Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

198 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0

6.1 Native auditing

Auditing is defined as the logging of audit records. It includes the collection of

data about system activities that affect the secure operation of the Tivoli Access

Manager server processes. Each Tivoli Access Manager server can capture

audit events whenever any security-related auditable activity occurs.

Auditing uses the concepts of a record, an audit event, and an audit trail. Each

audited activity is referred to as an audit event. The output of a specific server

event is called a

record.

audit trail is a collection of multiple records that document the server activity.

Audit trail files can capture authorization, authentication, and management

events that are generated by the Tivoli Access Manager servers. There are

multiple sources for auditing events that you want to gather. You can collect

either a combination or all of the different types of auditing events at the same

time. Some of the event types that can be used for native auditing are:

audit.authz Authorization events for WebSEAL servers

audit.azn Authorization events for base servers

audit.authn Authentication, credential acquisition authentication,

password change, and logout events

audit.authn.successful Successful authentication credential acquisition

authentication, password change, and logout events

audit.authn.unsuccessful Failed authentication credential acquisition

authentication, password change, and logout events

audit.http HTTP access events

audit.http.successful Successful HTTP access events

audit.http.unsuccessful Failed HTTP access events

audit.mgmt Management events

http HTTP logging information

http.clf HTTP request information in common log format (clf)

http.ref HTTP Referer header information

http.agent HTTP User Agent head information

http.cof HTTP information in NCSA combined output format

(cof) with timestamp and appends the quoted referer

and agent strings to the common log format

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 by Axel Buecker, Vladimir Jeremic