7.7 JDBC

The JDBC channel allows the logging server to output filtered events to any JDBC-enabled data store.

WARNING:The JDBC channel does not work on NetWare 5.x. The JDBC channel requires JVM 1.4.2, which is not compatible with NetWare 5.x. Attempting to run the JDBC channel on NetWare 5.x abends the server.

7.7.1 JDBC Channel Driver

Nsure Audit installs its Java drivers to the following Nsure Audit classpath directories:

Table 7-6 Nsure Audit Java Classpath

Platform

Java Classpath

NetWare

sys:\system\naudit\

Windows

\program files\novell\nsure audit\java\logdriver\

Linux

/opt/novell/naudit/java/logdriver/

Solaris

/opt/NOVLnaudit/java/logdriver/

At startup, the JDBC driver, lgdjava, looks in the Nsure Audit Java classpath for the JDBC Class designated in the JDBC Channel object configuration. It then attempts to launch the JDBC Class. If it is successful, that instance of the Class remains active until the JDBC Channel object is disabled or the Secure Logging Server is shut down.

If it cannot launch the JDBC Class, the JDBC driver refuses to load. This safeguard ensures that no events are lost because of misconfiguration.

NOTE:The JDBC driver does not buffer events that are undeliverable because of misconfiguration or a server failure.

Configuration Requirements

The configuration requirements to use the JDBC channel with a JDBC-enabled data store are as follows:

  • For performance reasons, we recommend using only the channels discussed in Data Store as the primary log channel, and use JDBC data stores for notifications.
  • Install and configure any JDBC-enabled data store according to the instructions provided by the vendor.
  • In the JDBC-enabled data store, create a Nsure Audit database and a database user.
  • The server hosting your JDBC data store must have JVM* 1.4.1 or later.
  • Obtain the JDBC drivers for your data store.

    The JDBC drivers are available at the following sites:

    Table 7-7 JDBC Driver Sites

    Data Store

    Driver

    Site

    MySQL

    MySQL Connector/J

    http://dev.mysql.com/downloads/

    Oracle

    Oracle Instant Client

    http://www.oracle.com/technology/tech/oci/instantclient/instantclient.html

    Microsoft SQL Server

    Microsoft SQL Server Driver for JDBC

    http://www.microsoft.com/downloads/

    QL Server and Sybase JDBC driver

    jTDS (S)

    http://www.sourceforge.net/
  • Copy the JDBC drivers for your data store to the Nsure Audit Java classpath or a subdirectory thereof. See Table 7-6 for the Nsure Audit Java classpath directories.
  • If you are going to query a JDBC data store in iManager, copy all required JDBC drivers (*.jar) to the following iManager classpaths on your iManager server:

    • NetWare: sys:\tomcat\4\common\lib

    • Linux and Solaris: /var/opt/novell/tomcat4/common/lib

    • Windows: \program files\novell\tomcat\common\lib

  • If you are using the JDBC Channel on a Windows machine, add the jvm.dll directory path to the Path system variable. For example, c:\j2sdk1.4.2_09\jre\bin\server\. You must reboot the machine for the changes to take effect.
  • On Linux/Solaris, the LD_LIBRARY_PATH variable must point to the paths for libverify.so, and libjvm.so. You must reboot the machine for the changes to take effect.
  • On Linux and Solaris platforms, export LD_LIBRARY_PATH to the path of the server JVM. To do this, create /etc/profile.local (if it does not exist), then add an export line similar to the following:
    export LD_LIBRARY_PATH=/usr/lib/java/jre/lib/i386/server:/usr/lib/java/jre/lib/i386/

    Replace /usr/lib/java with the full path to the Java runtime environment, for example, /usr/lib/SunJava2-1.4.1.

  • When creating the JDBC channel object in iManager, Java classpath entries must be separated by a colon if your JDBC data store is hosted on Linux or Solaris. If your JDBC data store is hosted on NetWare or Windows, Java classpath entries must be separated by a semicolon.

For additional information on configuring the JDBC channel, see Section F.0, Using JDBC Data Stores with Nsure Audit.

7.7.2 JDBC Channel Object

The JDBC Channel object stores the information the JDBC driver needs to write events to a JDBC-enabled data store.

The following table provides a description of each Channel object attribute.

IMPORTANT:You must restart the logging server to effect any changes in Channel object configuration. For more information, see Section G.3, Secure Logging Server Startup Commands

Table 7-8 JDBC Channel Object Attributes

Attribute

Description

Configuration

 

JDBC Class

Package and name of the Java Class providing JDBC connectivity.

The following are Java class examples for the most common JDBC drivers:

  • MySQL: com.mysql.jdbc.Driver

  • Oracle: oracle.jdbc.driver.OracleDriver

  • SQL Server: com.microsoft.jdbc.sqlserver.SQLServerDriver

JDBC URL

Valid JDBC URL for the target data store, including the table name.

The following are JDBC URLs for the most common JDBC drivers:

  • MySQL: jdbc:mysql://192.168.0.5/naudit

  • Oracle: jdbc:oracle:thin:@ip_address:port:sid

  • SQL Server: jdbc:microsoft:sqlserver://ip_address:port;DatabaseName=database_name

Username

The username the JDBC driver requires to log in to the data store.

Password

The password the JDBC driver requires to log in to the data store.

JDBC Table

Name of the table used to log Nsure Audit events.

JDBC Table Create SQL

If the table specified in the JDBC Table parameter does not exist, use SQL commands to create the table.

Max Data Size

The maximum size (in bytes) of information that can be written at one time to the data store.

Status

Allows you to enable or disable the Channel object. By default, all Channel objects are enabled. This means that the logging server loads the Channel object’s configuration in memory at startup.

The Channel object must be located in a supported Channel container for the logging server to use it. For more information on the logging server’s Channel Container property, see Logging Server Objects .

If you select the Disabled option, you must restart the Secure Logging Server for the setting to become effective. Thereafter, the logging server cannot load the object’s configuration until you select Enabled.

For information on unloading the logging server, see Section G.3, Secure Logging Server Startup Commands.