3 Audit Configuration WLST Commands
Use the WLST commands listed in Table 3-1 to view and manage audit policies and the audit repository configuration.
Table 3-1 WLST Audit Commands
| Use this command | To | Use with WLST |
|---|---|---|
|
Generate an SQL script to create an IAU view in the database. |
Online |
|
|
Generate an SQL script to create an audit definitions view in the database. |
Online |
|
|
Remove audit definitions of a specified component from the audit store. |
Online |
|
|
Export a component's audit configuration. |
Online |
|
|
Get information about a view. |
Online |
|
|
Display the mBean name for a non-Java EE component. |
Online |
|
|
Display audit policy settings. |
Online |
|
|
Display audit repository settings. |
Online |
|
|
Import a component's audit configuration. |
Online |
|
|
List components that can be audited. |
Online |
|
|
List audit events for one or all components. |
Online |
|
|
Update audit policy settings. |
Online |
|
|
Update audit repository settings. |
Online |
|
|
Register audit definitions for a specified component in the audit store. |
Online |
See Introduction to Oracle Fusion Middleware Audit Framework in Securing Applications with Oracle Platform Security Services.
createIAUView
Generates an SQL script to create an IAU view in the database.
Description
The generated script creates, by default, a SIMPLE view when the component is registered with the audit service; it switches the view from SIMPLE to INDEXABLE, or creates a view in the database. INDEXABLE views are supported for an Oracle database only. SIMPLE views can be created for all supported databases in the IAU_VIEWER schema.
Syntax
createIAUView(componentType, [viewType])
| Argument | Definition |
|---|---|
|
|
The component whose definitions are the basis of the view. |
|
|
The type of view; valid values are SIMPLE or INDEXABLE. Default is SIMPLE. |
Examples
wls:/mydomain/serverConfig>createIAUView(componentType="AuditApp, viewType="INDEXABLE")
wls:/mydomain/serverConfig>createIAUView(componentType="AuditApp, viewType="SIMPLE")
wls:/mydomain/serverConfig>createIAUView(componentType="AuditApp") Parent topic: Audit Configuration WLST Commands
createAuditDBView
Creates a SQL script that generates a view for audit in the database.
Description
This command generates a SQL script that you can use to create a database view of the audit definitions of a specified component. The script is written to the specified file and also printed out to the console.
Upon execution, the result of the SQL script depends on the audit model at your site:
-
If using the 11.1.1.6.0 model, and the component is registered in the audit store, the script creates a view using the system component tables (IAU_COMMON, IAU_USERSESSION, IAU_AUDITSERVICE and IAU_CUSTOM) for the specified component.
-
If using the pre-11.1.1.6.0 model, the component is not registered in the audit store but its event definitions reside in the component_events.xml file (in the oracle_common/modules/oracle.iau_11.1.1/components/componentType directory), and the view is created using the IAU_BASE and component tables.
Syntax
createAuditDBView(fileName, componentType, [dbType], [viewType])
| Argument | Definition |
|---|---|
|
|
The path and file name to which the SQL script is written. |
|
|
The name of the registered component. |
|
|
The database type. One of the following: DB_ORACLE, MS_SQL_SERVER, IBM_DB2. |
|
|
The view type. One of the following: SIMPLE, INDEXABLE. |
Example
wls:/mydomain/serverConfig>
createAuditDBView(fileName="/tmp/JPSAuditView.sql", componentType="JPS",
dbType="DB_ORACLE", viewType=INDEXABLE)Parent topic: Audit Configuration WLST Commands
deregisterAudit
Removes the event definition and translation content from the audit store. for a component.
Description
Removes an existing event definition and translation content for a specified component or application from the audit store.
Syntax
deregisterAudit(componentType)
| Argument | Definition |
|---|---|
|
|
Specifies the component whose definitions are to be removed. |
Example
wls:/mydomain/serverConfig> deregisterAudit(componentType="AuditApp")
Parent topic: Audit Configuration WLST Commands
exportAuditConfig
Online command that exports a component's audit configuration.
Description
This command exports the audit configuration to a file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.
Note:
You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.
