Enabling audit logging in WebLogic

Audit logging can be enabled in an on-premise or commercial cloud deployment by adding the required Java variables to the startWebLogic.cmd/sh file.
  1. Stop the Weblogic server if it is running.
  2. Open the startWebLogic.cmd/sh file in a text editor.
  3. Add the -Dworkbrain.security.audit.enabled Java variable to enable the audit log. After the set DOMAIN_HOME line, add this line to the file: 
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Dworkbrain.security.audit.enabled=true
    Note: The audit logs are rotated and are eventually deleted. If you require permanent preservation of the logs due to security/administrative business requirements, you can use an external third party log aggregator or any solution that will copy the logs to a permanent storage area.
  4. Add the -Dlog.dir Java variable to specify the directory where you want to save the audit log. Add this line to the file after the line added in the previous step: 
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Dlog.dir=<FilePath>
    Replace <FilePath> with the directory path.
  5. Save the file.
Before restarting the Weblogic server, the audit appender must be added to the log4j configuration. See Adding audit appender to log4j configuration.