Monitoring and Auditing Web Services

6 Monitoring and Auditing Web Services

From the Web Services application summary page in the Fusion Middleware Control, you can monitor web service faults and security failures, and configure web service ports.

Note:

Only a subset of the monitoring features described in this chapter apply to Java EE web services.

From the Web Services application summary page in Fusion Middleware Control, you can do the following:

Monitor web services faults, including Security, Reliable Messaging, MTOM, Management, and Service faults.
Monitor Security failures, including authentication, authorization, message integrity, and message confidentiality failures.
Configure your web services ports, including enabling and disabling the port, attaching policies to web services, and enabling or disabling policies.

The Application home page also displays select web service details if the application includes web services.

For more information, refer to the following sections:

6.1 Overview of Monitoring Web Services

This section contains the following sections:

In addition to the monitoring features described in this chapter, see "Analyzing Policy Usage" in Securing Web Services and Managing Policies with Oracle Web Services Manager to analyze how policies are used by one or more web services.

6.1.1 When Are Web Service Statistics Started or Reset?

The statistics described in this chapter are started or reset when any one of the following events occur:

When the application is being deployed for the first time.
When the application is redeployed.
If the application is already deployed, and the hosting server is restarted.

6.1.2 Viewing Web Service Statistics for a Server Instance

The server-side web services page displays statistics for all of the web services on that server.

To view the web service statistics for a server:

In the navigation pane, expand WebLogic Domain to show the domain for which you want to see the policies and select the domain.
Expand the domain to show the servers in that domain. Select the server for which you want to view the statistics.
In the content pane, select WebLogic Server, and then Web Services.
The Web Services Server Summary page, which displays the statistics for the web services deployed on the server, is displayed.

Depending on the types of web services you have deployed, tabs are available for the following web service types: Java EE, Oracle Infrastructure Web Services, and RESTful Services.

For Java EE web services, the following statistics are displayed in tabular format for each web service running on the server:

Web Service Name—Name of the web service.
Application name—Name of the application that contains the web service.
Endpoint name—Name of the web service endpoint. Click the endpoint name to view the Web Service Endpoint page.
Invocation count—Number of invocation requests to this endpoint.
Response count—Number of responses generated from
Response error count—Number of errors encountered during responses.
Average execution time—Average time, in milliseconds, to execute the web service.
Average response time—Average time, in milliseconds, to receive a response from the web service.

For Oracle Infrastructure web services, the following statistics are displayed in tabular format for each web service running on the server:

Web Service Name—Name of the web service.
Application name—Name of the application that contains the web service.
Endpoint name—Name of the web service endpoint. Click the endpoint name to view the Web Service Endpoint page.
Invocations completed—Total number of completed requests to this endpoint.
Average invocation time—Average time (in milliseconds) for the web service to send a response, in milliseconds.
Total faults—Total number of failed requests.

For RESTful services, the following statistics are displayed in tabular format for each web service running on the server:

Application name—Name of the application that contains the RESTful web service.
Module name—Name of the module for the RESTful service.
Name—RESTful application name. Click the name to view the RESTful Service Application page.
Invocation count—Number of times that the RESTful web service was invoked.
Error count—Number of errors that the RESTful web service incurred.
Average execution time—Average time (in milliseconds) for all RESTful web service executions.

6.1.3 Overview of Web Service Statistics for an Application

The following sections describe how to view web services statistics based on the type of application:

6.1.3.1 Viewing Web Service Statistics for a SOA Composite Application

In Fusion Middleware Control, the dashboard for a SOA composite application displays the basic monitoring information for all services and references in the composite application, as shown in Figure 6-1.

To navigate to the dashboard page for a SOA composite application:

In the navigation pane, expand the SOA folder.
Expand soa-infra to view the SOA partitions, then expand the SOA partition (for example, the default partition) and select the target SOA composite application.

The SOA composite home page displays.
Select the Dashboard tab if it is not already selected.

The Components section of this tab lists the SOA components being used in the composite application, and the Services and References section displays the web service and reference bindings.

For the SOA composite services and references, the following web service application-level statistics are displayed:

Name—Name of the service or reference.
Type—Type of service or reference
Usage—Service or reference.
Total Messages—Total number of messages.
Average Processing Time (sec)—Average processing time, in seconds.

