Skip to main content
Version: 7.2402.x.x RR

Audit log database setup

Audit record messages are stored in a relational database. Currently, nevisDataPorter supports MySQL, PostgreSQL and Oracle RDBMS. Persisting audit record messages in a relational database requires the database tables and users to be created and set up with the following command:

nevisdp <INST> create-db [mysql|oracle]

Before executing this command specify the database properties in:

/var/opt/nevisdp/<INST>/conf/db.properties

An example of db.properties:

ORACLE_HOME=/share/xpository/oracle/instantclient/11.2.0.3/i486-linux-gcc3/
dist-bin/instantclient_11_2/
DBSYSTEM_USER=system
DBSYSTEM_PASSWORD=managed
DBSID=DCHNDP01
DBHOST=oravms01
DBPORT=49100
DBSCHEMA=ndp
DBOWNER_NAME=undp01
DBOWNER_PASSWORD=undp01
DBUSER_NAME=undp02
DBUSER_PASSWORD=undp02

Executing create-db first substitutes the placeholders of the sql files in /opt/nevisdp/sql/ with the configured properties and then execute the substituted sql scripts. The substituted sql scripts can be found in /var/opt/nevisdp/<INST>/.sql/.

After successfully creating the database, the nevis-audit.properties file is automatically adapted to the new database connection settings. The nevis-audit.properties file is used by the dataporter to set connection parameters for the persistence layer.

Configuration of the Audit feature

In the nevisDP installation, the nevisdp-audit.properties file is created. You can see/edit your configuration with the following command:

nevisdp config audit

The first rows are related to the JDBC configuration:

  • The audit.backend property that can be "text" (log file auditing) or "jpa" (database auditing).
  • The text file related configuration.

After you completed the configuration, you can define <audit> tags in your nevisDataporter XML. You can check the XSD schema about audit elements, and audit your entity and sink definitions.

Example

<export>
<module name="default">
<entity name="user">
<audit type="USER" subtype="Employee" entityId="simpleoma" />
<dataSource type="NevisIDMSource">
<dp:paraVal name="service" value="${inst.adminService}"/>
<dp:paraVal name="queryType" value="user"/>
</dataSource>

AND/OR

<dataSink type="LDAPDataSink">
<dp:paraVal name="ldapContext" value="${inst.ldapConnection}"/>
<dp:paraVal name="operation" value="createOrUpdate"/>
<dp:paraVal name="basedn" value="ou=people,o=NEVIS Security AG,dc=nevisdp,dc=dev"/>
<dp:paraVal name="rdn" value="cn=#{out.user.cn}"/>
<audit targetSystem="simple_sink1" onSuccess="oma success #{out.user.string}" onError="oma error" />
</dataSink>