8.2 Logging Events to the MySQL Database

After you have created a MySQL database for the Novell Audit server and you have installed the driver, you can configure the Novell Audit Secure Logging Server so that it writes events to the MySQL server.

8.2.1 Creating the MySQL Log Channel

  1. In the Administration Console, click Auditing and Logging > Logging Server Options.

  2. Use the Object Selector icon to find the Logging Services object and expand it.

  3. Click the Logging Server object that has the hostname of your Administration Console prepended to it, for example Jwilson1 Logging Server.Logging Services.

  4. Click OK.

  5. On the Logging Server Options page, click the Channels tab.

  6. Select Container Name, then click Channel Actions > New.

  7. Fill in the following:

    Channel Name: Specify MySQL.

    Channel Type: Select MySQL Channel.

  8. Click OK.

  9. On the Configuration page, fill in the following:

    Host: Specify the IP address of your MySQL server with a port of 3306. For example: 10.10.10.10:3306.

    Port 3306 is the default port for the MySQL 5.0 server. If you have configured your server to use a different port, enter it instead. If you are using a different version of MySQL, verify the port required by the JDBC driver.

    Name: Specify naudit.

    Table: Specify nauditlog.

    User: Specify auditusr.

    Password: Specify auditpwd.

  10. Click Test Credentials, then enter the following in the JDBC Class field:

    com.mysql.jdbc.Driver

  11. Click OK.

    You should receive a Database test connection was successful message. If you do not receive this message, verify your configuration information.

  12. Click OK.

  13. Continue with Section 8.2.2, Configuring the Audit Server to Log Events to the MySQL Log Channel.

8.2.2 Configuring the Audit Server to Log Events to the MySQL Log Channel

  1. On the Logging Server Options page, click the General tab, then click Configuration.

  2. In the Log Channel field, click the Object Selector icon, expand the Channels object, then select the MySQL object.

    The Log Channel field should now contain MySQL.Channels.Logging Services as its value.

  3. To save the changes, click Apply.

  4. Click OK.

  5. To update the audit server with this new channel, complete the following steps from a terminal window on your Administration Console:

    1. Stop the audit server by using the following command:

      /etc/init.d/novell-naudit stop

    2. Start the audit server by using the following command:

      /etc/init.d/novell-naudit start -d

      Starting the audit server causes the nauditlog table in the MySQL database to be created. The start -d option causes the console to appear. Leave it running for now so you can see when events start occurring.

      If you close the console by pressing Ctrl+C, you close the console and stop the audit server. You need the audit server to be running for the rest of these instructions to work.

  6. Verify that the table was created in the database by using the following steps:

    1. Log in to your MySQL server.

    2. Change to the naudit database by using the following command:

      use naudit;

    3. To display the tables in the database, use the following command:

      show tables;

      The nauditlog table should be in the list. If it is not, repeat Step 5.

    4. To view the columns in the table, use the following command:

      describe nauditlog;

      The nauditlog table should have 24 rows.

  7. Continue with Section 8.2.3, Configuring Access Manager Components to Log Audit Events.

8.2.3 Configuring Access Manager Components to Log Audit Events

The database is ready to receive events, and the Novell Audit Secure Logging Server is ready to send events to the database. The next step is to configure Access Manager to send events to the server, which channels them to the database. For more information about these events, see Enabling Auditing in the Novell Access Manager 3.0 SP4 Administration Guide.

  1. To enable general Access Manager events, complete the following steps:

    1. In the Administration Console, click Access Manager > Auditing.

    2. In the Management Console Audit Events section, select the Select All option.

    3. Click Apply.

  2. To enable Identity Server events, complete the following steps.

    1. In the Administration Console, click Access Manager > Identity Servers > Edit > Logging.

    2. Scroll to the Novell Audit Logging section, then select Enable.

    3. For events, select either the Select All option or at least the following: Login Provided, Server Started, Server Stopped, Server Refreshed.

    4. Click OK.

    5. On the Identity Servers page, click Update > OK.

  3. To enable Access Gateway event, complete the following steps:

    1. In the Administration Console, click Access Gateways > Edit > Novell Audit.

    2. For events, select either the Select All option or at least the following: Access Denied, URL Accessed, and Access Allowed.

    3. Click OK twice.

    4. On the Access Gateways page, click Update > OK.

  4. Generate a few events by logging in to Access Manager and accessing a resource.

    The audit event configuration changes to the Identity Server and the Access Gateway generated a few events, but logging in and accessing a resource generates a few more.

  5. To verify that events are being logged in the nauditlog table, complete the following steps:

    1. Log in to your MySQL server.

    2. Change to the naudit database by using the following command:

      use naudit;

    3. To display two columns of data, use the following command:

      select EventID, Originator from nauditlog;

  6. Continue with Section 8.3, Configuring Queries.