NSD1161 Configuring NordicEdge Identity Manager audit to database
Fact
Nordic Edge Identity Manager 3.5, 4.0 and 4.2
Audit for IM 4.5 please click the following link – NSD1315
Situation
One may want to redirect audit messages to relational database.
This article describes how this can be done.
Solution
Once a database engine is selected a database and table must be configured.
·Create the database or choose an appropriate existing database.
·Create the sql table to which Identity Manager should send auditing messages. This can be done with the following standard SQL command:
create table imaudit (auditDate DATETIME not null, userDN VARCHAR(200), objectDN VARCHAR(200), message VARCHAR(500), filter VARCHAR(100))
or for ORACLE
create table imaudit (auditDate DATE not null, userDN VARCHAR(200), objectDN VARCHAR(200), message VARCHAR(500), filter VARCHAR(100))
This SQL query may have to be modified depending on the SQL syntax of the chosen database engine. Check with your database administrator for assistance.
Setting up policies
Policies must be set in DSEditor.properties and cannot be loaded from directory.
Enable auditing to database by setting:
Enable_Audit_TO_DB=true
Set the table name:
log4j.appender.audit.table=tablename(default imaudit)
If the database is configured as an ODBC source set the following: log4j.appender.audit.URL=jdbc:odbc:datasourceName
log4j.appender.audit.DBUser=myDBUser
log4j.appender.audit.DBPassword=myDBUserPassword
If the database is not an ODBC source and the database engine is Microsoft SQL 2005:
log4j.appender.audit.URL=jdbc:sqlserver:// dbhostname;databaseName=datebase;user=userName;password=password
log4j.appender.audit.Class=com.microsoft.sqlserver.jdbc.SQLServerDriver
If the database is not an ODBC source and the database engine is Microsoft SQL 2000:
log4j.appender.audit.URL=
jdbc:sqlserver:// dbhostname;databaseName=datebase;user=userName;password=password
log4j.appender.audit.Class= com.microsoft.jdbc.sqlserver.SQLServerDriver
If the database is not an ODBC source and the database engine is MySQL:
log4j.appender.audit.URL=jdbc:mysql://dbhostname:port/databasseName
log4j.appender.audit.DBUser=root
log4j.appender.audit.DBPassword=connected
log4j.appender.audit.Class=com.mysql.jdbc.Driver
If the database is not an ODBC source and the database engine is Oracle:
log4j.appender.audit.URL=jdbc:oracle:thin:@// dbhostname:port/dbname
log4j.appender.audit.DBUser=root
log4j.appender.audit.DBPassword=connected
log4j.appender.audit.Class= oracle.jdbc.driver.OracleDriver
General
·Ensure the database user has "insert" and "read" access rights to the audit table.
·When not using ODBC as a connection method, copy the appropriate .jar files to the /lib directory. For the standalone client this is: %imroot%/lib. For the web application this is: %webapplicationroot%/WEB-INF/lib.
·If you are using the standalone client please add the .jar files to the class path in the appropriate .lax file.
Disclaimer
The origin of this information may be internal or external to Nordic Edge™. Nordic Edge™ makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Nordic Edge™ makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.
Nordic Edge Support – www.nordicedge.se