Figure 6-1 Dashboard for SOA Composite Application

Description of "Figure 6-1 Dashboard for SOA Composite Application"

6.1.3.2 Viewing Web Service Statistics for a Non-SOA Oracle Infrastructure Web Service Application

In Fusion Middleware Control, the Web Services summary page for an application displays the collective Summary and fault/violation information for all web services in the application, as shown in Figure 6-2.

The Charts section shows a graphical view of all security faults for a web service.

To navigate to the Web Service Summary page for a non-SOA Oracle Infrastructure web service application:

In the navigation pane, expand the Application Deployments folder to expose the applications in the domain and select the application deployment.

The Domain Application Deployment home page is displayed in the content pane.
In the navigation pane, expand the application deployment and select the application name.

The Application Deployment home page is displayed in the content pane.
In the content pane, select Application Deployment, then Web Services.

The Web Services Summary page for an application is displayed.

The page displays web service endpoints as well as application-level metrics.

For Oracle Infrastructure web services, the following web service application-level statistics are displayed:

Web Services—Total number of web services in the application.
Web Service Endpoints—Total number of endpoints used by web services in this application.
Web Service Endpoints Disabled—Total number of endpoints assigned to web services which have been disabled.
Policy Faults—Number of web service requests that failed due to a policy fault. Specifies the total number since the application was last restarted.
Total Faults—Total number of failed requests, including security, reliable messaging, MTOM, management, and service faults. Specifies the total number since the application was last restarted.
Invocations Completed—Total number of client requests to the web service since the application was last restarted.

Figure 6-2 Web Services Performance Summary and Charts for an Application

Description of "Figure 6-2 Web Services Performance Summary and Charts for an Application"

6.1.3.3 Viewing the Web Service Statistics for a Java EE Application

In Fusion Middleware Control, the Web Services summary page for a Java EE application, including SOAP and RESTful services, displays the collective Summary and fault/violation information for all web services in the application, as shown in Figure 6-3.

To navigate to the Web Service Summary page for a Java EE web service application:

In the navigation pane, expand the Application Deployments folder to expose the applications in the domain and select the application deployment.

The Domain Application Deployment home page is displayed in the content pane.
In the navigation pane, expand the application deployment and select the application name.

The Application Deployment home page is displayed in the content pane.
In the content pane, select Application Deployment, then Web Services.

The Web Services Summary page for an application is displayed.

The page displays web service endpoints as well as application-level metrics.

For Java EE web services, including SOAP and RESTful web services, the following web service application-level statistics are displayed:

Server Name—Server on which the application is deployed.
Web Services—Number of web services in the application.
Web Service Endpoints—Total number of endpoints used by web services in this application.
Number of RESTful Applications—Total number of RESTful applications registered with this web service.
Number of RESTful Resources—The number of resources available to the RESTful application.
Java EE Web Service Clients—Number of run-time client instances in the application.
Java EE Web Service Client Ports—Number of web service client ports in the application to which you can attach OWSM policies.

Figure 6-3 Java EE Web Services Summary

Description of "Figure 6-3 Java EE Web Services Summary"

6.1.4 Viewing Web Service Statistics for an Individual Web Service

The Web Service Details section of the Web Services Summary page for an application displays statistics on a per-web service basis, as shown in Figure 6-4. For information about navigating to the Web Services Summary page for an application, see "Overview of Web Service Statistics for an Application".

The following statistics are displayed for Java EE web services:

Name—Name of the web service. Expand the web service to display the web service endpoint.
Invocation Count—Number of invocation requests to this endpoint.
Response Error Count—Number of errors encountered during responses.
Response Count—Number of responses
Average Execution Time (ms)—Average time, in milliseconds, to execute the web service.
Average Response Time (ms)—Average time, in milliseconds, to receive a response from the web service.

The following statistics are displayed for RESTful web services:

Module Name and RESTful Application Name—Name of the module and RESTful application. Click the RESTful application name to view the RESTful Service Application page.
Resource Name—Name of the RESTful resource.
Resource Type—Type of the RESTful resource.
Resource Path—URI of the RESTful resource.
Invocation Count—Number of invocation requests to this endpoint.
Average Execution Time (ms)—Average time, in milliseconds, to execute web services.

