Enabling audit for authentication events
This topic explains how to enable audit for authentication events.
To enable audit for authentication events, proceed as follows:
- Go to
<DWC_DATA_dir>/usr/servers/dwcServer/configDropins/overridesNote: On Windows systems, the path is: <DWC_home>\usr\servers\dwcServer\configDropins\overrides
- Create a file named auditing.xml and paste the following
content:
<?xml version="1.0" encoding="UTF-8"?> <server> <!-- Enable features --> <featureManager> <feature>audit-1.0</feature> </featureManager> <!-- Enabling Audit Filehandler-->> <auditFileHandler maxFiles="100" maxFileSize="10" compact="true"> <events name="AuditEvent_1" eventName="SECURITY_AUTHN" outcome="SUCCESS"/> <events name="AuditEvent_2" eventName="SECURITY_AUTHN" outcome="REDIRECT"/> <events name="AuditEvent_3" eventName="SECURITY_AUTHN" outcome="DENIED"/> </auditFileHandler> </server> - Stop and start WebSphere Application Server Liberty Base. For further information about the stop and start commands, see Application server - starting and stopping.
- Access the Dynamic Workload Console.
You successfully enabled the audit for authentication events. To see the authentication
logs, open the audit.log file located at the following path:
- On Windows operating systems
-
TWA_home>\stdlist\appserver\dwcServer\logs
- On UNIX operating systems
-
<TWA_DATA_DIR>/stdlist/appserver/dwcServer/logs
For further information about audit logs, see https://openliberty.io/docs/22.0.0.1/reference/feature/audit-1.0.html.