Syntax
exportAuditConfig([mbeanName],fileName, [componentType])
| Argument | Definition |
|---|---|
|
|
Specifies the name of the non-Java EE component MBean. |
|
|
Specifies the path and file name to which the audit configuration should be exported. |
|
|
Specifies that only events of the given component be exported to the file. If not specified, the audit configuration in |
Example
The following example exports the audit configuration for a component:
wls:/mydomain/serverConfig> exportAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean, name=CSAuditProxyMBean',fileName='/tmp/auditconfig')
The following example exports the audit configuration for a Java EE component; no mBean is specified:
wls:/mydomain/serverConfig> exportAuditConfig(fileName='/tmp/auditconfig')
Parent topic: Audit Configuration WLST Commands
getIAUViewInfo
Returns information about the view of a component.
Description
Retrieves information about the view of a specified component.
Syntax
getIAUViewInfo(componentType)
| Argument | Definition |
|---|---|
|
|
The component whose definitions are the basis of the view. |
Example
wls:/mydomain/serverConfig> getIAUViewInfo(componentType="JPS")
Parent topic: Audit Configuration WLST Commands
getNonJavaEEAuditMBeanName
Online command that displays the mbean name for non-Java EE components.
Description
This command displays the mbean name for non-Java EE components given the instance name, component name, component type, and the name of the Oracle WebLogic Server on which the component's audit mbean is running. The mbean name is a required parameter to other audit WLST commands when managing a non-Java EE component.
Syntax
getNonJavaEEAuditMBeanName(instName, compName, compType, svrName)
| Argument | Definition |
|---|---|
|
|
Specifies the name of the application server instance. |
|
|
Specifies the name of the component instance. |
|
|
Specifies the type of component. Valid values are ohs, oid, ovd, and WebCache. |
|
|
Specifies the name of the Oracle WebLogic Server. |
Example
The following example displays the mBean name for an Oracle Internet Directory:
wls:/mydomain/serverConfig> getNonJavaEEAuditMBeanName(instName='inst1', compName='oid1', compType='oid', svrName='AdminServer')
Parent topic: Audit Configuration WLST Commands
getAuditPolicy
Online command that displays the audit policy settings.
Description
This command displays audit policy settings including the filter preset, special users, custom events, maximum log file size, and maximum log directory size. The component mbean name is required for non-Java EE components like Oracle HTTP Server.
Note:
You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.
Syntax
getAuditPolicy([mbeanName, componentType])
| Argument | Definition |
|---|---|
|
|
Specifies the name of the component audit MBean for non-Java EE components. |
|
|
Requests the audit policy for a specific component registered in the audit store. If not specified, the audit policy in |
Example
The following example displays the audit settings for a Java EE component:
wls:/mydomain/serverConfig> getAuditPolicy(componentType='JPS'); Location changed to domainRuntime tree. This is a read-only tree with DomainMBean as the root. For more help, use help(domainRuntime) FilterPreset:All Max Log File Size:104857600
The following example displays the audit settings for MBean CSAuditProxyMBean:
wls:/mydomain/serverConfig> getAuditPolicy(on='oracle.security.audit.test:type=CSAuditMBean, name=CSAuditProxyMBean')
Parent topic: Audit Configuration WLST Commands
getAuditRepository
Online command that displays audit repository settings.
Description
This command displays audit repository settings for Java EE components and applications (for other components like Oracle Internet Directory, the repository configuration resides in opmn.xml). Also displays database configuration if the repository is a database type.
Syntax
getAuditRepository
Example
The following example displays audit repository configuration:
wls:/IDMDomain/domainRuntime> getAuditRepository() Already in Domain Runtime Tree Repository Type:File
Parent topic: Audit Configuration WLST Commands
importAuditConfig
Online command that imports a component's audit configuration.
Description
This command imports the audit configuration from an external file. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.
Note:
You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.
Syntax
importAuditConfig([mbeanName],fileName, [componentType])
| Argument | Definition |
|---|---|
|
|
Specifies the name of the non-Java EE component MBean. |
|
|
Specifies the path and file name from which the audit configuration should be imported. |
|
|
Specifies that only events of the given component be imported from the file. If not specified, the audit configuration in |
Examples
The following example imports the audit configuration for a component:
wls:/mydomain/serverConfig> importAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean, name='CSAuditProxyMBean',fileName='/tmp/auditconfig')
The following example imports the audit configuration from a file; no mBean is specified:
wls:/mydomain/serverConfig> importAuditConfig(fileName='/tmp/auditconfig')
Parent topic: Audit Configuration WLST Commands
listAuditComponents
Lists components that can be audited.