The following statistics are displayed for Oracle Infrastructure web services:

Name—Name of the web service. Expand the web service to display the web service endpoint.
Endpoint Enabled—Flag that specifies whether the web service is enabled or disabled. For Oracle Infrastructure web service providers, this field displays n/a.
Start Time—Time the web service was started.
Invocations Completed—Number of completed requests to this endpoint.
Average Invocation Time—Average time for all web service invocations to be processed.
Policy Faults—Number of failed requests because a policy was not successfully executed.
Total Faults—Total number of failed requests.

Figure 6-4 Web Service Statistics for Individual Oracle Infrastructure Web Services

Description of "Figure 6-4 Web Service Statistics for Individual Oracle Infrastructure Web Services"

6.1.5 Viewing Operation Statistics for a Web Service Endpoint

Follow this procedure to view statistics for a web service endpoint. To view statistics for individual operations, see "Viewing Statistics for a Java EE Web Service Operation".

To display operation statistics for a particular web service endpoint:

Navigate to the Web Service Summary page as described in "Viewing the Web Services Summary Page for an Application".
In the Web Services Details section of the Web Services summary page, select the Web Service Endpoints tab.
Select the endpoint for which you want to display the statistics.

The Web Service Endpoint page is displayed.

Select the Operations tab if it is not already selected.

The following statistics are presented for Oracle Infrastructure web services:

Element	Description
Operation Name	Name of the operation.
One Way	Flag that specifies whether the operation returns a value to the calling operation.
Action	URI of the action.
Input Encoding	Encoding style of the input message.
Output Encoding	Encoding style of the output message.
Invocations Completed	Number of completed requests to this endpoint.
Average Invocation Time	Average time for all web service invocations to be processed.
Faults	Total number of faults for this endpoint.

The following statistics are presented for Java EE web services:

Element	Description
Name	Name of the operation.
Invocation Count	Number of times that the web service was invoked.
Average Dispatch Time (ms)	Average time, in milliseconds, for all web service invocations to be processed.
Average Execution Time (ms)	Average time, in milliseconds, for all web service executions.
Average Response Time (ms)	Average time, in milliseconds, for all responses generated.
Response Count	Total number of responses generated from the web service invocations.
Response Error Count	Total number of errors from responses generated from the web service invocations.

6.1.6 Viewing Statistics for a Java EE Web Service Operation

The individual web service operations are displayed on the Operations tab of the Web Service Endpoint page. This procedure applies only to Java EE web service operations.

To view the statistics for an individual Java EE web service operation:

Navigate to the Web Service Operation page as described in "Viewing the Details for a Java EE Web Service Operation".
Click the name of an operation to view its statistics.

The Web Service Operation page displays the following statistics:

Element	Description
Application Name	The name of the application that this operation is associated with.
Web Service Name	The name of the web service that this operation is associated with.
Endpoint Name	The name of the endpoint that this operation is associated with.
Operation Name	The name of the web service operation.
Endpoint URI	The URI of the endpoint that this operation is associated with.

Errors

The Errors section of the Web Service Operation page displays the following error statistics:

Element	Description
Error Count	Number of errors sending or receiving a request.
Last Error	Last error that occurred processing a request.
Last Error Time	Time on WebLogic Server of the last error for a request (sending or receiving) was detected expressed as the number of milliseconds since midnight, January 1, 1970 UTC.
Response Error Count	Total number of errors from responses generated from operation invocations.
Last Response Error	Last response error to arrive for this client/service (or null if no errors have occurred).
Last Response Error Time	Time on WebLogic Server of the last error sending or receiving a response (or 0 if no failures have occurred) expressed as the number of milliseconds since midnight, January 1, 1970 UTC.

Invocation Statistics

The Invocation Statistics section of the Web Service Operation page displays the following invocation statistics:

Element	Description
Invocation Count	Total number of operation invocations in the current measurement period.
Last Invocation Time	Time of the last operation request to be sent or received (or 0 if no requests have been sent or received).
Average Dispatch Time (ms)	Average operation dispatch time (in milliseconds) for the current measurement period. Dispatch time refers to the time for WebLogic Server to process the invocation. The measurement period typically starts when WebLogic Server is first started.
Dispatch Time Total (ms)	Total time (in milliseconds) for all operation dispatches in the current measurement period. Dispatch time refers to the time for WebLogic Server to process the invocation. The measurement period typically starts when WebLogic Server is first started.
Dispatch Time High	Longest operation dispatch time for the current measurement period. Dispatch time refers to the time for WebLogic Server to process the invocation. The measurement period typically starts when WebLogic Server is first started.
Dispatch Time Low	Shortest operation dispatch time for the current measurement period. Dispatch time refers to the time for WebLogic Server to process the invocation. The measurement period typically starts when WebLogic Server is first started.
Average Execution Time (ms)	Average operation execution time (in milliseconds).
Execution Time Total (ms)	Total time (in milliseconds) for all operation executions.
Execution Time High	Longest operation execution time.
Execution Time Low	Shortest operation execution time.

