To enable auditing, use one of these tools:
securetool—see “Enabling auditing using securetool,” below.
Enterprise Security Manager—see “Configuring general properties for a security domain”.
SMAPI to set the properties defined in Table 15-12. To view the SMAPI documentation, open a Web browser, and access SECURITY/html/docs/index.html; then, select the com.sybase.ep.security.management package.
Enabling auditing using securetool
For detailed information about securetool, see Chapter 4, “Using securetool.”
To enable auditing, change to the SECURITY/bin directory, and run:
securetool domainrules --appserver_url <protocol>://<host>:<port> --username pso --password pso_password --operation set --rule_name auditEnable --rule_value true [--domain <domain_name>]
Where:
protocol is specific to your application server; use “iiop” for EAServer; use “T3” for WebLogic.
host is the name of the machine hosting the Enterprise Security middleware.
port is the IIOP or T3 port number.
pso_password is the password for the PSO.
To enable auditing for a domain other than the default,
provide the
--domain argument, and specify the name of the
domain.
Events are audited when a security policy decision is made, even if the decision is made within an application-level transaction that is rolled back. If you prefer to roll back audit records when a security transaction rolls back:
Log the audit records in the ACDB.
Set the transaction attribute for the SecureAuditWriterBean methods to “Required.”
To prevent a failure in the auditing module itself from causing
a transaction to roll back, set the auditSuspendOnFailure property
to true—see “Configuring general properties for a security domain”. For information about transactions,
see Chapter 2, “Understanding Transactions and Component
Lifecycles,” in the EAServer Programmer’s
Guide.
