About Security Events
A security event occurs when an administrative or operational security action takes place on Integration Server and that security action is configured for auditing.
Administrative actions refer to configuration changes related to Integration Server security activities. Operational actions refer to successful and unsuccessful login attempts and access to Integration Server services, documents, and portlets.
Administrative security events include:
Creating, modifying, and deleting packages, folders, and services.
Creating, deleting, or modifying authentication related information. This includes creating new users, deleting users, changing their security attributes (for example, passwords), setting or modifying the mapping between certificates and users, and so on.
Creating, deleting, or modifying authorization related information. This includes creating, modifying, and deleting ACLs.
Creating, deleting, or modifying port settings. This includes defining allowed or denied actions on the port, port modes (allowed or denied by default in
Integration Server), and certificate handling.
Configuring SSL settings in
Integration Server.
Modifying or resetting Outbound Passwords.
Operational security events include:
Successful logins to the
Integration Server.
Unsuccessful login attempts to the
Integration Server. The login attempt failure could be because of incorrect password, disabled account, SSL failure, or expired certificate.
Successful and unsuccessful accesses to services, files, and packages.
Modifying existing passwords.
Modifying messaging settings.
For information on configuring the Security logger, see webMethods Audit Logging Guide.
A service that functions as an event handler for a Security event should use the pub.event:security specification as its service signature. For more information about the pub.event:security service, see the webMethods Integration Server Built-In Services Reference.