Response Statistics

The Response Statistics section of the Web Service Operation page displays the following response statistics:

Elements	Description
Response Count	Total number of responses generated from operation invocations.
Last Response Time	Time on WebLogic Server of the last response to arrive for this client/service (or 0 if no responses have been received) expressed as the number of milliseconds since midnight, January 1, 1970 UTC.
Average Response Time (ms)	Average response time (in milliseconds) from the responses generated from operation invocations.
Response Time Total (ms)	Total time (in milliseconds) for all responses generated from operation invocations.
Response Time High	Longest response time from the responses generated from operation invocations.
Response Time Low	Lowest response time from the responses generated from operation invocations.

6.1.7 Viewing Statistics for Java EE Web Service Clients

To display web service statistics for the run-time client instances in a Java EE application:

Navigate to the Java EE web service application summary page, as described in "Viewing the Web Services Summary Page for an Application".
Select the Java EE Web Service Clients tab to view the clients in the application.

Note:

This tab is available only if the application contains Java EE web service clients.
Select the Monitoring tab, if it is not already selected to view the statistics for all run-time client instances in the application.

Note:

For JAX-WS web services, the web services run time creates system-defined client instances within a web service endpoint that are used to send protocol-specific messages as required by that endpoint. These client instances are named after the web service endpoint that they serve with the following suffix: -SystemClient. Monitoring information relevant to the system-defined client instances is provided to assist in evaluating the application.
Select the client in the Client column to display web service statistics for that client.
The Java EE Web Service Client page is displayed, as shown in Figure 6-5.

Figure 6-5 Java EE Web Service Client Statistics

Description of "Figure 6-5 Java EE Web Service Client Statistics"

The following summary information is presented for the run-time client instance.
- Application Name—The name of the application with which the client is associated.
- Module Name—Name of the Java EE module in which the endpoint is running.
- Web Service Endpoint—Name of the port which the client invokes.
- Transport Protocol Type—Transport protocol required by the service.

Select the Invocations tab to view the invocation statistics for the client.

Table 6-1 lists the invocation statistics displayed for the run-time client instance.

Table 6-1 Invocation Statistics for Java EE Web Service Client

Element	Description
Errors
Error Count	Total number of security faults and violations.
Response Error Count	Total number of errors from responses generated from invocations of this client instance
Invocation Statistics
Invocation Count	Total number of times that operations on service side have been invoked by the client instance in the current measurement period.
Average Dispatch Time (ms)	Average dispatch time for the current measurement period.
Dispatch Time Total (ms)	Total time for all dispatches of this operation in the current measurement period.
Average Execution Time (ms)	Average execution time of this operation.
Execution Time Total (ms)	Total time for all executions of this operation
Response Statistics
Response Count	Total number of responses generated from invocations of this operation.
Average Response Time (ms)	Average response time from the responses generated from invocations of this operation.
Response Time Total (ms)	Total time for all responses generated from invocations of this operation.

Select the WebLogic Policy Violations tab to view the policy violations for this client run-time instance.

Note:

This tab appears only if there are WebLogic web service policies attached to the Java EE web service client.

Table 6-2 lists the policy violations for the client run-time instance.

Table 6-2 WebLogic Policy Violations for Java EE Web Service Client

Element	Description
Summary
Total Faults	Total number of failed requests.
Policy Faults	Total number of policy faults.
Total Security Faults	Total number of security faults and violations.
Violations
Authentication Violations	Total number of authentication violations generated for this port. Only incoming message processing can add to the violation count.
Confidentiality Violations	Total number of confidentiality violations generated for this port. Both outgoing and incoming message processing can add to the violation count.
Integrity Violations	Total number of integrity violations generated for this port. Both outgoing and incoming message processing can add to the violation count.
Successes
Authentication Successes	Total number of authentication successes detected for this port. Only incoming message processing can add to the success count.
Confidentiality Successes	Total number of confidentiality successes generated for this port. Both outgoing and incoming message processing can add to the success count.
Integrity Successes	Total number of integrity successes generated for this port. Both outgoing and incoming message processing can add to the success count.

