User Manual Entegra
Contents
1. 34 lumigent Add or Remove Columns db ai db View p F Delete d Refresh db Export List dd Properties db md Help 54 Entegra User Manual The Add or Remove Columns Properties screen is displayed Add or Remove Columns Properties 7 En enaren Lage hap Coman dusk ieee 2 Select the Logical Key tab The available and selected logical key columns are displayed Add or Remove Columns Properties i Er Leu Cep aii Ga i ar ERTE GSAT Arpej rE a dunia Tabir cine bahar oa beet Seeker Bee en h oll apy ierik maa m dee ugar eked Cirma ad ae 3 Select the columns you wish to define as logical keys and use the right arrow button to add the logical keys use the left arrow button to remove the logical keys and then click OK You can click the All box to quickly select all columns Adding Removing Views Note This wizard is not available on SQL Server 7 servers To add a database view to the collection agent do the following 1 Right click the relevant database and then select Add or Remove Views Chapter 3 Configuration 55 The Add or Remove Views screen is displayed Add or Remove Views I Jay FR TERPLa F Tr palie i ool ral lmi mabi ee veer i Fe aren bn ama mrien fir defeat eee orn ee eek Pcsmcieb aac Cy amass De or veka er yin in Gomi 1 Drie berar beim eed Fie E pe eed roped on eur ul That 2 Select the views you wis2. 156 Entegra User Manual audited server instance requirements 12 collection agent requirements 13 EMC requirements 13 Entegra browser requirements 13 initial Entegra overview 36 network requirements 13 overview 11 prerequisites 17 procedure 17 repository agent requirements 12 repository server requirements 12 requirements 12 security requirements 13 web server requirements 12 interactive reports 9 L license key described 81 SELECT 28 LMRestore command 122 example 126 logical keys 7 default setting 7 lumapplications_x table 155 lumdatabases_x table 153 lumdetails_x table 150 lumdomains_x table 154 lumhosts_x table 154 Lumigent Technologies contacting ii email ii web site ii lumkeydesc_x table 151 example 152 lumkeys_x table 151 example 152 lumlogins_x table 155 lumopcodes_x table 155 lumosusers_x table 155 lumowners_x table 156 lumphysicalattributes_x table 154 lumservers_x table 152 lumsessions_x table 153 lumtables_x table 151 lumtracedetails_x table 150 lumtransactions_x table 149 lumtranstables_x table 156 P permissions on lumigent database 137 on repository database 137 procedure accessing the browser 138 add remove columns 57 add remove tables 53 adding a collection agent 60 adding a database to audit 50 adding a repository 48 adding a repository server instance 45 addi
3. 3 Back up each database that hosts an Entegra Repository 4 If all of your databases are backed up and you are ready to proceed with the upgrade press OK o 11 Ensure you obey the Caution and then click OK All Audited Server Instances Collection Agents Repository Server Instances Repositories and Repository Agents in your configuration are automatically upgraded Collections proceed as normal Important The amount of time required to upgrade increases according to the size of the repositories being upgraded Chapter 2 Installing Entegra 21 Upgrading the Web Server To upgrade the Web Server to Entegra version 2 0 1 do the following 1 Run setup exe from the Entegra version 2 0 1 media provided The Installation screen is displayed Cote kopesa Anotanmipiihihy Worsian 2 0 1 Installation Eriegm Magamat Comoe Entegra Web Seren The Prispa Ble ee Ca The riage eb ae ee ee A ar Ea yil ra ogee eri daping Epoa oi mkiibi oma ey roete papire ii Coen Spare MOTEL joe EEE The lire OEH Drim n a prapa oe re Brag an bani L toni miogra kimarrazni ionmh D madl he A I 1 ACE LULET Wii kanar 2 Click Install Entegra Web Server An Upgrade or Remove Entegra screen similar to the following is displayed lt Entegra Web Server Setup x Hia binial a Badrerial or pernes a the gap eT i Weberei tie Baan Web fener temertnns ppa Pei pipin lets ray thn or pbveaed Lhe corte ite E Beain P
