6.8. Configure Security Auditing

To configure security auditing settings for a security domain, log into the management console and follow this procedure.

Procedure 6.3. Setup Security Auditing for a Security Domain

  1. Open the security domain's detailed view.

    Click the Profiles label at the top right of the management console. In a standalone server, the tab is labeled Profile. In a managed domain, select the profile to modify from the Profile selection box at the top left of the Profile view. Click the Security menu item at the left, and click Security Domains from the expanded menu. Click the View link for the security domain you want to edit.
  2. Navigate to the Auditing subsystem configuration.

    Click the Audit label at the top of the view if it is not already selected.
    The configuration area is divided into two areas: Provider Modules and Details. The provider module is the basic unit of configuration. A security domain can include several provider modules each of which can include attributes and options.
  3. Add a provider module.

    Click the Add button to add a provider module. Fill in the Code section with the classname of the provider module.
    After you have added your module, you can modify its Code by clicking the Edit button in the Details section of the screen. Be sure the Attributes tab is selected.
  4. Verify if your module is working

    The goal of an audit module is to provide a way to monitor the events in the security subsystem. This monitoring can be done by means of writing to a log file, email notifications or any other measurable auditing mechanism.
    For example, JBoss EAP 6 includes the LogAuditProvider module by default. If enabled following the steps above, this audit module writes security notifications to a audit.log file in the log subfolder within the EAP_HOME directory.
    To verify if the steps above have worked in the context of the LogAuditProvider, perform an action that is likely to trigger a notification and then check the audit log file.
    For a full list of included security auditing provider modules, see here: Section A.4, “Included Security Auditing Provider Modules”
  5. Optional: Add, edit, or remove module options.

    If you need to add options to your module, click its entry in the Modules list, and select the Module Options tab in the Details section of the page. Click the Add button, and provide the key and value for the option. To edit an option that already exists, remove it by clicking the Remove label, and add it again with the correct options by clicking the Add button.

Your security auditing module is added to the security domain, and is immediately available to applications which use the security domain.