Sentinel 7 Collector for AGS 6

0 Likes

Here is a quick step-by-step guide on how to use the Sentinel MySQL collector to point to AGS 6 for audit events. I am running Windows and mySQL for AGS server, but the procedure can be easily adapted to Linux, Oracle or MS-SQL.


Click to view.

Figure 1: Using graphical tool to access MySql database. mysql.exe command can also be used.

e.g. : mysql -u root -p password


Click to view.

Figure 2: spt_audit_event table that contains user(administrators, reviewers, etc) events.


Click to view.

Figure 3: We create a view that will be used by Sentinel to collect events. Alternatively, we could have modified the query in Sentinel collector.

Here is the create view statement:

-------------------------
create view identityiq.general_log as
select CONCAT(FROM_UNIXTIME(LEFT(created, LENGTH(created) - 3)), '.', RIGHT(created, 3))
as event_time,action,source as user_host,id as thread_id, 'localhost' as server_id, action as command_type, target as argument from identityiq.spt_audit_event;
--------------------------

Note that we have to convert the bigint format for the created column to a format that Sentinel can read.


Click to view.

Figure 4: general_log view.


Click to view.

Figure 5: Sentinel 7 collector for AGS, MySQL.

You may have to grant additional rights to identityiq user for remote access to mySQL objects, for example:

------------------
GRANT SELECT ON identityiq.general_log TO 'identityiq'@'%';
------------------

Click to view.

Figure 6: AGS 6 events including login, forward, etc.

I hope this quick article proved to be helpful to you.

Labels:

How To-Best Practice
Comment List
Related
Recommended