212 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
򐂰 Resource Access By Accessor Report
Shows the top resources in terms of access/authorization events during a
time period for each machine name identified. The report identifies who is
repeatedly accessing resources and what resource is being accessed.
򐂰 Resource Access By Resource Report
Shows the top accessors in terms of access/authorization events during a
time period for each machine name identified. The report identifies which
resources are most heavily accessed and which user is accessing the
resource.
6.2.3 Common Auditing and Reporting Service configuration
Figure 6-1 on page 213 shows the major components of the Common Auditing
and Reporting Service model:
򐂰 Common Event Infrastructure (CEI)
򐂰 Clients
򐂰 Operational reports
The Common Auditing and Reporting Service event infrastructure runs on top of
IBM WebSphere Application Server and contains three separate applications:
򐂰 Common Audit Service
򐂰 EventServer
򐂰 EventServerMdb
When using the Common Auditing Service, you need to configure the
server-specific Common Auditing Service client to record specific audit events.
Depending on the type of Access Manager services, there are two auditing
clients, namely the Java client and C (or native) client. The Java client and C
client are referred to as the Java API and C API, respectively.
As part of the server installation you can install the operational reports. The
operational reports provide information that you can use to analyze security
events that might have occurred.
Chapter 6. Auditing and troubleshooting 213
Figure 6-1 Common Auditing and Reporting Service architecture
Installing the event server
At a high level, the steps to install the event server are the following:
1. Install the prerequisite products
IBM DB2 Server
WebSphere Application Server
2. Review the preinstallation checklist for UNIX, Linux, or Windows operating
system that includes verification of valid user and group permissions, and
validate the DB2 and WebSphere Application Server environment.
3. Determine the installation options.
4. Install the event server using either the interactive or silent installation.
After successful installation, the Common Auditing and Reporting Service event
server offers two utilities that can be executed:
򐂰 The staging utility
򐂰 The XML store utilities
PDRTE
PDWeb
...
PDAcld
PDMgr
Policy DB
Access Manager Audit Service
User registry
file
loger
pipe
loger
CARS
logger
remote
loger
CARS C
Client
CARS / WebSphere / CEI
Event Server
SMS
CARS JAVA
Client
Report
Tables
Reports
Crystal
Enterprise
Server
Web
Browser
214 Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0
These utilities can be executed with a different set of options placed in the
ibmcars.properties configuration file. The ibmcars.properties file is located in
CARS_HOME\server\etc
As a prerequisite for these commands, the CLASSPATH environment variable
for the staging and event store utilities must be set.
Staging utility command
The staging utility provides staging of the data from the XML event store to the
staging tables. You can stage data in the following modes:
򐂰 Incremental
򐂰 Historical
򐂰 Prune
Use the following command syntax for the staging utility:
java com.ibm.cars.staging.Staging -mode historical -starttime value
-endtime value
java com.ibm.cars.staging.Staging -mode incremental
java com.ibm.cars.staging.Staging -mode prune -prunetime value
These commands may contain additional optional parameters. For the
parameters that are not specified on the staging utility command line, their values
will be used according to what is set in the ibmcars.properties file. The
parameters that you set on the command line will override any value you have
set in the ibmcars.properties file.
XML data store utilities
The XML event store utilities provide tools to help you manage the XML event
store in preparation for archiving, and to clean up restored data that is no longer
needed. There are three types of operations that the XML utilities can perform:
򐂰 Pre-archive
򐂰 Post-archive
򐂰 Clean restore table set
Use the following command syntax for each of the XML event store utilities:
java com.ibm.cars.xmlstoreutils.XmlStoreUtils -operation prearchive
java com.ibm.cars.xmlstoreutils.XmlStoreUtils -operation postarchive
[-mode force] [-copydir value]
java com.ibm.cars.xmlstoreutils.XmlStoreUtils -operation cleanrestore
[-mode force]
Again, for the optional parameters that are not specified on the XML event store
utility command line, their values will be used according to what is set in the

Get Certification Study Guide: IBM Tivoli Access Manager for e-business 6.0 now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.