Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

IBM Tivoli Access Manager for E-business

 

The IBMT ivoli Access Manager for e-business DSM for JSA accepts access, audit, and HTTP events forwarded from IBM Tivoli Access Manager.

JSA collects audit, access, and HTTP events from IBM Tivoli Access Manager for e-business using syslog. Before you can configure JSA, you must configure Tivoli Access Manager for e-business to forward events to a syslog destination.

Tivoli Access Manager for e-business supports WebSEAL, a server that applies fine-grained security policy to the Tivoli Access Manager protected Web object space.

Configure Tivoli Access Manager for E-business

You can configure syslog on your Tivoli Access Manager for e-business to forward events.

  1. Log in to Tivoli Access Manager's IBM Security Web Gateway.
  2. From the navigation menu, select Secure Reverse Proxy Settings >Manage >Reverse Proxy.

    The Reverse Proxy pane is displayed.

  3. From the Instance column, select an instance.
  4. Click the Manage list and select Configuration >Advanced.

    The text of the WebSEAL configuration file is displayed.

  5. Locate the Authorization API Logging configuration.

    The remote syslog configuration begins with logcfg.

    For example, to send authorization events to a remote syslog server:

    # logcfg = audit.azn:rsyslog server=<IP address>,port=514,log_id=<log name>

  6. Copy the remote syslog configuration (logcfg) to a new line without the comment (#) marker.
  7. Edit the remote syslog configuration.

    For example,

    logcfg = audit.azn:rsyslog server=<IP address>,port=514,log_id=<log name> logcfg = audit.authn:rsyslog server=<IP address>,port=514,log_id=<log name> logcfg = http:rsyslog server=<IP address>,port=514,log_id=<log name>

    Where:

    • <IP address> is the IP address of your JSA console or Event Collector.

    • <Log name> is the name assigned to the log that is forwarded to JSA. For example, log_id=WebSEAL-log.

  8. Click Submit.

    The Deploy button is displayed in the navigation menu.

  9. From the navigation menu, click Deploy.
  10. Click Deploy.

    You must restart the reverse proxy instance to continue.

  11. From the Instance column, select your instance configuration.
  12. Click the Manage list and select Control >Restart.

    A status message is displayed after the restart completes. For more information on configuring a syslog destination, see your IBM Tivoli Access Manager for e-business vendor documentation. You are now ready to configure a log source in JSA.

Syslog Log Source Parameters for IBM Tivoli Access Manager for e-business

If JSA does not automatically detect the log source, add an IBM Tivoli Access Manager for e-business log source on the JSA Console by using the Syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect Syslog events from IBM Tivoli Access Manager for e-business:

Table 1: Syslog Log Source Parameters for the IBM Tivoli Access Manager for e-business DSM

Parameter

Value

Log Source name

Type a name of your log source.

Log Source description

Type a description for your log source.

Log Source type

IBM Tivoli Access Manager for e-business

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for your IBM Tivoli Access Manager for e-business appliance.

The IP address or host name identifies your IBM Tivoli Access Manager for e-business as a unique event source in JSA.