Sentinel 7 Collector for AGS 6

Sentinel 7 Collector for AGS 6

Here is a quick step-by-step guide on how to use the Sentinel MySQL collector to point to AGS 6 for audit events. I am running Windows and mySQL for AGS server, but the procedure can be easily adapted to Linux, Oracle or MS-SQL.


Click to view.

Figure 1: Using graphical tool to access MySql database. mysql.exe command can also be used.


e.g. : mysql -u root -p password


Click to view.

Figure 2: spt_audit_event table that contains user(administrators, reviewers, etc) events.




Click to view.

Figure 3: We create a view that will be used by Sentinel to collect events. Alternatively, we could have modified the query in Sentinel collector.


Here is the create view statement:
-------------------------
create view identityiq.general_log as
select CONCAT(FROM_UNIXTIME(LEFT(created, LENGTH(created) - 3)), '.', RIGHT(created, 3))
as event_time,action,source as user_host,id as thread_id, 'localhost' as server_id, action as command_type, target as argument from identityiq.spt_audit_event;
--------------------------

Note that we have to convert the bigint format for the created column to a format that Sentinel can read.


Click to view.

Figure 4: general_log view.




Click to view.

Figure 5: Sentinel 7 collector for AGS, MySQL.


You may have to grant additional rights to identityiq user for remote access to mySQL objects, for example:
------------------
GRANT SELECT ON identityiq.general_log TO 'identityiq'@'%';
------------------



Click to view.

Figure 6: AGS 6 events including login, forward, etc.


I hope this quick article proved to be helpful to you.

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
Interesting, thank you. Is this leveraging the to-be-released AGS 6 (based on Sailpoint) or some other configuration?
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2012-03-07 00:15
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.