6.1.8 Viewing Statistics for RESTful Resources

To display web service statistics for the resources in a RESTful web service:

Navigate to the Web Services application summary page, as described in "Viewing the Web Services Summary Page for an Application".
Select the RESTful Services tab to view the RESTful applications.

Note:

This tab is available only if the application contains RESTful web services.
Click the RESTful application name for which you want to view RESTful resources.

In the RESTful Resources tab, click the resource for which you want to view statistics.

Table 6-3 lists the summary information that is provided.

Table 6-3 Summary of RESTful Resource

Field	Description
Application Name	The name of the application with which the RESTful service is associated.
Module Name	Name of the module in which the RESTful application is running.
RESTful Application Name	Name of the RESTful application.
Resource Name	URI of the RESTful resource.
Resource Type	Type of the resource.
Resource Path	Path of the resource.
Number of Methods	Number of methods.
Number of Subresource locators	Number of subresource locators.
Invocation Count	Number of invocations of the RESTful service.
Average Execution Time (ms)	Average execution time, in milliseconds, of this method.

In the RESTful Methods tab, view the statistics for the methods.

Table 6-4 lists the statistics for each RESTful method.

Table 6-4 Summary Statistics for RESTful Resources

Field	Description
Method Name	Name of the method.
Method & Request Statistics	Eye-glass icon to drill down for method and request data.
Return Type	Return type of the method.
Path	Path of the method.
HTTP Method	HTTP method to which the method is mapped.
Producing Media Type	Total time for all dispatches of this operation in the current measurement period.
Invocation Count	Number of invocations of the RESTful method.
Average Execution Time (ms)	Average execution time, in milliseconds, of this operation.
Execution Time Total (ms)	Total time for all executions of the method.

Still in the RESTful Methods tab, click the eye-glass icon in the Method & Request Statistics column to view the following request and method statistics for a specific RESTful method:

Table 6-5 Method and Request Statistics for RESTful Resources

Field	Description
Average Request Processing Time (ms)	Average request processing time in milliseconds.
Maximum Request Processing Time (ms)	Maximum time to process request in milliseconds.
Minimum Request Processing Time (ms)	Minimum time to process request in milliseconds.
Total Request Count	Total number of requests that have been processed.
Total Request Rate (per ms)	Total time needed to process requests, per millisecond.

When you are finished viewing the statistical information, click OK.

6.1.9 Viewing Statistics for SOA Binding Components

You can monitor service and reference binding components in SOA composite applications, including instances, faults, and rejected messages. For complete details, refer to the following sections in Administering Oracle SOA Suite and Oracle Business Process Management Suite:

To view statistics for SOA binding components:

Navigate to the SOA composite application, as described in "Viewing the Web Services and References in a SOA Composite".
In the Services and References section, select a specific service or reference.

If you select a service binding component that is a JCA adapter, web service, or REST service, the Dashboard page displays a graphic representation of the total number of incoming messages and faults since server startup, as shown in Figure 6-6.

Figure 6-6 Statistics for SOA Binding Components

Description of "Figure 6-6 Statistics for SOA Binding Components"

6.1.10 Overview of Viewing the Security Violations for a Web Service

Follow the procedures listed below to view security violations for a web service:

6.1.10.1 Viewing the Security Violations for an Oracle Infrastructure Web Service

To view the security violations for an Oracle Infrastructure web service:

Navigate to the Web Services Summary page as described in "Viewing the Web Services Summary Page for an Application".
In the Charts section of the page, select the Security Violations tab.

A graphical representation of the authentication, authorization, confidentiality, and integrity faults for all web services in the application is displayed in the pie chart.
In the Web Service Details section of the page, expand the web service to display the web service endpoints if they are not already displayed.
Click the name of the endpoint to navigate to the Web Service Endpoint page.
Click the Charts tab to see a graphical representation of all faults and all security violations for the endpoint.

Click the OWSM Policies tab.

Two tables are displayed.

The Globally Attached Policies table displays the name of the policy and the policy set that references it.

