Admin Console Auditing Service
This feature allows users to log all actions and operations executed via the admin console for auditing purposes.
Configuring the Auditing Service
All operations executed by users with access to the admin console will be translated to events that correspond to the specific admin user that executed the operation and the asadmin
command (and its parameters) that is equivalent to the operation being executed in the admin console. For example if the default admin
user modifies the monitoring level of the Web Services Container, the following event will be generated:
AUDIT - admin issued command set with parameters { DEFAULT: [configs.config.server-config.monitoring-service.module-monitoring-levels.web-services-container=HIGH] }
The auditing service will relay these events to the Notification Service. In this manner, administrators can be alerted of suspicious activity as soon as possible.
This service can be configured from the admin console and from the command line.
From the Admin Console
The auditing service configuration can be found in the web console under Configurations
→ <configuration-name>`
→ Security
→ Admin Audit
:
Once enabled, actions in the admin console that have a corresponding asadmin
command will be sent to the Notification service.
Check the Enabled option (and the Dynamic option too if you don’t want to restart the domain) to switch the auditing service on.
The Audit Level options sets the level of operations that will be logged:
- MODIFIERS
-
(Default setting) All operations that modify the configuration of the server in some capacity.
- ACCESSORS
-
All operations query the configuration of the server in some capacity.
- INTERNAL
-
All existing operations, including internal operations of the server.
Aside from this configuration setting, you can also define which notifiers will be used to relay the admin console audit events by moving them to the Selected Notifiers box.
Keep in mind that for audit events to be relayed to the selected notifiers, both the Notification Service and each selected notifier must be enabled and configured beforehand. |
You don’t need to manually add each notifier on this screen. When enabling a notifier on its configuration screen, the server will automatically add it to the list of selected notifiers for the Admin audit service. This same result occurs when enabling the notifier using the appropriate asadmin command. |
From the Command Line
The following is the list of available asadmin commands with their available options to configure the auditing service:
set-admin-audit-configuration
- Usage
-
asadmin> set-admin-audit-configuration
- Aim
-
This command can be used to set the configuration settings of the service.
Command Options
Option | Type | Description | Default | Mandatory |
---|---|---|---|---|
|
Boolean |
Enables or disables the service |
false |
No |
|
Boolean |
Whether to apply changes immediately of after a domain restart. |
false |
No |
|
String |
Sets the auditing level. One of:
|
MODIFIERS |
No |
set-admin-audit-service-notifier-configuration
- Usage
asadmin> set-admin-audit-service-notifier-configuration --notifier=<string> --enabled=true|false --dynamic=true|false --noisy=true|false
- Aim
-
This command can be used to enable or disable a specific notifier and the verbosity of the events being relayed.
Command Options
Option | Type | Description | Default | Mandatory |
---|---|---|---|---|
|
String |
The notifier to configure. One of (case insensitive):
|
- |
yes |
|
Boolean |
Enables or disables the notifier |
false |
Yes |
|
Boolean |
Enables or disables noisy mode. A noisy notifier includes verbose information in the notifiers output. |
- |
No |
|
Boolean |
Whether to apply the changes immediately or after server restart |
false |
No |
|
String |
The instance or cluster that will be configured |
server |
no |
Examples
To configure the auditing service to relay events to the log notifier without having to restart the domain run the following command:
asadmin> set-admin-audit-service-notifier-configuration --notifier=log --enabled=true --dynamic=true --noisy=false
log.enabled was false set to true
log.noisy was true set to false
Command set-admin-audit-service-notifier-configuration executed successfully.
get-admin-audit-configuration
- Usage
-
asadmin> get-admin-audit-configuration
- Aim
-
This command can be used to list the configuration settings of the auditing service.
Example
Running the following command will yield the current configuration of the auditing service:
asadmin> get-admin-audit-configuration
Enabled Audit Level
false MODIFIERS
Name Notifier Enabled
LOG false
Command get-admin-audit-configuration executed successfully.
The first row corresponds to the service configuration, second row onwards will detail any notifiers being configured.. |