WebSphere Application Server & Liberty

 View Only
Expand all | Collapse all

how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

  • 1.  how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Thu December 29, 2016 12:25 PM

    Hello Experts ,

    is there an way to record all websphere configuration changes ? such as who made the change ? what changes , such as who increases JVM heap size ?

    I have enabled http access logs of dmgr , I can see the person login from IPs ( his laptop/desktop pc ) , but I can't find what changes made by him ,

     

    what level logs , or what logs can record all changes , such as who made the changes ? the changes details ?

     

    Thanks 

     



  • 2.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Fri December 30, 2016 10:26 AM

    Thanks you raised this question. Even I would like to know how we can track these changes to configurations at a user level.

    In Reply to George Xu:

    Hello Experts ,

    is there an way to record all websphere configuration changes ? such as who made the change ? what changes , such as who increases JVM heap size ?

    I have enabled http access logs of dmgr , I can see the person login from IPs ( his laptop/desktop pc ) , but I can't find what changes made by him ,

     

    what level logs , or what logs can record all changes , such as who made the changes ? the changes details ?

     

    Thanks 

     



  • 3.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    IBM Champion
    Posted Sat December 31, 2016 11:04 AM

    Hi George and Rakesh,

      Even is for security if I don't remember bad you can audit Resource Access through MBeans

      You need to enable Audit logs
      Take a look to the next links
      Auditing the security infrastructure
      http://www.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/tsec_sa_secauditing.html?cp=SSAW57_8.5.5%2F1-12-2-8&lang=en
      here an example
      WebSphere Application Server security auditing (page 13)
      ftp://ftp.software.ibm.com/software/iea/content/com.ibm.iea.was_v7/was/7.0/Security/WASv7_AuditLab.pdf

      Hope this helps. Tell us if you need more support.

    Regards

     

     



  • 4.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Mon January 09, 2017 09:16 AM

    Hi, please double-check the the WebSphere ApplicationServer ConfigCrawler. It is a small jython script (running in a wsadmin interpreter) and is able to output a lot of information about your IBM WebSphere ApplicationServer environment. All configurable with a small config file where you can choose the scope and the items to crawl. Output can be set to XML (for easy computer based postprocessing) or as simple Text fo easy administration overview.

    Refer to: https://sourceforge.net/projects/was-configcrawler/

    Regards

    Volker



  • 5.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Wed January 11, 2017 09:20 AM

    Hi all,

    One thing to keep in mind (disclaimer: yes, it is a IT security understatement), you must not have multiple people using the same administrative ID in order to pinpoint who did what.

    Moving over that, another suggestion is to use some configuration automation tool, like puppet, chef or ansible and manage your configurations with these tools, rather than manually into the WAS console. Since these config mgmt tools all rely on SCM systems such as git, you can easily audit who did what, when, and easily reverse some misconfigured parameter.

     

    Cheers,

    Alexei



  • 6.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Tue January 16, 2018 09:16 AM

    I agree. Seems this is best way.



  • 7.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Wed January 11, 2017 11:03 AM

    This tool looks great, do you know what would need to be changed to get it running in Windows? (also, it doesn't appear to like my SOAP hostname 'localhost' - it's only a dev VM which is why it's named this way)



  • 8.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Wed January 11, 2017 04:46 PM

    Hi George -If you still need help with this, there is a commercial solution - Orcaconfig - that I believe maps to your use case. Orca snapshots all WebSphere configurations. From the central console you can make automated configuration changes to JVM settings such as increased heap size, changed ports, etc. It wraps all the necessary governance around configuration change – telling you who made the change, to which cell, at what time, and what change was made. It also supports approval processes and subscriber alerts when changes are made or drift is detected. (Yep I work there). There is a short video explainer on this page. https://www.orcaconfig.com/websphere-application-server-configuration-management/ Hope it helps you. 

    ST



  • 9.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Wed February 22, 2017 08:27 AM

    Does Orcaconfig also support WAS on z/OS?



  • 10.  RE: how can I find who changed websphere JVM setting, such as increased HEAP size, changed ports and so on

    Posted Fri February 24, 2017 10:40 AM

    Hi Willie -  Native z/OS support is on the roadmap but we do have limited support on the z/OS Unix platform. Might be worthwhile to chat offline. My contact info is sturner AT orcaconfig DOT com. Hope I can help you. 

    Scott Turner