The Directly Attached Policies table displays the name of the policy and the policy status (whether the policy is enabled or disabled).

Both tables list the category to which the policy belongs (security, MTOM attachments, reliable messaging, WS-addressing, and management).

Table 6-6 lists the violation information provided for each type of policy attachment.

Table 6-6 Policy Violation Information for an Endpoint

Violation Type	Description
Total Violations	Total number of faults for this policy. Note: Total violations may not be equal to the sum of the security violations shown below (for example, Authentication, Authorization, Confidentiality, and Integrity). Other security violations that do not fall into these major categories and non-security violations are also captured in the total violations count.
Security Violations
Authentication	Number of authentication failures since the server was restarted.
Authorization	Number of authorization failures since the server was restarted.
Confidentiality	Number of message confidentiality failures since the server was restarted.
Integrity	Number of message integrity failures since the server was restarted.

6.1.10.2 Viewing the Security Violations for a Java EE JAX-WS Web Service

To view the security violations for a Java EE JAX-WS web service:

Navigate to the Web Services Summary page as described in "Viewing the Web Services Summary Page for an Application".
In the Web Service Details section of the page, expand the web service to display the web service endpoints if they are not already displayed.
Click the name of the endpoint to navigate to the Web Service Endpoint page.

Do one of the following, depending on the type of policies attached to the endpoint:

If OWSM policies are attached to the endpoint, click the OWSM Policies tab.

A list of the policies that are attached to the endpoint is displayed. For each policy, the table displays the name of the policy, the category of the policy (security, MTOM attachments, reliable messaging, WS-addressing, and management), and the policy status (whether the policy is enabled or disabled). Table 6-6 describes the violation information that is displayed for each OWSM policy attached to the endpoint.

If WebLogic policies are attached to the endpoint, click the WebLogic Policy Violations tab.

This tab shows policy violation details about WebLogic policies attached to a JAX-WS endpoint. Table 6-7 describes the information provided on this page.

Table 6-7 WebLogic Policy Violation Data

Element	Description
Summary
Total Faults	Total number of failed requests.
Policy Faults	Number of failed requests because a policy was not successfully executed.
Total Violations	Total number of faults for this policy.
Violations
Authentication Violations	Number of authentication failures since the server was restarted.
Confidentiality Violations	Number of message confidentiality failures since the server was restarted.
Integrity Violations	Number of message integrity failures since the server was restarted.
Successes
Authentication Successes	Number of authentication successes since the server was restarted.
Confidentiality Successes	Number of message confidentiality successes since the server was restarted.
Integrity Successes	Number of message integrity successes since the server was restarted.

6.1.10.3 Viewing the Security Violations for a Java EE JAX-RPC Web Service

To view the security violations for a Java EE JAX-RPC web service:

Navigate to the Web Services Summary page for the application.
In the Web Service Details section of the page, expand the web service to display the web service endpoints if they are not already displayed.
Click the name of the endpoint to navigate to the Web Service Endpoint page.
Click the WebLogic Policy Violations tab.

This tab shows policy violation details about WebLogic policies attached to a JAX-RPC endpoint, as shown in Figure 6-7. For a description of the information displayed on this tab, see Table 6-7.

Figure 6-7 Security Violations for a Java EE JAX-RPC Web Service Endpoint

Description of "Figure 6-7 Security Violations for a Java EE JAX-RPC Web Service Endpoint"

6.2 Auditing Web Services

Auditing describes the process of collecting and storing information about security events and the outcome of those events. An audit provides an electronic trail of selected system activity.

An audit policy defines the type and scope of events to be captured at run time. Although a very large array of system and user events can occur during an operation, the events that are actually audited depend on the audit policies in effect at run time. You can define component- or application-specific policies, or audit individual users.

You configure auditing for system components, including web services, and applications at the domain level using the Audit Policy page. You can audit SOA and ADF services.

The following table summarizes the events that you can audit for web services and the relevant component.

