Audit log database setup
Audit record messages are stored in a relational database. Currently, nevisDataPorter supports MySQL and Oracle RDBMS. Persisting audit record messages in a relational database requires the database tables and users to be created and set up with the following command:
nevisdp <INST> create-db [mysql|oracle]
Before executing this command specify the database properties in:
/var/opt/nevisdp/<INST>/conf/db.properties
An example of db.properties
:
ORACLE_HOME=/share/xpository/oracle/instantclient/11.2.0.3/i486-linux-gcc3/
dist-bin/instantclient_11_2/
DBSYSTEM_USER=system
DBSYSTEM_PASSWORD=managed
DBSID=DCHNDP01
DBHOST=oravms01
DBPORT=49100
DBSCHEMA=ndp
DBOWNER_NAME=undp01
DBOWNER_PASSWORD=undp01
DBUSER_NAME=undp02
DBUSER_PASSWORD=undp02
Executing create-db
first substitutes the placeholders of the sql
files in /opt/nevisdp/sql/
with the configured properties and then execute the substituted sql
scripts. The substituted sql
scripts can be found in /var/opt/nevisdp/<INST>/.sql/
.
After successfully creating the database, the nevis-audit.properties
file is automatically adapted to the new database connection settings. The nevis-audit.properties
file is used by the dataporter to set connection parameters for the persistence layer.
Configuration of the Audit feature
In the nevisDP installation, the nevisdp-audit.properties file is created. You can see/edit your configuration with the following command:
nevisdp config audit
The first rows are related to the JDBC configuration:
- The
audit.backend
property that can be "text" (log file auditing) or "jpa" (database auditing). - The text file related configuration.
After you completed the configuration, you can define <audit>
tags in your nevisDataporter XML. You can check the XSD schema about audit elements, and audit your entity and sink definitions.
Example
<export>
<module name="default">
<entity name="user">
<audit type="USER" subtype="Employee" entityId="simpleoma" />
<dataSource type="NevisIDMSource">
<dp:paraVal name="service" value="${inst.adminService}"/>
<dp:paraVal name="queryType" value="user"/>
</dataSource>
AND/OR
<dataSink type="LDAPDataSink">
<dp:paraVal name="ldapContext" value="${inst.ldapConnection}"/>
<dp:paraVal name="operation" value="createOrUpdate"/>
<dp:paraVal name="basedn" value="ou=people,o=NEVIS Security AG,dc=nevisdp,dc=dev"/>
<dp:paraVal name="rdn" value="cn=#{out.user.cn}"/>
<audit targetSystem="simple_sink1" onSuccess="oma success #{out.user.string}" onError="oma error" />
</dataSink>