4.1 Enabling Tracing and Auditing of Events

You can use either a Novell® Audit server or the J2EE server log files to record information about what is being processed by the J2EE Agent.

4.1.1 Tracing Events to Log Files

Tracing adds more information about events (such as logins, logouts, and policy enforcement) to the J2EE server log files.

To enable tracing:

  1. In the Administration Console, click Access Manager > J2EE Agents > Edit.

  2. Select the Enable Tracing option. The messages are sent to the following log files, depending upon the type of application server you are using:

    • JBoss Server: For a JBoss server, the log messages are logged to the $JBOSS_HOME/log/jboss.log file if you launched the JBoss server using the run.sh script found in the bin folder. Messages are also sent to the console, so you should check the console or the $JBOSS_HOME/server/default/log/server.log file.

    • WebSphere Server: For a WebSphere server, the log messages are logged to files in the $WAS_BaseDir/profiles/$ProfileName/logs directory. Check the SystemOut.log and SystemErr.log files.

    • WebLogic Server: For a WebLogic server, the log messages are sent to standard out.

  3. Click Apply Changes.

  4. To trace policy enforcement, you also need to enable and set the level of logging for the embedded service provider. See Turning on Logging for Policy Evaluation in the Novell Access Manager 3.0 SP4 Administration Guide.

4.1.2 Enabling the Auditing of Events

The Access Manager ships with a Novell Audit server that is installed when you install the first instance of the Administration Console. You can configure the J2EE Agent to send events to this audit server or to another Novell Audit server on your network. (To configure access to the Novell Audit server, see Enabling Auditing in the Novell Access Manager 3.0 SP4 Administration Guide.)

  1. In the Administration Console, click Access Manager > J2EE Agents > Edit.

  2. In the Audit Configuration section, select from the following events:

    Event

    Description

    Startup, shutdown, and reconfigure

    Generated when the agent is started or stopped and when the configuration of the agent is modified.

    Successful authentications

    Generated when someone successfully authenticates to the agent.

    Allowed EJB access

    Generated when someone is granted access to Enterprise JavaBeans.

    Allowed web resource access

    Generated when someone is granted access to a Web resource.

    Allowed clear text access

    Generated when a user is granted clear text access to a Web resource.

    Denied clear text access

    Generated when someone is denied clear text access to a Web resource.

    Unsuccessful authentications

    Generated when someone is unsuccessful in attempting to authenticate.

    Denied EJB access

    Generated when someone is denied access to Enterprise JavaBeans.

    Denied web resource access

    Generated when someone is denied access to a Web resource.

  3. Click OK, then click Update > OK.