Is there an audit log that tracks changes to the ISAM environment?

Changes could include webseal changes, federation changes, AAC changes, etc etc.  So if something breaks, we can point back to a particular user and find out what they did.

We know that there is an event log, but I don't think that is specific enough.

------------------------------
Troy Burkle
------------------------------

Hi Troy,

I don't believe there is any audit with the granularity you are looking for.  For example, I think you'd want to know which lines of a config file were changed (and by who) which I'm pretty sure is not recorded.

If this level of change control and tracking is needed, I believe the correct approach would be to adopt devOps with automated configuration (e.g. Ansible) with all of your automation code and assets stored in a change-managed source code repository (e.g. GitHub).  Access to the LMI would be limited to emergency and exception cases only.

There are many advantages of this approach to configruation beyond the change management benefits.  Consistency of systems, fast recovery, and more effective testing and configuration promotion are a few I can think of.  There are others in this group who can comment on the real benefits they have achieved - if you need convincing.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Wed June 24, 2020 02:45 PM
From: Troy Burkle
Subject: Audit Logs for ISAM Changes

Is there an audit log that tracks changes to the ISAM environment?

Changes could include webseal changes, federation changes, AAC changes, etc etc.  So if something breaks, we can point back to a particular user and find out what they did.

We know that there is an event log, but I don't think that is specific enough.

------------------------------
Troy Burkle
------------------------------

Thanks Jon.

I don't think we are looking for granularity in the configurations.  Something more in line with "John Doe deployed Federation Changes on 07/01/2020 @ 12:00am".  That way we can ask John Doe what changes he made or at least know that there was a change to a federation if something is no longer working.

We have adopted Ansible into our framework.  However, I don't believe it will work well for our lower environments.  There are a number of developers making changes in the dev regions as they are implementing business rules.  Getting them to a point where they can make changes via ansible scripts will be another learning process and I am sure would create a different problem as it pertains to processes.

Troy​

------------------------------
Troy Burkle
------------------------------

Original Message:
Sent: Thu June 25, 2020 04:30 AM
From: Jon Harry
Subject: Audit Logs for ISAM Changes

Hi Troy,

I don't believe there is any audit with the granularity you are looking for.  For example, I think you'd want to know which lines of a config file were changed (and by who) which I'm pretty sure is not recorded.

If this level of change control and tracking is needed, I believe the correct approach would be to adopt devOps with automated configuration (e.g. Ansible) with all of your automation code and assets stored in a change-managed source code repository (e.g. GitHub).  Access to the LMI would be limited to emergency and exception cases only.

There are many advantages of this approach to configruation beyond the change management benefits.  Consistency of systems, fast recovery, and more effective testing and configuration promotion are a few I can think of.  There are others in this group who can comment on the real benefits they have achieved - if you need convincing.

Cheers... Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM

Original Message:
Sent: Wed June 24, 2020 02:45 PM
From: Troy Burkle
Subject: Audit Logs for ISAM Changes

Is there an audit log that tracks changes to the ISAM environment?

Changes could include webseal changes, federation changes, AAC changes, etc etc.  So if something breaks, we can point back to a particular user and find out what they did.

We know that there is an event log, but I don't think that is specific enough.

------------------------------
Troy Burkle
------------------------------