Admin Console Tasks for Audit Modules

• To create an audit module

• To edit an audit module

• To delete an audit module

• To set the active audit module

• To enable or disable audit logging

To create an audit module

The Application Server provides a simple default audit module; for more information, see To use the default audit module.

1. In the Admin Console tree component, expand the Configurations node.

2. Select the instance to configure:

   • To configure a particular instance, expand the instance’s config node. For example, the default instance, server, expand the server-config node.

   • To configure the default settings for all instances, expand the default-config node.

3. Expand the Security node.

4. Select the Audit Modules node.

5. On the Audit Modules page, click New.

6. On the Create Audit Module page, enter the following information:

   • Name – The name used to identify this audit module.

   • Classname – The fully-qualified name of the class that implements this module. The class name for the default audit module is com.sun.enterprise.security.Audit.

7. To add JVM properties to this module, click Add Property. Specify a name and value for each property. Valid properties include:

   • auditOn - Specifies whether or not to enable this implementation class. Valid values are true and false.

8. Click OK to save entries, or click Cancel to quit without saving.

To edit an audit module

Audit modules are not turned on by default. For more information on how to activate audit modules, read To enable or disable audit logging.

1. In the Admin Console tree component, expand the Configurations node.

2. Select the instance to configure:

   • To configure a particular instance, expand the instance’s config node. For example, the default instance, server, expand the server-config node.

   • To configure the default settings for all instances, expand the default-config node.

3. Expand the Security node.

4. Expand the Audit Modules node.

5. Click the node of the audit module to be edited.

6. On the Edit Audit Module page, modify the class name, if needed.

7. Enter any additional properties for the module by selecting the Add button and entering the name and value of the property. Valid properties include:

   • auditOn - Specifies whether or not to use this audit module. Valid values are true and false.

8. Modify any existing properties by selecting the name or value to be modified, and entering the changes directly into the text field.

9. Delete a property by selecting the checkbox to the left of the property and clicking Delete Properties.

10. Click Save to save or click the Back button on the browser to cancel without saving.

To delete an audit module

1. In the Admin Console tree component, expand the Configurations node.

2. Select the instance to configure:

   • To configure a particular instance, expand the instance’s config node. For example, the default instance, server, expand the server-config node.

   • To configure the default settings for all instances, expand the default-config node.

3. Expand the Security node.

4. Select the Audit Modules node.

5. Click in the checkbox to the left of the audit module to be deleted.

6. Click Delete.

To enable or disable audit logging

1. In the Admin Console tree component, expand the Configurations node.

2. Select the instance to configure:

   • To configure a particular instance, expand the instance’s config node. For example, the default instance, server, expand the server-config node.

   • To configure the default settings for all instances, expand the default-config node.

3. Select the Security node.

   The Security page displays.

4. To enable logging, select the Audit Logging check box. To disable it, deselect it.

   Selecting this option causes the loading of the audit modules and ensures they are called by the Application Server’s audit library at audit points.

5. If you are enabling audit logging, specify a default audit module as described in To set the active audit module.

6. Select Save to save the changes.

7. Restart the Application Server if Restart Required displays in the console.

To set the active audit module

Before You Begin

To specify the audit module that the server uses, first enable audit logging as described in To enable or disable audit logging.

1. In the Audit Modules field, enter the name of the audit module to be used by the server.

   The preconfigured audit module is called default. Make sure that this audit module has auditOn set to true as described in To use the default audit module.

2. Select Save to save the changes, Load Defaults to cancel.

3. Restart the Application Server if Restart Required displays in the console.

To use the default audit module

The default audit module logs authentication and authorization requests to the server log file. For information on changing the location of the log file, see To configure general logging settings.

Authentication log entries include the following information:

• Names of users who attempted to authenticate.

• The realm that processed the access request.

• The requested Web module URI or EJB component.

• Success or failure of the request.

Regardless of whether audit logging is enabled, the Application Server logs all denied authentication events.

Authorization log entries include the following information:

• Names of authenticated users, if any.

• The requested Web URI or EJB component.

• Success or failure of the requests.

1. In the Admin Console tree component, expand the Configurations node.

2. Select the instance to configure:

   • To configure a particular instance, expand the instance’s config node. For example, the default instance, server, expand the server-config node.

   • To configure the default settings for all instances, expand the default-config node.

3. Expand the Security node.

4. Expand the Audit Modules node.

5. Click the default node.

6. Set the value of the auditOn property to true.

7. Select Save to save the changes.

8. Restart the Application Server if Restart Required displays in the console.