Auditing is the process whereby information about operating requests and the outcome of those requests are collected, stored, and distributed for the purposes of non-repudiation. In WebLogic Server, an Auditing provider provides this electronic trail of computer activity. The default security realm does not include an Auditing provider. In order to enable security auditing, you need to add an Auditing provider to your active security realm and configure it to specify the severity level of events that you want to audit.
WebLogic Server also provides the ability to audit configuration change events. Configuration auditing provides a record of changes to the configuration of any resource within a domain or invokes management operations on any resource within a domain. Configuration audit records can be saved to a log file, sent to an Auditing provider in the security realm, or both.