Description
This command creates a list of the components that can be audited. It lists components registered in the audit store using both the 11.1.1.6.0 model and the pre-11.1.1.6.0 model.
Syntax
listAuditComponents(fileName)
| Argument | Definition |
|---|---|
|
|
Specifies the path and file name to which the output is written. |
Example
listAuditComponents(fileName = "/tmp/complist.txt")
Parent topic: Audit Configuration WLST Commands
listAuditEvents
Online command that displays a component's audit events.
Description
This command displays a component's audit events and attributes. For non-Java EE components, pass the component mbean name as a parameter. Java EE applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter. Without a component type, all generic attributes applicable to all components are displayed.
Note:
You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.
Syntax
listAuditEvents([mbeanName],[componentType])
| Argument | Definition |
|---|---|
|
|
Specifies the name of the component MBean. |
|
|
Specifies the component type to limit the list to all events of the component type. |
Examples
The following example displays audit events for the Oracle Platform Security Services component:
wls:/IDMDomain/domainRuntime> listAuditEvents(componentType='JPS'); Already in Domain Runtime Tree Common Attributes ComponentType Type of the component. For MAS integrated SystemComponents this is the componentType InstanceId Name of the MAS Instance, that this component belongs to HostId DNS hostname of originating host HostNwaddr IP or other network address of originating host ModuleId ID of the module that originated the message. Interpretation is unique within Component ID. ProcessId ID of the process that originated the message
The following example displays audit events for Oracle HTTP Server:
wls:/mydomain/serverConfig> listAuditEvents(componentType='ohs')
The following example displays all audit events:
wls:/IDMDomain/domainRuntime> listAuditEvents(); Already in Domain Runtime Tree Components: DIP JPS OIF OWSM-AGENT OWSM-PM-EJB ReportsServer WS-PolicyAttachment WebCache WebServices Attributes applicable to all components: ComponentType InstanceId HostId HostNwaddr ModuleId ProcessId OracleHome HomeInstance ECID RID ...
Parent topic: Audit Configuration WLST Commands
setAuditPolicy
Online command that updates an audit policy.
Description
Online command that configures the audit policy settings. You can set the filter preset, add or remove users, and add or remove custom events. The component mbean name is required for non-Java EE components like Oracle HTTP Server.
Note:
You can obtain a non-Java EE component's MBean name using the getNonJavaEEAuditMBeanName command.
Syntax
setAuditPolicy([mbeanName],[filterPreset],[addSpecialUsers], [removeSpecialUsers],[addCustomEvents],[removeCustomEvents], [componentType], [maxFileSize], [andCriteria], [orCriteria], [componentEventsFile])
| Argument | Definition |
|---|---|
|
|
Specifies the name of the component audit MBean for non-Java EE components. |
|
|
Specifies the filter preset to be changed. |
|
|
Specifies the special users to be added. |
|
|
Specifies the special users to be removed. |
|
|
Specifies the custom events to be added. |
|
|
Specifies the custom events to be removed. |
|
|
Specifies the component definition type to be updated. The audit runtime policy for the component is registered in the audit store. If not specified, the audit configuration defined in jps-config.xml is modified. |
|
|
Specifies the maximum size of the log file. |
|
|
Specifies the |
|
|
Specifies the |
|
|
Specifies a component definition file under the 11g Release 1 (11.1.1.6) metadata model. This parameter is required if you wish to create/update an audit policy in the audit store for an 11g Release 1 (11.1.1.6) metadata model component, and the filter preset level is set to “Custom". |
Examples
The following example sets audit policy to None level, and adds users user2 and user3 while removing user1 from the policy:
