HCL Commerce Enterprise

Configuring business auditing

After you enable the HCL Commerce system for business auditing, the system is set to audit a base set of event types. It also audits the command, data beans, or web service that is associated with each event type. You can customize which commands, data beans, or web services you want audited by configuring the BusinessAuditDataCapture.xml file. This file determines what commands must be audited and what parameters must be captured during an audit. You can enable commands that are disabled, add new commands, or remove existing ones.

Procedure

  1. Open the BusinessAuditDataCapture.xml file in a text editor. The file is in the workspace_dir/WC/xml/config directory.
    The XML file lists: the event types that can be associated with the audit, the parameters to exclude from audit details, and the parameters that can be searched. For each event type, the file indicates the associated command, data bean, or web service.
  2. Edit the file to customize the audit.
    1. Specify whether you want to audit a listed event type.
      Under the <EventType> section, ensure that the audit flag for the event type is set to enabled=true if you want to audit the event type. Set the audit flag to enabled=false if you do not want to audit it.
    2. To add an event type to audit, go to the <EventType> section and add the event type that you want to audit.
      You can copy and paste one of the existing lines under <EventType> and use it as a basis for your custom event type. Ensure that you have a value for the command and audit. Optionally, you can specify the following values:
      • Whether this configuration is the default configuration, if the command is not associated with an event. The default is false.
      • The factory class to use to generate the business audit event. These following factory classes can be used:
        com.ibm.commerce.event.businessaudit.BusinessAuditCommandExecutionEventFactory
        Use this factory class when you want to audit when the operation is run by any user. This factory class is the default.
        com.ibm.commerce.event.businessaudit.eventfactory.BusinessAuditCommandExecutionForUserEventFactory
        Use this factory class when you want to audit when the operation is run by a customer service representative on behalf of a user (forUser scenario).
        com.ibm.commerce.event.businessaudit.eventfactory.BusinessAuditCommandExecutionAdminEventFactory
        Use this factory class when you want to audit when the operation is run by an administrator.
    3. Edit commands that you want audited.
      • To remove a command from the list, under the <AuditCommands> section, delete the line that contains this command.
      • To specify that you want to audit a listed command, go to the <AuditCommands> section, and ensure that the audit flag for the command is set to enabled=true. Set the flag to enabled=false if you do not want to audit the command.
      • To add a command to be audited, go to the <AuditCommands> section and add a command to be audited.
        To audit name-value pair commands, you can copy and paste one of the existing lines under <AuditCommands> and use it as a basis for your custom command. Ensure that you have a value for the command and audit. Optionally, you can specify an event type. The following is an example of how to specify a new command:
        <AuditCommand eventType="CAT" command="com.ibm.commerce.catalog.commands.CategoryDisplayCmd" audit="true"/>
    4. Edit the data beans that you want to audit. The data bean must be activated using the DataBeanManager to be audited.
      The following example enables auditing for a data bean:
      <AuditCommand eventType="ORD" command="com.ibm.commerce.order.beans.OrderDataBean" audit="true"/>
    5. Edit the web services that you want audited.
      Auditing of web services is based on the combination of verb and noun in the request, such as: ProcessCatalogEntry or ChangeCatalogEntry.
      The following example adds an event CTS for BOD commands that uses BusinessAuditDataCapture.xml. Use the following code snippet:
      <EventType name="CTS" enabled="true" eventFactory="com.ibm.commerce.event.businessaudit.BusinessAuditCommandExecutionEventFactory">
                     <SearchFields>
                        <Attribute attributeName="uniqueId" searchField="0" />
                     </SearchFields>
            </EventType>
      The following example enables auditing for the Change, Process, and GetCatalogEntry services.
      <AuditCommand eventType="CTS" command="ChangeCatalogEntry" audit="true"/>
      <AuditCommand eventType="CTS" command="ProcessCatalogEntry" audit="true"/>
      <AuditCommand eventType="CTS" command="GetCatalogEntry" audit="true"/>
  3. Save the XML file.