As a system administrator, you could be required to audit the use of the TIBCO Object Service Broker system. Access to TIBCO Object Service Broker and its objects by a user is logged for auditing purposes in an audit log. Data in this audit log
cannot be modified.
Using the Audit Log facility, you can query and report on your users’ accesses to TIBCO Object Service Broker objects based on data stored in the audit log. Using purge tools, you can also archive the data stored in the log to files outside of TIBCO Object Service Broker.
The SECAUDITLOG Execution Environment parameter determines the level of logging that is to take place. Security audit logging can be set to DISABLED, where nothing is recorded except for an initial entry indicating that SECAUDITLOG=DISABLED, or to NORMAL or STRICT, in which case more detailed security logging occurs. The default is NORMAL.
All level‑7 users have read access to the audit log. All other levels of users must first be enabled to use the object set @AUDITLOG if they require access to the audit log data. Modifications to the audit log data are not allowed by any level of user. Refer to
Chapter 7, Managing Object Set Security for information about enabling access to an object set.
The data that is stored in the audit log should be purged on a regular basis. An archiving facility exists to assist you in this task, refer to
Chapter 9, Archiving the Audit Log Data for information. The archiving mechanism and access to the external files that it uses are governed by external security.
If the SECAUDITLOG Execution Environment parameter is set to NORMAL or STRICT, the following must be taken into consideration in your application development environment:
TIBCO Object Service Broker Parameters for information about the SECAUDITLOG Execution Environment parameter.
TIBCO Object Service Broker for z/OS Utilities or
TIBCO Object Service Broker for Open Systems Utilities about using the S6BBRIAL/hrnbrial (Move ACCESSLOG) utility to set up a segment for the audit log data.