wls:/mydomain/serverConfig> setAuditPolicy (filterPreset= 'None',addSpecialUsers='user2,user3',removeSpecialUsers='user1',componentType='JPS') wls:/mydomain/serverConfig> getAuditPolicy(componentType='JPS'); Already in Domain Runtime Tree FilterPreset:None Special Users:user2,user3 Max Log File Size:104857600
The following example adds login events while removing logout events from the policy:
wls:/mydomain/serverConfig> setAuditPolicy(filterPreset= 'Custom',addCustomEvents='UserLogin',removeCustomEvents='UserLogout')
The following example sets audit policy to a Low level:
wls:/IDMDomain/domainRuntime> setAuditPolicy(filterPreset='Low',componentType='JPS); Already in Domain Runtime Tree Audit Policy Information updated successfully wls:/IDMDomain/domainRuntime> getAuditPolicy(componentType='JPS') Already in Domain Runtime Tree FilterPreset:Low Max Log File Size:104857600
The following example sets a custom filter to audit the CheckAuthorization event:
wls:/IDMDomain/domainRuntime>setAuditPolicy(filterPreset='Custom', componentType='JPS',addCustomEvents='Authorization:CheckPermission, CheckSubject;CredentialManagement:CreateCredential,DeleteCredential'); Already in Domain Runtime Tree Audit Policy Information updated successfully wls:/IDMDomain/domainRuntime> getAuditPolicy(componentType='JPS'); Already in Domain Runtime Tree FilterPreset:Custom Special Users:user1 Max Log File Size:104857600 Custom Events:JPS:CheckAuthorization
Parent topic: Audit Configuration WLST Commands
setAuditRepository
Online command that updates audit repository settings.
Description
This command sets the audit repository settings for Java EE and SE components and applications (for other components like Oracle Internet Directory, the repository is configured by editing opmn.xml).
Syntax
setAuditRepository([switchToDB],[dataSourceName],[interval],
[timezone], [repositoryType], [logDirectory],
[jdbcString], [dbUser], [dbPassword])| Argument | Definition |
|---|---|
|
|
If |
|
|
Specifies the JNDI name of the data source. This data source must be configured in the specified Oracle Weblogic Server domain. |
|
|
Specifies the time, in seconds, that the audit loader sleeps. |
|
|
Specifies the time zone in which the audit loader records the timestamps of the audit events. Valid values are |
|
|
Specifies the database type to which the data has to be uploaded. The supported databases are Oracle, MS SQL Server and IBM DB2. |
|
|
Specifies the audit log directory for SE applications to store bus stop files. |
|
|
Specifies the audit repository jdbc connection string for SE applications. |
|
|
Specifies the audit repository IAU schema user. |
|
|
Specifies the audit repository IAU schema password. |
Example
The following example changes audit repository to a specific database and sets the audit loader interval to 14 seconds, and the time zone to utc:
wls:/mydomain/serverConfig> setAuditRepository(switchToDB="true",
dataSourceName="jdbc/AuditDB",interval="14",timezone="utc",
repositoryType="DB_ORACLE", logDirectory="/foo",
jdbcString="jdbc:oracle:thin:@db.example.com:5001:sid",
dbUser="scott_iau", dbPassword="tiger")Parent topic: Audit Configuration WLST Commands
registerAudit
Registers a component with the audit service.
Description
Adds the event definition and translation content for a specified component to the audit store. If you try to register using the pre-11.1.1.6.0 audit XML schema definition, it is upgraded to the 11.1.1.6.0 XML schema definition and then registered with the audit store.
Syntax
registerAudit(xmlFile, [xlfFile],componentType,[mode=OVERWRITE|UPGRADE],
[createView=SIMPLE|INDEXABLE|DISABLE])
| Argument | Definition |
|---|---|
|
|
Specifies the Component Event definition file. |
|
|
Specifies the component xlf jar file. Optional. |
|
|
Specifies the component to be registered. |
|
|
Optional. OVERWRITE or UPGRADE. Default is UPGRADE. |
|
|
Optional. SIMPLE, INDEXABLE or DISABLE. Default is SIMPLE. |
Example
wls:/mydomain/serverConfig>registerAudit(xmlFile="/tmp/comp.xml", xmlFile="/tmp/comp_xlf.jar", componentType="AuditApp", mode="UPGRADE", createView=INDEXABLE)
Parent topic: Audit Configuration WLST Commands