Enabling audit for authentication events

This topic explains how to enable audit for authentication events.

To enable audit for authentication events, proceed as follows:
  1. Go to <DWC_DATA_dir>/usr/servers/dwcServer/configDropins/overrides
    Note: On Windows systems, the path is: <DWC_home>\usr\servers\dwcServer\configDropins\overrides
  2. Create a file named auditing.xml and paste the following content:
    <?xml version="1.0" encoding="UTF-8"?>
    <server>
    <!-- Enable features -->
    <featureManager>
    <feature>audit-1.0</feature>
    </featureManager>
    
    <!-- Enabling Audit Filehandler-->>
    <auditFileHandler maxFiles="100" maxFileSize="10" compact="true">
    <events name="AuditEvent_1" eventName="SECURITY_AUTHN" outcome="SUCCESS"/>
    <events name="AuditEvent_2" eventName="SECURITY_AUTHN" outcome="REDIRECT"/>
    <events name="AuditEvent_3" eventName="SECURITY_AUTHN" outcome="DENIED"/>
    </auditFileHandler>
    </server>
    
  3. Stop and start WebSphere Application Server Liberty. For further information about the stop and start commands, see Application server - starting and stopping.
  4. Access the Dynamic Workload Console.
You successfully enabled the audit for authentication events. To see the authentication logs, open the audit.log file located at the following path:
On Windows operating systems

TWA_home>\stdlist\appserver\dwcServer\logs

On UNIX operating systems

<TWA_DATA_DIR>/stdlist/appserver/dwcServer/logs

For further information about audit logs, see Audit1.0.