Dynamic workload scheduling audit
Description
When you select the dynamic scheduling capability at installation time, the auditing feature is automatically installed. By default, the auditing feature is disabled.
- JobDefinitionAuditEvent
- Maintains a track of operations performed on job definitions.
- JobLogAuditEvent
- Maintains a track of operations performed on job logs.
- JobAuditEvent
- Maintains a track of operations performed on jobs.
- ResourceAuditEvent
- Maintains a track of operations performed on resources.
- RelationshipAuditEvent
- Maintains a track of operations performed on relationships between resources.
- RecoveryActionAuditEvent
- Maintains a track of operations performed on recovery actions.
- HistoryDataAuditEvent
- Maintains a track of operations performed on historical data.
TWA_home\TDWB\config\audit.properties
Configuring the audit
audit.properties
file to
enable and configure auditing: - audit.enabled
- Specifies whether the auditing feature is enabled or disabled.
The default value is false. Supported values are as follows:
- false
- The auditing feature is not enabled.
- true
- The auditing feature is enabled.
- onSecurityEnabled
- The auditing feature is enabled if global security is enabled on WebSphere Application Server Liberty Base.
- audit.consumer.file.auditFilePrefix
- Specifies the file prefix for the auditing log file. The file
name is defined using the file prefix plus the _auditN.log
suffix, where N is a progressive number. If you want the date
and time of the file creation specified in the file prefix, use the
default format: ‘tdwb_'yyyy-MM-dd. For instance, using the default
prefix ‘tdwb_'yyyy-MM-dd generates the tdwb_2010-12-20_auditN.log
family of files. Note that the text between single quotation marks
(') is not processed by the program and remains unchanged. This format
creates a different file for each day the auditing feature is enabled.
Also, changing the prefix to ‘tdwb_'yyyy-MM generates the tdwb_2010-12_auditN.log
family of files. This format creates a different file for each month
the auditing feature is enabled.
You can modify this format as required to create files on a weekly, monthly or yearly basis, depending on your auditing requirements. Depending on the date and time format you choose, the maximum size and number of log files vary. The maximum size and number of log files are defined using the audit.consumer.file.maxFileSize and audit.consumer.file.maxAuditFiles properties respectively. Use these three parameters to control the size of the audit logs stored. For example, using the default values for these parameters, then every day you will have a maximum of 10 MB x 100 files each day. Once the maximum is reached, the first file created is overwritten. If you want use less space to store audit logs, you can decided to change the maximum number of files or only have files on a monthly basis, by specifying the format for the
audit.consumer.file.auditFilePrefix
property as ‘tdwb_'yyyy-MM. - audit.consumer.file.auditFileLocation
- Specifies the path where the log files are created. The default
path is
/audit
. - audit.consumer.file.maxFileSize
- Specifies the maximum size in bytes of the log files. When a file reaches the maximum size, a new log file is created. The default value is 10000000 bytes (10 MB). This is also the highest supported value.
- audit.consumer.file.maxAuditFiles
- Specifies the maximum number of files with a specific prefix. When all files reach the maximum size and the maximum number of files is exceeded, the oldest file with a specific prefix is overwritten. The default value is 100 files. This is also the highest supported value.
Configuring dynamic audit events
audit.properties
file. Event | Action | Property | Default value |
---|---|---|---|
JobDefinitionAuditEvent | create | audit.tdwb.JobDefinitionAuditEvent.create.enabled | true |
delete | audit.tdwb.JobDefinitionAuditEvent.delete.enabled | true | |
get | audit.tdwb.JobDefinitionAuditEvent.get.enabled | true | |
query | audit.tdwb.JobDefinitionAuditEvent.query.enabled | false | |
update | audit.tdwb.JobDefinitionAuditEvent.update.enabled | true | |
JobLogAuditEvent | get | audit.tdwb.JobLogAuditEvent.get.enabled | true |
JobAuditEvent | cancel | audit.tdwb.JobAuditEvent.cancel.enabled | true |
get | audit.tdwb.JobAuditEvent.get.enabled | true | |
query | audit.tdwb.JobAuditEvent.query.enabled | false | |
submit | audit.tdwb.JobAuditEvent.submit.enabled | true | |
ResourceAuditEvent | create | audit.tdwb.ResourceAuditEvent.create.enabled | true |
delete | audit.tdwb.ResourceAuditEvent.delete.enabled | true | |
query | audit.tdwb.ResourceAuditEvent.query.enabled | false | |
resume | audit.tdwb.ResourceAuditEvent.resume.enabled | true | |
suspend | audit.tdwb.ResourceAuditEvent.suspend.enabled | true | |
update | audit.tdwb.ResourceAuditEvent.update.enabled | true | |
RelationshipAuditEvent | create | audit.tdwb.RelationshipAuditEvent.create.enabled | true |
delete | audit.tdwb.RelationshipAuditEvent.delete.enabled | true | |
query | audit.tdwb.RelationshipAuditEvent.query.enabled | false | |
RecoveryActionAuditEvent | invoke | audit.tdwb.RecoveryActionAuditEvent.invoke.enabled | true |
HistoryDataAuditEvent | move | audit.tdwb.HistoryDataAuditEvent.move.enabled | true |
By default, auditing is disabled for query actions, while all the other actions are enabled. If the auditing feature is disabled, all properties are ignored.