Creating an Audit Database

Create an audit database and perform value-change monitoring activities.

To create an audit database and perform value-change monitoring activities, you must have a user account with appropriate permissions to:
  • Create a database on the server
  • Create a database user account on the server

Log in to each database to be monitored Create tables and triggers on each database to be monitored

Before Defining an Audit Database under Informix or Sybase

For Informix® and Sybase (except for Sybase IQ, which does not support triggers) and depending on the operating system for the database server, you must perform one of the following procedures before defining the audit database.

Informix Setup - Locate or Create a New Database Space

This topic applies for Informix (9.4 or later). Under Informix, we strongly recommend that you avoid using the default root database space, root_dbs. You cannot drop this space or reduce its size.

You should use any other database space that has been defined, or to create a new database space, perform one of the following procedures (depending on the operating system).

Informix - Create an Informix Database Space on a Windows Server

This procedure is performed outside of the Guardium® GUI, and applies for Informix version 9.4 or later.

  1. Verify that the database server is online and listening.
  2. Create a zero-byte file named guardium_dbs_dat.000 in the C:\IFMXDATA\server-name directory (sever-name is the name of the Informix server or the service name). You can do this by saving an empty text file, and then renaming the file, replacing the txt suffix with 000.
  3. Make the following directory the working directory:

    C:\Program Files\Informix\bin

  4. Execute following command:
    C:\Program Files\Informix\bin>onspaces -c -d guardium_dbs -p C:\IFMXDATA\server-name\guardium_dbs_dat.000 -o 0 -s 150000
    If the file is created successfully, you see the following messages:
    Verifying physical disk space, please wait ...  
    Space successfully added. 
    ** WARNING **  A level 0 archive of Root DBSpace will need to be done.  
  5. Restart the Informix server, and use a suitable tool (Aqua Data Studio remote client, for example) to connect and verify that the space named guardium_dbs has been created. Your first connection attempt may fail with a message about the server running in Quiescent Mode.  If this happens, attempt to re-connect at least two more times, and it should work.
  6. To verify that the guardium_dbs database space has been created, use Aqua Data Studio, and look under Storage.

Informix - Create an Informix Database Space on a Unix Server

This procedure is performed outside of the Guardium GUI, and applies for Informix version 9.4 or later.

  1. From a command-line window, enter the following commands:
    su - informix
    cd demo/server
    vi guardium_dbs
  2. Without adding any text, save the empty guardium_dbs file.
  3. Enter the following commands:
    chmod 660 guardium_dbs
    cd ../../bin
    onspaces -c -d guardium_dbs -p /home/informix10/demo/server/guardium_dbs -o 0 -s 100000

Sybase Setup - Initialize Disks

This topic applies for Sybase servers only (except for Sybase IQ, which does not support triggers). Depending on the operating system of the database server, perform one of the following procedures to initialize disks.

Sybase - Initialize Disks on a Windows Sybase Server

  1. Connect to the server on which you want to create the Guardium audit database: guardium_audit.
  2. Create a folder named guardium_audit, under the c: drive.
  3. Connect to the database.
  4. Execute the following commands:
    use master
    go
    disk init name="guardium_auditdev", size=8192
    go
    disk init name="guardium_auditlog", 
    physname="c:/guardium_audit/guardium_auditlog", size=8192
    go

Sybase - Initialize Disks on a Unix Sybase Server

  1. Connect to the database.
  2. Execute the following statements:
    use master
    go
    disk init name = 'guardium_auditdev', physname
     ='/home/sybase/data/guardium_auditdev' , size = 8192
    go
    disk init name = 'guardium_auditlog', physname
     ='/home/sybase/data/guardium_auditlog' , size = 8192 
    go

Create the database

For an Informix or Sybase database, be sure to perform the preliminary tasks before performing this procedure.

  1. Open the Value Change Database Builder by navigating to Harden > Configuration Change Control (CAS Application) > Value Change Audit Database Creation.
  2. Click Add Datasource to open the Select datasource window.

    Datasources that are defined from the Value Change Auditing application are labeled Monitor Values. Datasources that are defined for other applications have different labels (such as Listener, or DBanalyzer). The other datasources may not have the appropriate set of database access permissions for that Value Change Auditing application, which requires a user account with database administrator authority. If a suitable datasource is not available, click Add datasource to define a database to monitor. For information about defining datasources, see Creating a datasource definition.

    Note: If a GUARDIUM_AUDIT database already exists on this dbserver, you cannot create another one. You must drop the GUARDIUM_AUDIT database/user before you create a new one.
  3. Select a datasource that uses an administrator account, and click Save to add it to the Datasources window on the Create Value Change Audit Database page.
  4. Enter an Audit Datasource Name. This is the name that identifies the datasource later, to define monitoring tasks and to upload data. Do not confuse this name with the name of the Datasource from the Datasources panel.
  5. Optionally select Share Datasource to share this datasource with other applications (Classification, for example). The default is not to share the datasource. This type of datasource requires administrator privileges, so you may not want to share this datasource with other applications.
    Note: To share a datasource with other users, assign security roles to that datasource.
  6. For any database type other than DB2®, there are additional fields in the Audit Configuration pane. All fields are required. Referring to the following table, enter the appropriate values.
    Table 1. Additional Audit Configuration Fields Table
    Database Type Field: Description

    Informix

    Database Space: Enter the name of an existing database space to use, or enter the name of the database space you created for the audit database (guardium_dbs in the example shown previously). If you leave this blank, the default root_dbs space will be used, which we do not recommend.

    MS SQL Server

    Audit User Name: Enter a new database user name to use when accessing the audit database. This user will be given the sysadmin role.

    Audit Password: Enter a password.

    An additional choice appears in Value change Audit Database Creation menu screen when then the datasource is MSSQL server. This additional choice appears only when the datasource is MSSQL Server.

    Compatibility Mode: Choices are Default or MSSQL 2000. The processor is told what compatibility mode to use when monitoring a table.

    Use the GuardAPI command, grdapi list_compatibility_modes to show the compatability modes for MS SQL Server.

    Oracle

    Audit Password: Enter the password for the system user, which will be the database account used to access the audit database.

    Default Tablespace: Enter a name for the default tablespace.

    Temp Tablespace: Enter a name for the temporary tablespace.

    Sybase

    Audit User Name: Enter a new database user name to use when accessing the audit database. This user will be granted the sa_role.

    Audit Password: Enter a password.

    Data Device Name: Enter the same data device name used when initializing the disk for the audit database (guardium_auditdev in the disk initialization procedure described earlier).

    Log Device Name: Enter the same log device name used when initializing the disk for the audit database (guardium_auditlog in the disk initialization procedure described earlier).

  7. Click Create Audit Database to create the audit database.
  8. Use the selection Value Change Audit Database Update and Upload on the Config and Control tab to select the actions in this table.
    Restriction: For Microsoft SQL Server, Sybase, and Sybase IQ, the Guardium system does not receive updates to any column that is a primary key or part of a composite key.
    Action Description
    Delete Click to remove the datasource from the Datasources pane.
     Modify Click to edit this datasource definition in the Datasource Definition panel.
    Schedule Upload Click to schedule the upload of this audit datasource.

What to do next

After you create an audit database on a database server, it is available for use by the Value Change Auditing Builder for building triggers. For more information, see Value Change Auditing.