Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

IBM Tivoli Access Manager for E-business

 

The IBM®Tivoli® Access Manager for e-business DSM for JSA accepts access, audit, and HTTP events forwarded from IBM®Tivoli® Access Manager.

JSA collects audit, access, and HTTP events from IBM®Tivoli® Access Manager for e-business using syslog. Before you can configure JSA, you must configure Tivoli® Access Manager for e-business to forward events to a syslog destination.

Configure Tivoli Access Manager for E-business

You can configure syslog on your Tivoli® Access Manager for e-business to forward events.

  1. Log in to Tivoli® Access Manager's IBM® Security Web Gateway.
  2. From the navigation menu, select Secure Reverse Proxy Settings >Manage >Reverse Proxy.

    The Reverse Proxy pane is displayed.

  3. From the Instance column, select an instance.
  4. Click the Manage list and select Configuration >Advanced.

    The text of the WebSEAL configuration file is displayed.

  5. Locate the Authorization API Logging configuration.

    The remote syslog configuration begins with logcfg.

    For example, to send authorization events to a remote syslog server:

    # logcfg = audit.azn:rsyslog server=<IP address>,port=514,log_id=<log name>

  6. Copy the remote syslog configuration (logcfg) to a new line without the comment (#) marker.
  7. Edit the remote syslog configuration.

    For example,

    logcfg = audit.azn:rsyslog server=<IP address>,port=514,log_id=<log name> logcfg = audit.authn:rsyslog server=<IP address>,port=514,log_id=<log name> logcfg = http:rsyslog server=<IP address>,port=514,log_id=<log name>

    Where:

    • <IP address> is the IP address of your JSA console or Event Collector.

    • <Log name> is the name assigned to the log that is forwarded to JSA. For example, log_id=WebSEAL-log.

  8. Click Submit.

    The Deploy button is displayed in the navigation menu.

  9. From the navigation menu, click Deploy.
  10. Click Deploy.

    You must restart the reverse proxy instance to continue.

  11. From the Instance column, select your instance configuration.
  12. Click the Manage list and select Control >Restart.

    A status message is displayed after the restart completes. For more information on configuring a syslog destination, see your IBM® Tivoli® Access Manager for e-business vendor documentation. You are now ready to configure a log source in JSA.

Configuring a Log Source

JSA Risk Manager automatically discovers syslog audit and access events, but does not automatically discover HTTP events that are forwarded from IBM®Tivoli® Access Manager for e-business.

Since JSA automatically discovers audit and access events, you are not required to create a log source. However, you can manually create a log source for JSA to receive IBM®Tivoli® Access Manager for e-business syslog events. The following configuration steps for creating a log source are optional.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. Click the Log Sources icon.
  4. Click Add.
  5. In the Log Source Name field, type a name for the log source.
  6. In the Log Source Description field, type a description for the log source.
  7. From the Log Source Type list, select IBM® Tivoli® Access Manager for e-business.
  8. From the Protocol Configuration list, select Syslog.
  9. Configure the following values:

    Table 1: IBM Tivloi Access Manager for E-business Syslog Configuration

    Parameter

    Description

    Log Source Identifier

    Type the IP address or host name for your IBM®Tivoli® Access Manager for e-business appliance.

    The IP address or host name identifies your IBM®Tivoli® Access Manager for e-business as a unique event source in JSA.

  10. Click Save.
  11. On the Admin tab, click Deploy Changes.