Balamurali Kothandaraman's Blog
Balamurali Kothandaraman's Homepage
Balamurali Kothandaraman is a Senior Delivery
Technologist for Education Services at BEA Systems Inc. He has over 8
years of experience in Java and J2EE technologies and is a BEA Certified
Server Specialist, Administrator, and Instructor. Bala has been working with BEA for 4+ years. He is a frequent speaker at various conferences including
Java One, BEAWorld and BEA User Groups.
Audit WebLogic Server configuration changes
Posted by bala on April 1, 2008 at 2:28 PM | Permalink
| Comments (0)
In a typical WebLogic shop with more than one administrator managing the WebLogic domain(s) there is possibility that these admins can make changes without one others knowledge (at different times). To have an audit of all the configuration changes the "Configuration Audit Type" of the domain should be set. You can create the audit log entries in the administration server's server log by setting it to "Change Log" or "Change Audit" will forward it to the security audit log or "Change Log and Audit" will send it to both these logs.
See this section of edocs for more info on how to change this value.
I believe this is one of the hidden secrets in WLS. You can also audit any changes that were made and not activated but released in the audit log entries. Another main use of this feature could be to watch the security changes like who is adding new users, groups etc. The actual security audit provider only audit events like AUTHENTICATION, USERLOCKOUT etc.
Here are some sample configuration audit entries when I create a user called 'test' and added the user to the 'Administrator' group (other entries from the log file are removed for clarity):
####<Apr 1, 2008 5:12:07 PM EDT> <Info> <Configuration Audit> <BALA02> <AdminServer>
<[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'>
<weblogic> <> <> <1207084327610> <BEA-159907>
<USER weblogic INVOKED ON Security:Name=myrealmDefaultAuthenticator METHOD listMemberGroups PARAMS test>
####<Apr 1, 2008 5:12:07 PM EDT> <Info> <Configuration Audit> <BALA02> <AdminServer>
<[ACTIVE] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'>
<weblogic> <> <> <1207084327626> <BEA-159907>
<USER weblogic INVOKED ON Security:Name=myrealmDefaultAuthenticator METHOD addMemberToGroup PARAMS Administrators; test>
####<Apr 1, 2008 4:59:48 PM EDT> <Info> <Configuration Audit> <BALA02> <AdminServer>
<[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'>
<weblogic> <> <> <1207083588603><BEA-159907>
<USER weblogic INVOKED ON Security:Name=myealmDefaultAuthenticator METHOD createUser PARAMS test; ****; >
As WebLogic doesn't have the concept of super admin, all the administrators are treated the same. So when you have more than one administrative user managing a domain, the configuration audit feature will help you find out which admin did what.
 |
April 2008
| Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
| |
|
1 |
2 |
3 |
4 |
5 |
| 6 |
7 |
8 |
9 |
10 |
11 |
12 |
| 13 |
14 |
15 |
16 |
17 |
18 |
19 |
| 20 |
21 |
22 |
23 |
24 |
25 |
26 |
| 27 |
28 |
29 |
30 |
|
|
|
Search this blog:
Archives
April 2008
Categories
Product: WebLogic Server
Role: Platform Admin
Technology: Security
Recent Entries
Audit WebLogic Server configuration changes
Articles
Extending the J2EE Deployment API For Disruption-free Service
The J2EE Deployment API is particularly important to IT management. This article by Balamurali Kothandaraman and Takyiu Liu shows how the standard API can be enhanced, and how these enhancements are materialized in WebLogic Server 9.1. Mar. 13, 2006 WebLogic Server Administration Best Practices
This article presents a number of WebLogic Server Administration Best Practices. Jul. 15, 2004
All articles by Balamurali Kothandaraman »
|
