Setting up security monitoring

To set up security monitoring, add each of your WebSphere® Application Server servers and WebSphere Application Server Liberty servers to WebSphere Automation by registering them with the usage metering service. You can then track security vulnerabilities for your servers from a single user interface (UI) in WebSphere Automation.

Security monitoring must be set up before you can set up health monitoring.

Before you begin

To register your application servers with the usage metering service in WebSphere Automation, you must configure the usage metering feature in each application server. The usage metering feature is available in the following WebSphere Application Server fix packs and Liberty versions. If your application servers are on older fix packs or versions, you cannot register them with WebSphere Automation.
  • WebSphere Application Server (all editions) 8.5.5.15 and later
  • WebSphere Application Server (all editions) 9.0.0.9 and later
  • WebSphere Application Server Deployment Manager 8.5.5.23 and later
  • WebSphere Application Server Deployment Manager 9.0.5.14 and later
  • Liberty (all editions) 18.0.0.3 and later
Important: The usage metering feature is a supported, stabilized component of WebSphere Application Server and WebSphere Application Server Liberty for use with WebSphere Automation. It was previously used with the now removed metering service in IBM Cloud Private. Stabilization of the feature supersedes any mention of its deprecation in the documentation for WebSphere Application Server or WebSphere Application Server Liberty.

About this task

You can add WebSphere Application Server servers and Liberty servers to WebSphere Automation by registering them with the usage metering service.

You must have the Manage WebSphere inventory permission to add a server to the list of registered servers.

It is possible to obtain the information that is needed to register servers without using the WebSphere Automation UI. For more information, see Obtaining server registration prerequisites manually.

Procedure

  1. Log in to WebSphere Automation.
    For more information, see Accessing the WebSphere Automation UI.
  2. Open the Server management page.
  3. Click Register server.
    The Register server panel opens.
  4. In step 1, select to add a Liberty server or a WebSphere Application Server traditional server, then click Next.
    • For more information about setting up a Liberty server, select WebSphere Liberty and click the WebSphere Liberty instructions button.
      Register server panel showing step 1 with WebSphere Liberty selected and WebSphere Liberty instructions button
    • For more information about setting up a WebSphere Application Server traditional server, select WebSphere traditional and click the WebSphere traditional instructions button.
      Register server panel showing step 1 with WebSphere traditional selected and WebSphere traditional instructions button
  5. In step 2, collect the usage metering certificate for the keystore (Liberty server) or the truststore (WebSphere Application Server traditional server) on the server that you want to register.
    • If you already have a keystore (Liberty server) or a truststore (WebSphere Application Server traditional server), you are presented with a code snippet of the usage metering certificate. Copy the code snippet, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, and save it so that it can be used on the server to be registered.
      Register server panel showing step 2 with I have my own truststore selected and a usage metering certificate to be copied and added to the truststore
    • If you want a new keystore (Liberty server) or truststore (WebSphere Application Server traditional server), click the Download button and save it.
      Register server panel showing step 2 with I want you to provide a truststore selected and a Download truststore button
  6. In step 3, collect the code that enables the usage metering feature on the server that you want to register.
    • For a Liberty server, you are presented with a server.xml file. Copy and save the <featureManager>, <keyStore>, and <usageMetering> code sections from the example server.xml file for addition to the existing server.xml file on the Liberty server you want to register.
      Register server panel showing step 3 with server.xml file configurations to be copied and added to the existing server.xml file for your Liberty server
    • For WebSphere Application Server traditional servers, copy the example was-usage-metering.properties code snippet, change the value of the trustStore parameter to the file name of the truststore downloaded, and set the value for the trustStorePassword parameter to changeMe. Next, save the was-usage-metering.properties file to any of the server, cluster, node, or cell directory, depending on whether you want to register servers at the server, cluster, node, or cell level.
      Register server panel showing step 3 with a was-usage-metering.properties file to be added to your WebSphere Application Server installation
  7. Register your servers.

What to do next

Configure notifications so that emails are sent when changes to the security or health status of one or more managed servers are detected.

View the vulnerability status of your application servers through the WebSphere Automation UI.