You can use the Jython scripting language to manage the security auditing system with the wsadmin tool. Use the commands and parameters in the AuditReaderCommands group to display audit record information from the binary audit log.
The binaryAuditLogReader command reads the default binary audit log and generates an HTML report based on the parameters you provide. You must use the auditor security role to use this command.
Target object
None.
Required parameters
Optional parameters
See the Data point values table for the information that is available with each of the report types.
Data point name | reportMode value | Context object name | Field name | Description |
---|---|---|---|---|
RemoteAddr | basic | SessionContextObj | remoteAddr | The data point provides the IP address for the default remote host. |
RemotePort | basic | SessionContextObj | remotePort | The data point provides the port of the default remote host. |
RemoteHost | basic | SessionContextObj | remoteHost | The data point provides the host name of the remote host. |
RegistryType | basic | RegistryContextObj | type | The data point provides the type of user registry that is being used, such as Lightweight Directory Access Protocol (LDAP) or AIX®. |
Domain | basic | ProcessContextObj | domain | The data point provides the domain to which the user belongs. |
Realm | basic | ProcessContextObj | realm | The data point provides the registry partition to which the user belongs. |
CreationTime | basic | EventContextObj | creationTime | The data point provides the date an event was created. |
ProgName | basic | AccessContextObj | progName | The data point provides the name of the program that was involved in the event. |
Action | basic | AccessContextObj | action | The data point provides the action being performed. |
ResourceName | basic | AccessContextObj | resourceName | The data point provides the name of the resource in the context of the application. |
ResourceType | basic | AccessContextObj | resourceType | The data point provides the type of resource. |
ResourceUniqueId | basic | AccessContextObj | resourceUniqueId | The data point provides the unique identifier of the resource. |
SessionId | complete | SessionContextObj | sessionId | The data point provides an identifier for the default user session. |
FirstCaller | basic | PropagationContextObj | firstCaller | The data point provides the identity of the first user in the caller list. |
DelegationType | complete | DelegationContextObj | delegationType | The data point provides the delegation type. The delegation types are no delegation, simple delegation, method delegation or switch user delegation information. |
RoleName | complete | DelegationContextObj | roleName | The data point provides the Run as role that is being used. The Run as roles are runAsClient, runAsSpecified, runAsSystem, or own ID. |
IdentityName | complete | DelegationContextObj | identityName | The data point provides information about the mapped user. |
AuthnType | complete | AuthnContextObj | authnType | The data point provides the type of authentication that is being used. |
Provider | complete | ProviderContextObj | provider | The data point returns the provider of the authentication or authorization service. |
ProviderStatus | complete | ProviderContextObj | providerStatus | The data point provides the status of whether the authentication or authorization event was successfully processed by the provider. |
MappedSecurityDomain | complete | AuthnMappingContextObj | mappedSecurityDomain | The data point provides the security domain after the mapping has occurred. |
MappedRealm | complete | AuthnMappingContextObj | mappedRealm | The data point provides the realm name after the mapping has occurred. |
MappedUserName | complete | AuthnMappingContextObj | mappedUserName | The data point provides the user name after the mapping has occurred. |
TerminateReason | basic | AuthnTermContextObj | terminateReason | The data point provides the reason that authentication ended. |
RegistryUserName | basic | AccessContextObj | registryUserName | The data point provides the name of the user in the registry. |
AppUserName | basic | AccessContextObj | appUserName | The data point provides the name of the user within an application. |
AccessDecision | complete | AccessContextObj | accessDecision | The data point provides the decision of the authorization call. |
PermissionsChecked | complete | AccessContextObj | permissionsChecked | The data point provides the permissions that were checked during the authorization call. |
PermissionsGranted | complete | AccessContextObj | permissionsGranted | The data point provides the permissions that were granted during the authorization call. |
RolesChecked | complete | AccessContextObj | rolesChecked | The data point provides the roles that were checked during the authorization call. |
RolesGranted | complete | AccessContextObj | rolesGranted | The data point provides the roles that were granted during the authorization call |
PolicyName | complete | PolicyContextObj | policyName | The data point provides the name of the policy. |
PolicyType | complete | PolicyContextObj | policyType | The data point provides the type of policy. |
KeyLabel | basic | KeyContextObj | keyLabel | The data point provides the key or certificate label. |
KeyLocation | basic | KeyContextObj | keyLocation | The data point provides the physical location of the key database. |
CertLifetime | basic | KeyContextObj | certLifetime | The data point provides the date when a certificate expires. |
MgmtType | complete | MgmtContextObj | mgmtType | The data point provides the type of management operation. |
MgmtCommand | complete | MgmtContextObj | mgmtCommand | The data point provides the application-specific command that was performed. |
Url | complete | ResponseContextObj | url | The data point provides the URL of the HTTP request. |
CallerList | basic | PropagationContextObj | callerList | The data point provides a list of names that represent the identities of the users. |
HttpRequestHeaders | complete | ResponseContextObj | httpRequestHeaders | The data point provides the HTTP request headers that are provided by the client. |
HttpResponseHeaders | complete | ResponseContextObj | httpResponseHeaders | The data point provides the HTTP response headers that are returned by the server |
TargetInfoName | complete | ResponseContextObj | httpResponseHeaders | The object the operation is targeted against |
TargetInfoUniqueId | complete | ResponseContextObj | httpResponseHeaders | The unique identifier of the target |
OutcomeReasonCode | complete | ResponseContextObj | httpResponseHeaders | A code mapping to an outcome decision
|
Return value
The command returns the HTML report based on the values specified for each parameter to the location specified by the outputLocation parameter.
Batch mode example usage
AdminTask.binaryAuditLogReader('[-fileName myFileName -reportMode basic -keyStorePassword password123 -outputLocation /binaryLogs]')
AdminTask.binaryAuditLogReader(['-fileName', 'myFileName', '-reportMode', 'basic', '-keyStorePassword', 'password123', '-outputLocation', '/binaryLogs'])
Interactive mode example usage
AdminTask.binaryAuditLogReader('-interactive')
The showAuditLogEncryptionInfo command displays information about the keystore that the auditing system uses to encrypt audit records. Use this information as a hint of the keystore password in order to decrypt encrypted audit logs in the binary audit log.
Target object
None.
Required parameters
Return value
The command returns the certificate alias and the fully qualified path to the keystore of interest.
Batch mode example usage
AdminTask.showAuditLogEncryptionInfo('-fileName myFileName')
AdminTask.showAuditLogEncryptionInfo(['-fileName', 'myFileName'])
Interactive mode example usage
AdminTask.showAuditLogEncryptionInfo('-interactive')