Using its available channel drivers, Novell Audit can log events to the following applications and interfaces:
Flat file in the file system
MySQL database
Oracle* database
Microsoft* SQL Server database
Java*
JDBC*
JMS
SNMP
SMTP
Syslog database
Before selecting a storage device for your data store, you need to consider your system’s logging traffic. On the high end, the File driver can process over 30,000 events per second on a P4 Xeon* class server. Databases, on the other hand, are, much slower (the MySQL driver can handle about 5,000 events per second on a P4 Xeon class server); however, they provide advanced querying and reporting.
Novell Audit is designed to handle occasional peaks that exceed a given database’s limitations; however, if you expect to consistently exceed the database driver’s capacity, you must plan your setup accordingly, either by using multiple Secure Logging Servers or by using the File driver. For information on configuring multiple logging servers, see Section 7.2, Configuring Multiple Secure Logging Servers.
IMPORTANT:In planning your system setup, you should perform your own throughput test in your environment and not rely solely on the numbers provided in this document.
After configuring a Novell Audit data store, you must create
a Channel object. Each Channel object defines the parameters associated
with its corresponding storage device. For example, MySQL Channel
objects include the IP address or host name of the MySQL database
server, a username and password for connecting with the server,
the database and table names, and fields for SQL table create and
expiration commands. For more information on creating and configuring
Channel objects, see Configuring
System Channels
in the Novell
Audit 2.0 Administration Guide.
After creating the Channel object, you must configure the
logging server to log events to that channel. The Log Driver property
in the Logging Server object determines which Channel object the server
uses to create the data store. For more information on the Log Driver
property, see Logging
Server Object Attributes
in the Novell
Audit 2.0 Administration Guide.
After the Channel and Logging Server objects are configured, you must restart the logging server to load the Channel object configuration and the channel driver. In most cases, the channel driver automatically creates the necessary file or database table for the data store.
IMPORTANT:Novell Audit does not secure the data store. Therefore, you must manage data store security at the database for MySQL and Oracle data stores, or through the file system for file data stores.
The data store structure for common storage devices is discussed in the following sections: