Installation and Upgrade Guides › Policy Server Installation Guide › Configuring CA SiteMinder® Data Stores in a Relational Database › How to Store Audit Logs in IBM DB2
How to Store Audit Logs in IBM DB2
Complete the following procedures to configure an IBM DB2 database to store audit logs:
- Be sure that you have gathered the required database information.
- Be sure that the table space page size (page_size) and the buffer pool page size settings for the database instance are each set to at least 16k.
The default DB2 value for each setting is not sufficient for the CA SiteMinder® audit log schema.
- Create the audit store schema.
- Configure the IBM DB2 data source for CA SiteMinder®.
- Point the Policy Server to the audit store.
- Restart the Policy Server
More information:
Gather Database Information
Configure an IBM DB2 Data Source for CA SiteMinder®
Create the Audit Store Schema
You create the CA SiteMinder® schema so that an IBM DB2 database can store audit logs.
Follow these steps:
- Log in to the Policy Server host system.
- Navigate to siteminder_home\db\tier2\DB2.
- siteminder_home
-
Specifies the Policy Server installation path.
- Open the following file and copy the contents to a text editor:
sm_db2_logs.sql
- Remove NULL from the following lines:
sm_assertion_id VARCHAR(255) NULL,
sm_assertion_issuerid VARCHAR(255) NULL,
sm_assertion_destinationurl VARCHAR(4096) NULL,
sm_assertion_statuscode VARCHAR(255) NULL,
sm_assertion_NotOnBefore TIMESTAMP,
sm_assertion_notonorafter TIMESTAMP,
sm_assertion_sess_starttime TIMESTAMP,
sm_assertion_sess_notonorafter TIMESTAMP,
sm_assertion_authcontext VARCHAR(255) NULL,
sm_assertion_versionid VARCHAR(255) NULL,
sm_assertion_claims VARCHAR(255) NULL,
sm_application_name VARCHAR(255) NULL,
sm_tenant_name VARCHAR(255) NULL,
sm_authentication_method VARCHAR(255) NULL
- Save the changes to the file.
- Paste the contents into a query and execute the query.
Note: For more information executing a query, see the IBM documentation.
The audit store schema is added to the database.
Point the Policy Server to the Database
You point the Policy Server to the database so the Policy Server can read and store audit logs.
To point the Policy Server to the data store
- Open the Policy Server Management Console, and click the Data tab.
Database settings appear.
- Select ODBC from the Storage list.
ODBC settings appear.
- Select Audit Logs from the Database list.
- Select ODBC from the Storage list.
Data source settings become active.
- Enter the name of the data source in the Data Source Information field.
- (Windows) this entry must match the name you entered in the Data Source Name field when you created the data source.
- (UNIX) this entry must match the first line of the data source entry in the system_odbc.ini file. By default, the first line in the file is [CA SiteMinder® Data Sources]. If you modified the first entry, be sure that you enter the correct value.
- Enter and confirm the user name and password of the database account that has full access rights to the database instance in the respective fields.
- Specify the maximum number of database connections allocated to CA SiteMinder®.
Note: We recommend retaining the default for best performance.
- Click Apply.
The settings are saved.
- Click Test Connection.
SiteMinder returns a confirmation that the Policy Server can access the data store.
- Click OK.
The Policy Server is configured to use the database as an audit logging database.
Restart the Policy Server
You restart the Policy Server for certain settings to take effect.
Follow these steps:
- Open the Policy Server Management Console.
- Click the Status tab, and click Stop in the Policy Server group box.
The Policy Server stops as indicated by the red stoplight.
- Click Start.
The Policy Server starts as indicated by the green stoplight.
Note: On UNIX or Linux operating environments, you can also execute the stop-all command followed by the start-all command to restart the Policy Server. These commands provide an alternative to the Policy Server Management Console.
Copyright © 2014 CA.
All rights reserved.
|
|