Previous Topic: How to Store Session Information in PostgreSQLNext Topic: How to Store Audit Logs in MySQL


How to Store Audit Logs in IBM DB2

Complete the following procedures to configure an IBM DB2 database to store audit logs:

  1. Be sure that you have gathered the required database information.
  2. Be sure that the table space page size (page_size) and the buffer pool page size settings for the database instance are each set to at least 16k.

    The default DB2 value for each setting is not sufficient for the CA SiteMinder® audit log schema.

  3. Create the audit store schema.
  4. Configure the IBM DB2 data source for CA SiteMinder®.
  5. Point the Policy Server to the audit store.
  6. Restart the Policy Server

More information:

Gather Database Information

Configure an IBM DB2 Data Source for CA SiteMinder®

Create the Audit Store Schema

You create the CA SiteMinder® schema so that an IBM DB2 database can store audit logs.

Follow these steps:

  1. Log in to the Policy Server host system.
  2. Navigate to siteminder_home\db\tier2\DB2.
    siteminder_home

    Specifies the Policy Server installation path.

  3. Open the following file and copy the contents to a text editor:
    sm_db2_logs.sql
    
  4. Remove NULL from the following lines:
    sm_assertion_id         VARCHAR(255) NULL,
    sm_assertion_issuerid   VARCHAR(255) NULL,
    sm_assertion_destinationurl     VARCHAR(4096) NULL,
    sm_assertion_statuscode         VARCHAR(255) NULL,
    sm_assertion_NotOnBefore    TIMESTAMP,
    sm_assertion_notonorafter       TIMESTAMP,
    sm_assertion_sess_starttime     TIMESTAMP,
    sm_assertion_sess_notonorafter  TIMESTAMP,
    sm_assertion_authcontext        VARCHAR(255) NULL,
    sm_assertion_versionid          VARCHAR(255) NULL,
    sm_assertion_claims             VARCHAR(255) NULL,
    sm_application_name             VARCHAR(255) NULL,
    sm_tenant_name                  VARCHAR(255) NULL,
    sm_authentication_method        VARCHAR(255) NULL
    
  5. Save the changes to the file.
  6. Paste the contents into a query and execute the query.

    Note: For more information executing a query, see the IBM documentation.

    The audit store schema is added to the database.

Point the Policy Server to the Database

You point the Policy Server to the database so the Policy Server can read and store audit logs.

To point the Policy Server to the data store

  1. Open the Policy Server Management Console, and click the Data tab.

    Database settings appear.

  2. Select ODBC from the Storage list.

    ODBC settings appear.

  3. Select Audit Logs from the Database list.
  4. Select ODBC from the Storage list.

    Data source settings become active.

  5. Enter the name of the data source in the Data Source Information field.
  6. Enter and confirm the user name and password of the database account that has full access rights to the database instance in the respective fields.
  7. Specify the maximum number of database connections allocated to CA SiteMinder®.

    Note: We recommend retaining the default for best performance.

  8. Click Apply.

    The settings are saved.

  9. Click Test Connection.

    SiteMinder returns a confirmation that the Policy Server can access the data store.

  10. Click OK.

    The Policy Server is configured to use the database as an audit logging database.

Restart the Policy Server

You restart the Policy Server for certain settings to take effect.

Follow these steps:

  1. Open the Policy Server Management Console.
  2. Click the Status tab, and click Stop in the Policy Server group box.

    The Policy Server stops as indicated by the red stoplight.

  3. Click Start.

    The Policy Server starts as indicated by the green stoplight.

    Note: On UNIX or Linux operating environments, you can also execute the stop-all command followed by the start-all command to restart the Policy Server. These commands provide an alternative to the Policy Server Management Console.