10.6.8. Configure Security Auditing
Procedure 10.4. Setup Security Auditing for a Security Domain
Open the security domain's detailed view.Click the Profiles label at the top right of the management console. In a standalone server, the tab is labeled Profile. In a managed domain, select the profile to modify from the Profile selection box at the top left of the Profile view. Click the Security menu item at the left, and click Security Domains from the expanded menu. Click the View link for the security domain you want to edit.
Navigate to the Auditing subsystem configuration.Click the Audit label at the top of the view if it is not already selected.The configuration area is divided into two areas: Provider Modules and Details. The provider module is the basic unit of configuration. A security domain can include several provider modules each of which can include attributes and options.
Add a provider module.Click the Add button to add a provider module. Fill in the Code section with the classname of the provider module.After you have added your module, you can modify its Code by clicking the button in the Details section of the screen. Be sure the Attributes tab is selected.
Verify if your module is workingThe goal of an audit module is to provide a way to monitor the events in the security subsystem. This monitoring can be done by means of writing to a log file, email notifications or any other measurable auditing mechanism.For example, JBoss EAP 6 includes the
LogAuditProvidermodule by default. If enabled following the steps above, this audit module writes security notifications to a
audit.logfile in the
logsubfolder within the
EAP_HOMEdirectory.To verify if the steps above have worked in the context of the
LogAuditProvider, perform an action that is likely to trigger a notification and then check the audit log file.For a full list of included security auditing provider modules, see here: Section 11.4, “Included Security Auditing Provider Modules”
Optional: Add, edit, or remove module options.If you need to add options to your module, click its entry in the Modules list, and select the Module Options tab in the Details section of the page. Click the button, and provide the key and value for the option. To edit an option that already exists, remove it by clicking the label, and add it again with the correct options by clicking the button.
Your security auditing module is added to the security domain, and is immediately available to applications which use the security domain.