Auditing describes the process of collecting and storing information about security events and the outcome of those events. An audit provides an electronic trail of selected system activity.
An audit policy defines the type and scope of events to be captured at run time. Although a very large array of system and user events can occur during an operation, the events that are actually audited depend on the audit policies in effect at run time. You can define component- or application-specific policies, or audit individual users.
You configure auditing for system components, including web services, and applications at the domain level using the Audit Policy page. You can audit SOA and ADF services.
The following table summarizes the events that you can audit for web services and the relevant component.
Table 6-8 Auditing Events for Web Services
Enable auditing for the following web service events. . . | Using this system component. . . |
---|---|
|
OWSM—Agent For more information, see "OWSM-AGENT Events and Attributes". |
Note: In this case, events are logged for both security and non-security web service invocations. |
Oracle web services For more information, see "Oracle Web Services Events and Attributes". |
|
OWSM—Policy Manager Note: The Policy Manager audits both local policy attachments and global policy attachments for policy sets. For more information, see "OWSM-PM-EJB Events and Attributes". |
|
OWSM—Policy Attachment Note: The Policy Attachment audits only local policy attachments. For more information, see "Web Services Policy Attachment Events and Attributes". |
You can also audit the events for a specific user, for example, you can audit all events by an administrator.
For more information about configuring audit policies, see "Configuring and Managing Auditing" in Securing Applications with Oracle Platform Security Services.
The following sections describe how to define audit policies and view audit data:
Follow the steps in this section to configure audit policies. For more information, see "Manage Audit Policies for Java Components with Fusion Middleware Control" in Securing Applications with Oracle Platform Security Services.
To manage the data collection and storage of audit information, you need to perform the following tasks:
Set up and manage an audit data repository.
You can store records using one of two repository modes: file and database. It is recommended that you use the database repository mode. The Oracle Business Intelligence Publisher-based audit reports only work in the database repository mode.
Set up audit event collection.
For more information, see "Managing the Audit Data Store" in Securing Applications with Oracle Platform Security Services.
For database repositories, data is exposed through pre-defined reports in Oracle Business Intelligence Publisher.
A number of predefined reports are available, such as: authentication and authorization history, OWSM policy enforcement and management, and so on. For details about generating and viewing audit reports using Oracle Business Intelligence Publisher, see "Using Audit Analysis and Reporting" in Securing Applications with Oracle Platform Security Services.
For file-based repositories, you can view the bus-stop files using a text editor and create your own custom queries.