Posted on March 17, 2011 by gpedersen

NSD1315 IM 4.5 – Configuring audit to database

Fact

Nordic Edge Identity Manager 4.5 or later

Situation

Redirect audit messages to a relational database.

Summary

This is a summary of the steps needed to perform audit to database.

Check further down document for more detailed explanation of each step.


1. Select a database engine


2. Create or select a database 


3. Create a database table


4. Configure DSEditor.properties


5. Set policy for audit level


6. Other

Detailed explanation

1. Select a database engine

This NSD will describe configuration of database engines SQL and Oracle

 

2. Create or select a database

Make sure SQL authentication is selected and not Windows authentication in windows environments. The database account needs write (insert) and read access to database and table.

 

3. Create a database table

Create the sql table to which Identity Manager should send auditing messages.

Here are some examples of database commands to create table SQL command:

 

For SQL

create table imaudit (auditDate DATETIME not null, userDN VARCHAR(200), objectDN VARCHAR(200), message VARCHAR(500), filter VARCHAR(100)) 

 

For ORACLE

create table imaudit (auditDate DATE not null, userDN VARCHAR(200), objectDN VARCHAR(200), message VARCHAR(500), filter VARCHAR(100))

 

Database query may have to be modified depending on the SQL syntax of the chosen database engine. Check with your database administrator for assistance.

 

4. Configure DSEditor.properties

 

4.1 In DSEditor.properties you will find a section with the following parameters. Make sure this parameters have the following values.

 

Enable_Audit_Log=true

Enable_Audit_TO_DB=true

Enable_Internal_DB=false

 

4.2 In DSEditor.properties you need to add the following line. Add the line at the bottom of section called "#Log4j Audit"

Below are different scenarios depending on the database engine you use. Find your database engine and add lines below that scenario.


log4j.appender.audit.table=tablename(default imaudit)


4.2.1 If the database is configured as an ODBC source set the following:

log4j.appender.audit.URL=jdbc:odbc:datasourceName

log4j.appender.audit.DBUser=myDBUser

log4j.appender.audit.DBPassword=myDBUserPassword


4.2.2 If the database is not an ODBC source and the database engine is Microsoft SQL 2005/2008:

log4j.appender.audit.URL=jdbc:sqlserver:// dbhostname;databaseName=datebase;user=userName;password=password

log4j.appender.audit.Class=com.microsoft.sqlserver.jdbc.SQLServerDriver


4.2.3 If the database is not an ODBC source and the database engine is Microsoft SQL 2000:

log4j.appender.audit.URL=

jdbc:sqlserver:// dbhostname;databaseName=datebase;user=userName;password=password

log4j.appender.audit.Class= com.microsoft.jdbc.sqlserver.SQLServerDriver


4.2.4 If the database is not an ODBC source and the database engine is MySQL:

log4j.appender.audit.URL=jdbc:mysql://dbhostname:port/databasseName

log4j.appender.audit.DBUser=root

log4j.appender.audit.DBPassword=connected

log4j.appender.audit.Class=com.mysql.jdbc.Driver


4.2.5 If the database is not an ODBC source and the database engine is Oracle:

log4j.appender.audit.URL=jdbc:oracle:thin:@// dbhostname:port/dbname

log4j.appender.audit.DBUser=root

log4j.appender.audit.DBPassword=connected

log4j.appender.audit.Class= oracle.jdbc.driver.OracleDriver


4.3 Restart Identity Manager service.

 

5. Set policy for audit level

Open Identity Manager Standalone 4.5 client.

Choose and object (for example root or an OU) for where to set audit level.

Open Policy Manager.

Find policy "Audit_Level"  (System/Audit)

Set value.


6. Other

6.1 Ensure the database user has "insert" and "read" access rights to the audit table.

6.2 When not using ODBC as a connection method, copy the appropriate .jar files to the /lib directory. For the standalone client this is: %imroot%/lib. For the web application this is: %webapplicationroot%/WEB-INF/lib.


Disclaimer

The origin of this information may be internal or external to Nordic Edge™. Nordic Edge™ makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Nordic Edge™ makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

Nordic Edge Support - www.nordicedge.se

Download article as PDF

Comments are closed.