14-12 Oracle Fusion Middleware Security and Administrators Guide for Web Services -Dhttp.proxyPort=80 -Dhttp.nonProxyHosts=localhost|{HOST}|.us.oracle.com Auditing Web Services Auditing describes the process of collecting and storing information about security events and the outcome of those events. An audit provides an electronic trail of selected system activity. An audit policy defines the type and scope of events to be captured at run time. Although a very large array of system and user events can occur during an operation, the events that are actually audited depend on the audit policies in effect at run time. You can define component- or application-specific policies, or audit individual users. You configure auditing for system components, including Web services, and applications at the domain level using the Audit Policy page. You can audit SOA, ADF, and WebCenter services. Figure 14–10 Audit Policy Page The audit policies table, at the center of the page, displays the audits that are currently in effect. The table includes the following information: ■ Name—Name of the system components and applications that you can audit. ■ Enable Audit—Identifies the components and applications for which auditing is currently in effect. ■ Filter—Specifies any filters that are currently in effect. The following table summarizes the events that you can audit for Web services and the relevant component. Advanced Administration 14-13 You can also audit the events for a specific user, for example, you can audit all events by an administrator. For more information about configuring audit policies, see Configuring and Managing Auditing in Oracle Fusion Middleware Application Security Guide. The following sections describe how to define audit policies and view audit data: ■ Configuring Audit Policies ■ Managing Audit Data Collection and Storage ■ Viewing Audit Reports Configuring Audit Policies Follow the steps in this section to configure audit policies.

1. In the Navigator pane, expand WebLogic Domain.

2. Click the domain for which you want to manage assertion templates.

3. From the WebLogic Domain menu select Security Audit Policy.

The Audit Policy Settings page is displayed. 4. Select and audit level from the Audit Level menu. Valid audit levels include: ■ None—Disables auditing. ■ Low—Audits a small scope of events. The subset of events is predefined individually for each component. For example, for a given component, Low may collect authentication and authorization events only. ■ Medium—Audits a medium scope of events which is a superset of the events collected at the Low level. For example, for a given component, Medium may collect authentication, authorization, and policy authoring events. ■ Custom—Enables you to provide a custom auditing policy. You can view the components and applications that are selected for audit at each level in the audit policies list. For all audit levels other than Custom, the Table 14–2 Auditing Events for Web Services Enable auditing for the following Web service events . . . Using this system component . . . ■ User authentication. ■ User authorization. ■ Policy enforcement, including message integrity, message confidentiality, and security policy. Oracle Web Services Manager—Agent ■ Web service requests sent and responses received. ■ SOAP faults incurred. Oracle Web Services ■ Oracle WSM policy creation, deletion, or modification. ■ Assertion template creation, deletion, or modification. Oracle Web Services Manager ■ Oracle WSM policy attachment. Oracle Web Services Manager— Policy Attachment