The Liberty Audit feature is used to report and track auditable events to ensure the integrity of your system.
The Liberty Audit feature introduces an infrastructure which serves two purposes:
- Confirming the effectiveness and integrity of the existing configuration
- Identifying areas where improvement to the configuration may be needed
The Liberty Audit feature has the ability to capture the following auditable events:
- Basic authentication
- Start and stop of the Audit service
- Form login authentication
- Client certificate authentication
- Servlet runAs delegation
- Failover to basic authentication
- Unprotected servlet authorization
- Servlet 3.0 APIs: login/logout/authenticate
- JACC web authorization
- Form logout
- JACC EJB authorization
- EJB delegation
- SCIM operations/member management
- Dynamic audit feature handling
- EJB authorization
- JMX MBean operations
- JMX Notifications
- JMX MBean registration
- JMX MBean attribute operations
- JMS Authentication
- JMS Authorization
- OAuth application password and token management
- SAF authorization
The Liberty Audit feature supports the Cloud Auditing Data Federation (CADF) event model. The CADF model describes a data model and associated schema definitions for an audit event.
The feature provides a default implementation, the AuditFileHandler, which emits human-readable audit records to a file-based log. Each audit record is emitted in JSON format.