Before encrypting the security audit logs, you will first need to enable the security audit logs. Encypting the security log files prevents unauthorized read access. Signing the security audit logs prevents unauthorized write access.

Before you can encrypt the security audit logs, you will first need a keystore that will be used to encrypt the security log. 

1. In the WebSphere admin console, expand Security and select Security auditing.
2. Select Audit encryption key stores and certificates.
3. Select New.
4. Enter the name, path, and password for the keystore.

Note: If you do not know the path, select Security > SSL certificate and key management > Key stores and certificates.

Note: If you do not know the password for the keystore, you can change the keystore password.

5. Select OK.
6. Select Save.

In this example, a security audit keystore named testKey was created.

Now, the security log can be encrypted.

1. In the WebSphere admin console, expand Security and select Security auditing.
2. Select Audit record encryption configuration.
3. Check Enable encryption.
4. Select the keystore you created and select OK.
5. Select Save.

In this example, the audit logs will be encrypted using testKey.