Enabling audit logging in WebLogic

Audit logging can be enabled in an on-premise or commercial cloud deployment by adding the required Java variables to the startWebLogic.cmd/sh file.
  1. Stop the Weblogic server if it is running.
  2. Open the startWebLogic.cmd/sh file in a text editor.
  3. Add the -Dworkbrain.security.audit.enabled Java variable to enable the audit log. After the set DOMAIN_HOME line, add this line to the file:
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Dworkbrain.security.audit.enabled=true
    Note: The audit logs are rotated and are eventually deleted. If you require permanent preservation of the logs due to security/administrative business requirements, you can use an external third party log aggregator or any solution that will copy the logs to a permanent storage area.
  4. Add the -Dlog.dir Java variable to specify the directory where you want to save the audit log. Add this line to the file after the line added in the previous step:
    set JAVA_OPTIONS=%JAVA_OPTIONS% -Dlog.dir=<FilePath>
    Replace <FilePath> with the directory path.
  5. Save the file.
Before restarting the Weblogic server, the audit appender must be added to the logging configuration. See Adding audit appender to SLF4J with logback configuration.