13.7.2. Configure Security Auditing
Procedure 13.11. Setup Security Auditing for a Security Domain
Open the security domain's detailed view.
- Click Configuration at the top of the screen.
- In a managed domain, select a profile to modify from the Profile selection box at the top left.
- Expand the Security menu and select Security Domains.
- Click View for the security domain you want to edit.
Navigate to the Auditing subsystem configuration.Select the Audit tab at the top of the screen.The configuration area is divided into two areas: Provider Modules and Details. The provider module is the basic unit of configuration. A security domain can include several provider modules each of which can include attributes and options.
Add a provider module.Click Add. Fill in the Code section with the classname of the provider module.
Verify if your module is workingThe goal of an audit module is to provide a way to monitor the events in the security subsystem. This monitoring can be done by means of writing to a log file, email notifications or any other measurable auditing mechanism.For example, JBoss EAP 6 includes the
LogAuditProvidermodule by default. If enabled following the steps above, this audit module writes security notifications to a
audit.logfile in the
logsubfolder within the
EAP_HOMEdirectory.To verify if the steps above have worked in the context of the
LogAuditProvider, perform an action that is likely to trigger a notification and then check the audit log file.For a full list of included security auditing provider modules, see here: Section A.4, “Included Security Auditing Provider Modules”
Optional: Add, edit, or remove module options.To add options to your module, click its entry in the Modules list, and select the Module Options tab in the Details section of the page. Click Add, and provide the key and value for the option.To edit an option that already exists, click Remove to remove it, and click Add to add it again with the correct options.
Your security auditing module is added to the security domain, and is immediately available to applications which use the security domain.