Audit 1.0

The Liberty Audit feature is used to report and track auditable events to ensure the integrity of your system. The Liberty Audit feature introduces an infrastructure which serves two purposes: - Confirming the effectiveness and integrity of the existing configuration - Identifying areas where improvement to the configuration may be needed The Liberty Audit feature has the ability to capture the following auditable events: - Basic authentication - Start and stop of the Audit service - Form login authentication - Client certificate authentication - Servlet runAs delegation - Failover to basic authentication - Unprotected servlet authorization - Servlet 3.0 APIs: login/logout/authenticate - JACC web authorization - Form logout - JACC EJB authorization - EJB delegation - SCIM operations/member management - Dynamic audit feature handling - EJB authorization - JMX MBean operations - JMX Notifications - JMX MBean registration - JMX MBean attribute operations - JMS Authentication - JMS Authorization - OAuth application password and token management - SAF authorization The Liberty Audit feature supports the Cloud Auditing Data Federation (CADF) event model. The CADF model describes a data model and associated schema definitions for an audit event. The feature provides a default implementation, the AuditFileHandler, which emits human-readable audit records to a file-based log. Each audit record is emitted in JSON format.

Command Line Install

To install the feature from the command line, type:
bin/installUtility install audit-1.0
If you are installing into or earlier and the feature supports that version, use the featureManager command, for example:
bin/featureManager install audit-1.0 --when-file-exists=ignore

Config Instructions

To use the feature at runtime add the following to your server.xml file

Additional Information