6.3 Configuring Audit Logging with the Audit Manager

Table of Contents Previous Next


6 Audit Manager : 6.3 Configuring Audit Logging with the Audit Manager

To open the Audit manager wizard, select Audit Manager… from the Management menu. The Audit manager - Welcome dialog opens as shown in Figure 6.3.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\06180c1c\audit_manager_intro.png
Click Next to continue.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\803595a3\audit_manager_servers.png
Use the Select servers tree control (shown in Figure 6.4) to specify the servers to which the auditing configuration will be applied. To make a server available in the tree control, you must provide the Service ID on the Advanced tab of the CreateServer dialog when registering a server for monitoring by PEM. Note that only EDB Postgres Advanced Server supports auditing; PostgreSQL servers will not be included in the tree control.
Click Next to continue.
The Auditing Parameters Configuration dialog lets you enable or disable auditing and choose how often log records are collected into PEM (see Figure 6.5).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\cd4309f6\audit_manager_config1.png
Use the fields on the Auditing parameters configuration dialog to specify auditing preferences:
Use the Auditing switch to Enable or Disable auditing on the specified servers.
Use the Audit destination drop-down to select a destination for the audit logs; select File or Syslog. Please note this feature is supported on Advanced Server 10 and newer releases only.
Use the Import logs to PEM switch to instruct PEM to periodically import log records from each server to the PEM Server. Set the switch to Yes to import log files; the default is No.
Use the Collection frequency drop-down listbox to specify how often PEM will collect log records from monitored servers when log collection is enabled.
Use the Log format drop-down listbox to select the raw log format that will be written on each server. If log collection is enabled, the PEM server will use CSV format.
Use the File name field to specify the format used when generating log file names. By default, the format is set to audit-%Y-%m-%d_%H%M%S where:
audit is the file name specified in the Audit Directory Name field
Y is the year that the log was stored
m is the month that the log was stored
d is the day that the log was stored
H is the hour that the log was stored
M is the minute that the log was stored
S is the second that the log was stored
Check the box next to Change Log Directory for selected servers? and use the Audit Directory Name field to specify a directory name to which the audit logs will be written. The directory will reside beneath the data directory on the PEM server.
Use fields in the Log directory box to specify information about the directory in which the log files will be saved:
Move the Change log directory for selected servers? switch to Yes to enable the Directory name field.
Use the Directory name field to specify the name of the directory on each server into which audit logs will be written. The directory specified will be created as a sub-directory of the data directory on the server.
Click Next to continue.
The Audit log configuration dialog (see Figure 6.6) is only available if you have enabled auditing on the Auditing parameters configuration dialog.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\dd4b392f\audit_manager_config2.png
Use the controls on the Audit log configuration dialog to specify log configuration details that will be applied to each server:
Use the Connection attempts switch to specify if connection attempts should be logged. Specify:
None to disable connection logging.
All to indicate that all connection attempts will be logged.
Failed to log any connection attempts that fail.
Use the Disconnection attempts switch to specify if disconnections should be logged. Specify:
None to specify that disconnections should not be logged.
All to enable disconnection logging.
Use the Log statements field to specify the statement types that will be logged. Click within the field, and select from:
Select - All statements that include the SELECT keyword will be logged.
Error - All statements that result in an error will be logged.
DML - All DML (Data Modification Language) statements will be logged.
DDL - All DDL (Data Definition Language) statements (those that add, delete or alter data) will be logged.
Check the box next to Select All to select all statement types.
Check the box next to Unselect All to deselect all statement types.
Use the Audit tag field to specify a tracking tag for the collected logs. Please note that audit tagging functionality is available only for Advanced Server versions 9.5 and later. If you are defining auditing functionality for multiple servers, and one or more of the servers are version 9.5 or later, this field will be enabled, but if selected, tagging functionality will only apply to those servers that are version 9.5 or later.
Use the fields in the Log rotation box to specify how the log files are managed on each server:
Use the Enable? switch to specify that logfiles should be rotated. Please note that a new log file should be used periodically to prevent a single file becoming unmanageably large.
Use the Day drop-down listbox to select a day or days on which the log file will be rotated.
Use the Size (MB) field to specify a size in megabytes at which the log file will be rotated.
Use the Time (seconds) field to specify the number of seconds between log file rotations.
Click Next to continue:
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\90bca4f8\audit_manager_finish.png
Use the Schedule Auditing Changes dialog (see Figure 6.7) to determine when auditing configuration changes are to take effect.
Select Configure logging now? if you want the auditing configuration changes to take place immediately. The affected database servers will be restarted so the auditing changes can take effect.
Use the Time? selector to schedule the auditing configuration changes to take place at some point in the future. Select the desired date and time from the drop-down lists. The affected database servers will be restarted at the specified date/time to put the auditing changes into effect.
Click Finish to complete the auditing configuration process.
You can use the Scheduled Tasks tab to review a list of Scheduled jobs. To open the Scheduled Tasks tab, highlight the name of a server or agent and select Scheduled Tasks… from the Management menu.

6 Audit Manager : 6.3 Configuring Audit Logging with the Audit Manager

Table of Contents Previous Next