To create an audit database and perform value-change monitoring activities,
you will need to have a user account with appropriate permissions to:
Create a database on the server
Create a database user account on the server
Log in to each database to be monitored
Create tables and triggers on each database to be monitored
Before Defining an Audit Database under Informix or Sybase
Note that for Informix and Sybase (except for Sybase IQ, which does
not support triggers). Depending on the operating system for the database
server, you must perform one of the following procedures before defining
the audit database.
This topic applies for Informix (9.4 or later). Under Informix, we strongly
recommend that you avoid using the default root database space, root_dbs. You cannot drop this space
or reduce its size. You should use any other
database space that has been defined, or to create a new database space,
perform one of the following procedures (depending on the operating system):
Create an Informix Database Space on a Windows Server
This procedure is performed outside of the Guardium GUI, and applies
for Informix version 9.4 or later.
Verify that the database server is online and listening.
Create a zero-byte file named guardium_dbs_dat.000
in the C:\IFMXDATA\server-name
directory (sever-name is the name
of the Informix server or the service name). You can do this by saving
an empty text file, and then renaming the file, replacing the txt suffix
with 000.
Make the following directory the working directory:
C:\Program
Files\Informix\bin
Execute following command:
C:\Program Files\Informix\bin>onspaces -c -d guardium_dbs
-p C:\IFMXDATA\server-name\guardium_dbs_dat.000 -o 0 -s 150000
If the file is created successfully, you
will receive the following messages:
Verifying physical disk space, please wait ...
Space successfully added.
**
WARNING ** A level 0 archive of Root DBSpace will
need to be done.
Restart the Informix server, and use a suitable tool
(Aqua Data Studio remote client, for example) to connect and verify that
the space named guardium_dbs
has been created. Your first connection attempt may fail with a message
about the server running in Quiescent Mode. If
this happens, attempt to re-connect at least two more times, and it should
work fine.
To verify that the guardium_dbs
database space has been created, use Aqua Data Studio, and look under
Storage.
Create an Informix Database Space on a Unix Server
This procedure is performed outside of the Guardium GUI, and applies
for Informix version 9.4 or later.
From a command-line window, enter the following commands:
su - informix
cd demo/server
vi guardium_dbs =>
save it to create an empty file.
Without adding any text, save the empty guardium_dbs
file.
Enter the following commands:
chmod 660 guardium_dbs
cd ../../bin
onspaces -c -d guardium_dbs -p /home/informix10/demo/server/guardium_dbs
-o 0 -s 100000
This topic applies for Sybase servers only (except for Sybase IQ, which
does not support triggers). Depending on the operating system of the database
server, perform one of the following procedures to initialize disks.
Initialize Disks on a Windows Sybase Server
Connect to the server on which you want to create the
Guardium audit database: guardium_audit.
Create a folder named guardium_audit,
under the c: drive.
Connect to the database using datastudio
or using isql.
Execute the following commands:
use master
go
disk init name="guardium_auditdev", physname="c:/guardium_audit/guardium_auditdev",
size=8192
go
disk init name="guardium_auditlog", physname="c:/guardium_audit/guardium_auditlog",
size=8192
go
Initialize Disks on a Unix Sybase Server
Connect to the database using datastudio
or using isql.
Execute the following statements:
use master
go
disk init name = 'guardium_auditdev', physname
='/home/sybase/data/guardium_auditdev'
, size = 8192
go
disk init name = 'guardium_auditlog', physname
='/home/sybase/data/guardium_auditlog'
, size = 8192
go
For an Informix or Sybase database, be sure to perform the preliminary
tasks described above, before performing this procedure.
Do one of the following to open the Value Change Database
Builder:
Administrators, select Tools > Config & Control
> Value Change Database Builder.
Users, select the Value Change Database Builder
from a custom tab. (This application is available to users, but does not
appear on a default layout. To add this application to a custom tab, see
Portal Customization in the Common Tools
book.)
Click the Create Audit
Database button to open the Create Value Change Audit Database
panel.
Click Add Datasource
to open the Datasource Finder panel. Datasources that have been defined
from the Value Change Auditing application are labeled Monitor Values.
Datasources that have been defined for other applications will have different
labels (Listener, or DBanalyzer, for example), and those datasources may
not have the appropriate set of database access permissions for Value
Change Auditing application, which requires a user account having database
administrator authority. If a suitable datasource is not available, click
the New button to define a new
one for the database to be monitored (see Datasources
in the Common Tools book for detailed information on defining datasources).
Select a datasource that uses an administrator account,
and click Add, to add it to the
Datasources pane on the Create Value Change Audit Database panel.
Enter an Audit Datasource
Name. This is the name that will be used to identify the datasource
later, to define monitoring tasks and to upload data. Do not confuse this
name with the name of the Datasource from the Datasources panel.
Optionally mark the Share
Datasource box to share this datasource with other applications
(Classification, for example). The default is not to share the datasource.
This type of datasource requires administrator privileges, so you may
not want to share this datasource with other applications.
For any database type other than DB2, there will be
additional fields in the Audit Configuration pane. All fields are required.
Referring to the following table, enter the appropriate values.
Additional Audit Configuration Fields Table
|
Database Type |
Field: Description |
|
Informix |
Database Space: Enter the name
of an existing database space to use, or enter the name of the database
space you created for the audit database (guardium_dbs in the example
shown previously). If you leave this blank, the default root_dbs space
will be used, which we do not recommend. |
|
MS SQL Server |
Audit User Name: Enter a new
database user name to use when accessing the audit database. This user
will be given the sysadmin role.
Audit Password: Enter a password
for the above. |
|
Oracle |
Audit Password: Enter the password
for the system user, which will be the database account used to access
the audit database.
Default Tablespace: Enter a
name for the default tablespace.
Temp Tablespace: Enter a name
for the temporary tablespace. |
|
Sybase |
Audit User Name: Enter a new
database user name to use when accessing the audit database. This user
will be granted the sa_role.
Audit Password: Enter a password
for the above.
Data Device Name: Enter the
same data device name used when initializing the disk for the audit database
(guardium_auditdev in the disk initialization procedure described earlier).
Log Device Name: Enter the same
log device name used when initializing the disk for the audit database
(guardium_auditlog in the disk initialization procedure described earlier). |
Click the Create Audit
Database button to create the audit database, or select any other
action from the table below.
|
Action |
Description |
|
 (Remove)
|
Click to remove the datasource from the Datasources pane. Before you
can do anything else, you will need to select another datasource using
the Add Datasource button (see below). |
|
Add Datasource |
Only one datasource can be selected for this operation, so this button
is only enabled when the Datasources pane is empty. Click the Add Datasource
button to select a datasource using the Datasource Finder (as described
above). |
|
 (Edit this Datasource)
|
Click to edit this datasource definition in the Datasource Definition
panel (see Datasources
in the Common Tools book for detailed information on defining datasources). |
|
Cancel |
Cancel the operation without creating an audit database. |
|
Create Audit Database |
Click to create the Audit database. |
After Defining the Audit Database
After an audit database has been created on a database server, it will
be available for use by the Value Change Auditing Builder, which is the
tool that is used to build triggers. See Value
Change Auditing.