From IBM WebSphere Traditional V9.x Security Technical Implementation Guide
Part of SRG-APP-000108-AS-000067
Associated with: CCI-000139
Logs are essential to monitor the health of the system, investigate changes that occurred to the system, or investigate a security incident. When log processing fails, the events during the failure can be lost. To minimize the timeframe of the log failure, an alert needs to be sent to the SA and ISSO at a minimum.
If the SA and ISSO are notified of log processing failures via an alternative notification process, this is not a finding. In the administrative console, navigate to Security >> Security auditing >> Audit monitor. If "Enabled monitoring" is not checked and "Monitor notification" is not set to a notification in the notifications list, that includes the SA and ISSO, this is a finding.
Establish and utilize a notification process for WebSphere log events or configure WebSphere to send log event alerts via email. In the administrative console, navigate to Security >> Security auditing >> Audit monitor. Click on "New" button. Specify a unique name for the new notification name. Click "Message log" checkbox. Select "Email sent to notification list". Enter SA and ISSO emails in the "Email address to add" field. Enter the mail server address in the "Outgoing mail (STMP) server" field. Click ">" to put email in "List of email addresses" field. Click "OK". Select the "Enable monitoring" check box to turn on audit failure notifications. Select the notification configuration to be used from the "Monitor notification" dropdown menu. Click "OK". Click "Save".
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer