198 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
6.1 Native auditing
Auditing is defined as the logging of audit records. It includes the collection of
data about system activities that affect the secure operation of the Tivoli Access
Manager server processes. Each Tivoli Access Manager server can capture
audit events whenever any security-related auditable activity occurs.
Auditing uses the concepts of a record, an audit event, and an audit trail. Each
audited activity is referred to as an audit event. The output of a specific server
event is called a
record.
An
audit trail is a collection of multiple records that document the server activity.
Audit trail files can capture authorization, authentication, and management
events that are generated by the Tivoli Access Manager servers. There are
multiple sources for auditing events that you want to gather. You can collect
either a combination or all of the different types of auditing events at the same
time. Some of the event types that can be used for native auditing are:
audit.authz Authorization events for WebSEAL servers
audit.azn Authorization events for base servers
audit.authn Authentication, credential acquisition authentication,
password change, and logout events
audit.authn.successful Successful authentication credential acquisition
authentication, password change, and logout events
audit.authn.unsuccessful Failed authentication credential acquisition
authentication, password change, and logout events
audit.http HTTP access events
audit.http.successful Successful HTTP access events
audit.http.unsuccessful Failed HTTP access events
audit.mgmt Management events
http HTTP logging information
http.clf HTTP request information in common log format (clf)
http.ref HTTP Referer header information
http.agent HTTP User Agent head information
http.cof HTTP information in NCSA combined output format
(cof) with timestamp and appends the quoted referer
and agent strings to the common log format

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.