN_DELEGATION
Audit record for any delegation, identify assertion, and runAS. Used when switching user identities within a given session.
SECURITY_AUTHN_FAILOVER
Audit record for any authentication failover event.
SECURITY_AUTHN_TERMINATE
Audit record for any authentication logout event.
SECURITY_AUTHZ
Audit record for any security authorization events.
SECURITY_JMS_AUTHN
Audit record for any JMS authentication events.
SECURITY_JMS_AUTHZ
Audit record for any JMS auhorization events.
SECURITY_MEMBER_MGMT
Audit record for all user and group management events, including creation, reading, updating and deleting of user and group records.
SECURITY_SAF_AUTHZ
Audit record for SAF Authorization event.
SECURITY_SAF_AUTHZ_DETAILS
Audit record for SAF Authorization event when the SAF authorization service is configured to report additional information about authorization failures and a SAFAuthorizationException is thrown.

string

A unique configuration ID.

outcome

CHALLENGE
DENIED
ERROR
FAILURE
INFO
REDIRECT
SUCCESS
WARNING

Defines the outcome for an audit event to gather and report. For example: SUCCESS, FAILURE, or DENIED. If no outcome is specified, then all outcomes for the particular audit event are emitted to the audit.log.

signingKeyStore

Location of keystore that contains the personal certificate that is used to sign the audit records.

Name	Type	Default	Description
fileBased	boolean	true	Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type.
id	string	defaultKeyStore	A unique configuration ID.
location	A file, directory or url.	${server.output.dir}/resources/security/key.p12	An absolute or relative path to the keystore file. If a relative path is provided, the server will attempt to locate the file in the ${server.output.dir}/resources/security directory. Use the keystore file for a file-based keystore, the keyring name for SAF keyrings, or the device configuration file for hardware cryptography devices. In the SSL minimal configuration, the location of the file is assumed to be ${server.output.dir}/resources/security/key.p12.
password	Reversably encoded password (string)		The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password.
pollingRate	A period of time with millisecond precision	500ms	Rate at which the server checks for updates to a keystore file. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
readOnly	boolean	false	Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore.
type	string	PKCS12	A keystore type supported by the target SDK.
updateTrigger	disabled mbean polled	mbean	Keystore file update method or trigger. disabled Disables all update monitoring. Changes to the keystore file will not be applied while the server is running. mbean Server will only update the keystore when prompted by the FileNotificationMbean. The FileNotificationMbean is typically called by an external program such as an integrated development environment or a management application. polled Server will scan for keystore file changes at the polling interval and update if the keystore file has detectable changes. Polled does not apply to non file-based keystores such as SAF keyrings.

Name

Type

Default

Description

fileBased

boolean

true

Specify true if the keystore is file based and false if the keystore is a SAF keyring or hardware keystore type.

string

defaultKeyStore

A unique configuration ID.

location

A file, directory or url.

${server.output.dir}/resources/security/key.p12

password

Reversably encoded password (string)

The password used to load the keystore file. The value can be stored in clear text or encoded form. Use the securityUtility tool to encode the password.

pollingRate

A period of time with millisecond precision

500ms

readOnly

boolean

false

Specify true if the keystore is to be used by the server for reading and false if write operations will be performed by the server on the keystore.

type

string

PKCS12

A keystore type supported by the target SDK.

updateTrigger

disabled
mbean
polled

mbean

signingKeyStore > keyEntry

A unique configuration ID.

Name	Type	Description
id	string	A unique configuration ID.
keyPassword	Reversably encoded password (string) Required	Password of the private key entry in the keystore.
name	string Required	Name of the private key entry in the keystore.

Name

Type

Default

Description

string

A unique configuration ID.

keyPassword

Reversably encoded password (string)
Required

Password of the private key entry in the keystore.

name

string
Required

Name of the private key entry in the keystore.