Table of Contents Previous Next


8 Audit Manager : 8.3 Configuring Audit Logging with the Audit Manager

To open the Audit Manager, select Audit Manager… from the Management menu. The Audit Manager Welcome dialog opens as shown in Figure 8.3.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\843a8858\amone.png
Click Next to continue.
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\db44227d\amtwo.png
The Auditing Parameters Configuration dialog lets you enable or disable auditing and choose how often log records are collected into PEM (see Figure 8.5).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\943bb83b\amthree.png
Use the fields on the Auditing Parameters Configuration dialog to specify auditing preferences:
Use the Auditing Status radio buttons to Enable or Disable auditing.
Check the Enable Log Collection checkbox to instruct PEM to periodically gather the log records so you can later view them in the Audit Log dashboard. When enabled, the PEM agent will parse the audit logs, and store the result in the pemdata.audit_logs table on the PEM server.
Use the Collection Frequency drop-down list to specify how often PEM should collect the log records.
Use the Log Format radio buttons to specify the raw log format that will be written on each server. When Enable Log Collection is checked, PEM will use CSV format.
Check the box next to Change Log Directory for selected servers? and use the Audit Directory Name field to specify a directory name to which the audit logs will be written. The directory will reside beneath the data directory on the PEM server.
Use the Audit File Name to specify a format for the log file name. By default, the format is audit-%Y-%m-%d_%H%M%S, where:
audit is the file name specified in the Audit Directory Name field
Y is the year that the log was stored
m is the month that the log was stored
d is the day that the log was stored
H is the hour that the log was stored
M is the minute that the log was stored
S is the second that the log was stored
Click Next to continue to the Audit Log Configuration dialog (see Figure 8.6).

C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\4a4d9185\amfour.png
Use the Audit Log Configuration dialog to determine the types of activities to be logged during auditing:
Specify All to log all connection attempts, Failed to log only failed connection attempts, or None for no connection logging of Log Connection Attempts.
Specify All to log all disconnection attempts or None for no disconnection logging of Log Disconnection Attempts.
Check the Log Select Statements checkbox to log SELECT statements.
Check the Log Error Statements checkbox to log SQL statements that result in an error.
Check the Log DML Statements checkbox to log data manipulation language SQL statements such as INSERT, UPDATE, and DELETE.
Check the Log DDL Statements checkbox to log data definition language SQL statements such as CREATE, DROP, and ALTER.
Click Next to continue to the Auditing Parameters Log Rotation dialog (see Figure 8.7).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\42468925\amfive.png
Use the Auditing Parameters Log Rotation dialog to set factors controlling audit log file rotation.
Check the Enable Log Rotation checkbox to periodically rotate the log file. If the log file is not rotated, all records will be saved in a single file that may grow to an unmanageably large size over time.
Use the Rotation Day drop-down list to specify a rotation schedule for the log file. You can specify:
o
Everyday to instruct the server to rotate the log file each day
o
None to indicate that log rotation should occur based on file size and/or length of time between rotations
Use the Rotation Size field to specify the maximum size of the log file; the log file will be rotated upon reaching the given file size.
Use the Rotation Time field to specify the length of time between rotations; the log file will be rotated after the specified the number of seconds have passed.
Click Next to continue to the Schedule Auditing Changes dialog (see Figure 8.8).
C:\Users\susan\AppData\Local\Temp\vmware-susan\VMwareDnD\0db112da\amsix.png
Use the Schedule Auditing Changes dialog to determine when auditing configuration changes are to take effect.
Select Configure Auditing Now if you want the auditing configuration changes to take place immediately. The affected database servers will be restarted so the auditing changes can take effect.
Select Schedule it for some other time if you want the auditing configuration changes to take place at some point in the future. Select the desired date and time from the drop-down lists. The affected database servers will be restarted at the specified date/time to put the auditing changes into effect.
Click Finish to complete the auditing configuration process.
You can use the Task Viewer to review a list of Scheduled jobs. To open the Task Viewer, right click on the name of a server or agent and select Scheduled Tasks from the context menu.

8 Audit Manager : 8.3 Configuring Audit Logging with the Audit Manager

Table of Contents Previous Next