Table 6-8 Auditing Events for Web Services

Enable auditing for the following web service events. . .	Using this system component. . .
User authentication. User authorization. Policy enforcement, including message confidentiality, message integrity, and security policy.	OWSM—Agent For more information, see "OWSM-AGENT Events and Attributes".
Web service requests sent and responses received. SOAP faults incurred. Note: In this case, events are logged for both security and non-security web service invocations.	Oracle web services For more information, see "Oracle Web Services Events and Attributes".
OWSM assertion template creation, deletion, or modification. OWSM policy intent creation, deletion, or modification. OWSM policy creation, deletion, or modification. OWSM policy set authoring creation, deletion, or modification.	OWSM—Policy Manager Note: The Policy Manager audits both local policy attachments and global policy attachments for policy sets. For more information, see "OWSM-PM-EJB Events and Attributes".
OWSM policy attachment.	OWSM—Policy Attachment Note: The Policy Attachment audits only local policy attachments. For more information, see "Web Services Policy Attachment Events and Attributes".

You can also audit the events for a specific user, for example, you can audit all events by an administrator.

For more information about configuring audit policies, see "Configuring and Managing Auditing" in Securing Applications with Oracle Platform Security Services.

The following sections describe how to define audit policies and view audit data:

6.2.1 Configuring Audit Policies

Follow the steps in this section to configure audit policies. For more information, see "Manage Audit Policies for Java Components with Fusion Middleware Control" in Securing Applications with Oracle Platform Security Services.

From the WebLogic Domain menu, select Security > Audit Policy.

The Audit Policy Settings page is displayed.

The audit policies table, at the center of the page, displays the audits that are currently in effect.
Select the component that you want to audit from the Audit Component Name menu.
Select an audit level from the Audit Level menu.
Valid audit levels include:
- None—Disables auditing.
- Low, Medium, High—Audits subsets of event categories representing pre-defined levels of auditing.
- Custom—Enables you to provide a custom auditing policy.
You can view the components and applications that are selected for audit at each level in the audit policies list. For all audit levels other than Custom, the information in the audit policies list is greyed out, as you cannot customize other audit level settings.
To customize the audit policy, select the Custom option and perform one of the following steps:
- Select the information that you want to audit by clicking the associated checkbox in the Select for Audit column.
  
  You can audit at the following levels of granularity: All events for a component, all events within a component event category, an individual event, or a specific outcome of an individual event (such as, success or failure).
  
  Click Select All to select all categories, None to deselect all categories, or Audit All Events to audit all events, including specific outcome of individual events (such as, successes and failures).
  
  At the event outcome level, you can specify an edit filter. Filters are rules-based expressions that you can define to control the events that are returned. For example, you might specify an Initiator as a filter for policy management operations to track when policies were created, modified, or deleted by a specific user. To define a filter for an outcome level, click the Edit Filter icon in the appropriate column, specify the filter attributes, and click OK. The filter definition appears in the Filter column.
  
  Deselect the checkbox for a component at a higher level to customize auditing for its subcomponents. You can select all components and applications by checking the checkbox adjacent to the column name.
- At the event outcome level, you can specify an edit filter. Filters are rules-based expressions that you can define to control the events that are returned. For example, you might specify an Initiator as a filter for policy management operations to track when policies were created, modified, or deleted by a specific user. To define a filter for an outcome level, click the Edit Filter icon in the appropriate column, specify the filter attributes, and click OK. The filter definition appears in the Filter column.
- To audit only success or failures for all system components and applications, select Select Successes Only or Select Failures Only from the Select menu, respectively. To clear all selections, select None.
If required, enter a comma-separated list of users in the Users to Always Audit text box.

Specified users will always be audited, regardless of whether auditing is enabled or disabled, and at what level auditing is set.
Click Apply.

To revert all changes made during the current session, click Revert.

6.2.2 Managing Audit Data Collection and Storage

To manage the data collection and storage of audit information, you need to perform the following tasks:

Set up and manage an audit data repository.

You can store records using one of two repository modes: file and database. It is recommended that you use the database repository mode. The Oracle Business Intelligence Publisher-based audit reports only work in the database repository mode.
Set up audit event collection.

For more information, see "Managing the Audit Data Store" in Securing Applications with Oracle Platform Security Services.

6.2.3 Viewing Audit Reports

For database repositories, data is exposed through pre-defined reports in Oracle Business Intelligence Publisher.

A number of predefined reports are available, such as: authentication and authorization history, OWSM policy enforcement and management, and so on. For details about generating and viewing audit reports using Oracle Business Intelligence Publisher, see "Using Audit Analysis and Reporting" in Securing Applications with Oracle Platform Security Services.

For file-based repositories, you can view the bus-stop files using a text editor and create your own custom queries.