Creating an Audit Database
Create an audit database and perform value-change monitoring activities.
- Create a database on the server
- Create a database user account on the server
Log in to each database to be monitored Create tables and triggers on each database to be monitored
Before Defining an Audit Database under Informix or Sybase
For Informix® and Sybase (except for Sybase IQ, which does not support triggers) and depending on the operating system for the database server, you must perform one of the following procedures before defining the audit database.
Informix Setup - Locate or Create a New Database Space
This topic applies for Informix (9.4 or later). Under Informix, we strongly recommend that you avoid using the default root database space, root_dbs. You cannot drop this space or reduce its size.
You should use any other database space that has been defined, or to create a new database space, perform one of the following procedures (depending on the operating system).
Informix - Create an Informix Database Space on a Windows Server
This procedure is performed outside of the Guardium® GUI, and applies for Informix version 9.4 or later.
- Verify that the database server is online and listening.
- Create a zero-byte file named guardium_dbs_dat.000 in the C:\IFMXDATA\server-name directory (sever-name is the name of the Informix server or the service name). You can do this by saving an empty text file, and then renaming the file, replacing the txt suffix with 000.
- Make the following directory the working directory:
C:\Program Files\Informix\bin
- Execute following command:
C:\Program Files\Informix\bin>onspaces -c -d guardium_dbs -p C:\IFMXDATA\server-name\guardium_dbs_dat.000 -o 0 -s 150000
If the file is created successfully, you see the following messages:Verifying physical disk space, please wait ... Space successfully added. ** WARNING ** A level 0 archive of Root DBSpace will need to be done.
- Restart the Informix server, and use a suitable tool (Aqua Data Studio remote client, for example) to connect and verify that the space named guardium_dbs has been created. Your first connection attempt may fail with a message about the server running in Quiescent Mode. If this happens, attempt to re-connect at least two more times, and it should work.
- To verify that the guardium_dbs database space has been created, use Aqua Data Studio, and look under Storage.
Informix - Create an Informix Database Space on a Unix Server
This procedure is performed outside of the Guardium GUI, and applies for Informix version 9.4 or later.
- From a command-line window, enter the following commands:
su - informix cd demo/server vi guardium_dbs
- Without adding any text, save the empty guardium_dbs file.
- Enter the following commands:
chmod 660 guardium_dbs cd ../../bin onspaces -c -d guardium_dbs -p /home/informix10/demo/server/guardium_dbs -o 0 -s 100000
Sybase Setup - Initialize Disks
This topic applies for Sybase servers only (except for Sybase IQ, which does not support triggers). Depending on the operating system of the database server, perform one of the following procedures to initialize disks.
Sybase - Initialize Disks on a Windows Sybase Server
- Connect to the server on which you want to create the Guardium audit database: guardium_audit.
- Create a folder named guardium_audit, under the c: drive.
- Connect to the database.
- Execute the following commands:
use master go disk init name="guardium_auditdev", size=8192 go disk init name="guardium_auditlog", physname="c:/guardium_audit/guardium_auditlog", size=8192 go
Sybase - Initialize Disks on a Unix Sybase Server
- Connect to the database.
- Execute the following statements:
use master go disk init name = 'guardium_auditdev', physname ='/home/sybase/data/guardium_auditdev' , size = 8192 go disk init name = 'guardium_auditlog', physname ='/home/sybase/data/guardium_auditlog' , size = 8192 go
Create the database
For an Informix or Sybase database, be sure to perform the preliminary tasks before performing this procedure.
- Open the Value Change Database Builder by navigating to .
- Click Add Datasource to open the Select
datasource window.
Datasources that are defined from the Value Change Auditing application are labeled Monitor Values. Datasources that are defined for other applications have different labels (such as Listener, or DBanalyzer). The other datasources may not have the appropriate set of database access permissions for that Value Change Auditing application, which requires a user account with database administrator authority. If a suitable datasource is not available, click to define a database to monitor. For information about defining datasources, see Creating a datasource definition.
Note: If a GUARDIUM_AUDIT database already exists on this dbserver, you cannot create another one. You must drop the GUARDIUM_AUDIT database/user before you create a new one. - Select a datasource that uses an administrator account, and click Save to add it to the Datasources window on the Create Value Change Audit Database page.
- Enter an Audit Datasource Name. This is the name that identifies the datasource later, to define monitoring tasks and to upload data. Do not confuse this name with the name of the Datasource from the Datasources panel.
- Optionally select Share Datasource to share this datasource with other
applications (Classification, for example). The default is not to share the datasource. This type of
datasource requires administrator privileges, so you may not want to share this datasource with
other applications. Note: To share a datasource with other users, assign security roles to that datasource.
- For any database type other than DB2®, there are additional
fields in the Audit Configuration pane. All fields are required. Referring to the following table,
enter the appropriate values.
Table 1. Additional Audit Configuration Fields Table Database Type Field: Description Informix
Database Space: Enter the name of an existing database space to use, or enter the name of the database space you created for the audit database (guardium_dbs in the example shown previously). If you leave this blank, the default root_dbs space will be used, which we do not recommend.
MS SQL Server
Audit User Name: Enter a new database user name to use when accessing the audit database. This user will be given the sysadmin role.
Audit Password: Enter a password.
An additional choice appears in Value change Audit Database Creation menu screen when then the datasource is MSSQL server. This additional choice appears only when the datasource is MSSQL Server.
Compatibility Mode: Choices are Default or MSSQL 2000. The processor is told what compatibility mode to use when monitoring a table.
Use the GuardAPI command, grdapi list_compatibility_modes to show the compatability modes for MS SQL Server.
Oracle
Audit Password: Enter the password for the system user, which will be the database account used to access the audit database.
Default Tablespace: Enter a name for the default tablespace.
Temp Tablespace: Enter a name for the temporary tablespace.
Sybase
Audit User Name: Enter a new database user name to use when accessing the audit database. This user will be granted the sa_role.
Audit Password: Enter a password.
Data Device Name: Enter the same data device name used when initializing the disk for the audit database (guardium_auditdev in the disk initialization procedure described earlier).
Log Device Name: Enter the same log device name used when initializing the disk for the audit database (guardium_auditlog in the disk initialization procedure described earlier).
- Click Create Audit Database to create the audit database.
- Use the selection Value Change Audit Database Update and Upload on the
Config and Control tab to select the actions in this table. Restriction: For Microsoft SQL Server, Sybase, and Sybase IQ, the Guardium system does not receive updates to any column that is a primary key or part of a composite key.
Action Description Delete Click to remove the datasource from the Datasources pane. Modify Click to edit this datasource definition in the Datasource Definition panel. Schedule Upload Click to schedule the upload of this audit datasource.
What to do next
After you create an audit database on a database server, it is available for use by the Value Change Auditing Builder for building triggers. For more information, see Value Change Auditing.