Janos,
You can enable the 'audit.mgmt' auditing component (https://www.ibm.com/docs/en/sva/10.0.7?topic=logging-native-auditing) for the policy server to enable auditing of policy updates. To do this you need to edit the ivmgrd.conf file and add a line similar to the following to the '[aznapi-configuration]' stanza:
logcfg = audit.mgmt:file path=audit.log,flush_interval=20,log_id=PDMgrAudit
After restarting the RTE you will then see audit events like the following generated for policy updates:
</event>
<event rev="1.2">
<date>2024-04-18-07:01:36.413+10:00I-----</date>
<outcome status="0">0</outcome>
<originator blade="pdmgrd"><component rev="1.1">mgmt</component>
<event_id>13120</event_id>
<action>13120</action>
<location>isva.config</location>
</originator>
<accessor name="">
<principal auth="IV_LDAP_V3.0" domain="Default">sec_master</principal>
<name_in_rgy>cn=SecurityMaster,secAuthority=Default</name_in_rgy><user_location>
<mgmtinfo><command>ACL ATTACH</command><objname>/WebSEAL/isva.config-default/una
<parm><name>objid</name><value>/WebSEAL/isva.config-default/unauth.html</value><
<parm><name>aclname</name><value>test_1</value></parm>
</mgmtinfo>
<data>
</data>
</event>
I hope that this helps.
Scott A. Exton
Senior Software Engineer
Chief Programmer - IBM Security Verify Access
IBM Master Inventor
image002.png@01D85F83.85516C50"> |
Original Message:
Sent: 4/17/2024 3:40:00 AM
From: Janos Laszlo Horvath
Subject: Auditing object space modification
Dear All,
Is there any option in order to auditing object space modifications (example if an ACL modified or POP attached / de-attached)?
Regards,
------------------------------
Janos Laszlo Horvath
------------------------------