4. Properties On Multiple Objects 7x aude Tang m EM IDCMAA a Airi netaregh F ni paut Di labii ishme cray dic hyri e i ae ie bo irei end iiy Tie mka Da baa Oe ba in haga Gable al pale an ee tl eten chachad Tha ate iim siha iihi i jha eab ima rd INSET E UPCATE BF ELETE mM AELEET C C c 3 Make your selections and then click OK Adding Removing Columns By default all columns in a table are audited Removing columns may reduce the storage required for the repository and improve performance If you wish to add or remove columns from auditing do the following 1 Right click the relevant audited table and then select Add or Remove Columns 3 lumigent rice or Remove Columns Hdd View Hdb db Delete Adb Refresh dh Export List dd Properties db rad Help Chapter 3 Configuration 53 The Add or Remove Columns Properties screen is displayed Add or Remove Columns Properties ia E Lage ep Comen iah ieee EMOGA dbo kasari a Ahari Veoh ia dini emiri moei aad m ai 2 Select the columns you wish to move and use the right arrow button to add columns to audit use the left arrow button to remove columns from audit and then click OK You can click the All box to quickly select all columns Selecting the Logical Key To select the logical key do the following 1 Right click the relevant audited table and then select Add or Remove Columns
5. a 5 Audit Data Add Server Instance 2 Collection View by Services Loc g Refresh Export List Help 34 Entegra User Manual The Add Server Instance to Audit screen is displayed Add Server Instance to Audit a Click N ext The Choose a database server to audit screen is displayed Chapter 3 Configuration 35 36 3 4 For this screen you need to consider the following If you want the Audited Server Then and the Collection Agent on the same machine you can use the database login for the server and local service login for the agent or you can use Windows login for both the audited server and the agent each on a different machine it is highly recommended that you use Windows login for the audited server and the agent Note The Windows account used to log on to the Audited Server is specified on the Agent logon page In the D atabase Server text box type the database server you want to audit or click the browse button to display the available database servers as shown below Select a database server and then click OK Hid Server ingtanee te Aue Riese n detetisen ees be mint D mime Eo Fa If you want to connect using SQ L Server authentication click the SQL Server authentication radio button and then enter a Logon Name and password If you accept the default Collection Agent runs on the same machine as this database
6. screen is displayed daak dps coir bed min nhhenejea Pl babyy barky yeri pd nig thee prap hais Bar pan be adami be og fees ien o eaim PELEA F herp Pr cep mirem Par dees jim valie chee E Top en Fee Le ree chee l Tiamat Win istm Back L mE JI Cancel Linen Select a location for audit data to be archived after it has been imported into the Repository and then click N ext For more details on this feature see Chapter 4 Chapter 3 Configuration 109 The Notification screen is displayed Hohification I Z Apae hipa EH TEONA Peier nierien Sg ral ered sheds in s mide ashes griben nhen m eer fear m rister pip a rerinpa siar miman m eT E Coe ETNE Fik jind py i EN 6 Enter email information for the Repository Agent to use when emailing you about import failures and then click N ext The Repository D atabase screen is displayed Repository Database Sam EN Teas yaar 4 ny ata ifp rapa jippi Dh eal bee Fon rrap pi Pop Placer Pml epg fha E riepa Heprea uam ee Bepasop Haa mea Aep Bperip a daigbayr merg the Sept eal ier opad oes them on fencer rn liea pd iie eeri raa Thy gevara Of ee eed deme on be errari of risia colierigd iran the Data ee ee ee Latha _ ri cme mete Oo ocmi 7 Specify a name for the new Repository and then click N ext By default the repository is named D efault_Repository Y ou can also select an alternate d
7. ama Seen Pei hea Piam Trah bo configure nn Sere Thi sl mps n Bll aA ab aps Paayan sa beimaan an i dirki Hepewediny mmer fyi EMTEORS angen oc peck WL rean carcet en 7 Click Finish The Repository Agent is deployed and the Repository Server is configured Adding a Repository To add a Repository do the following 1 At the EMC right click Audit Data Repositories and then click Add Repository Console Root Entegra Management Coreote 3 0 Audited Server Instances gi Enteral 2 E Audited Databases Collection History Add Repository a Add Repository Server Instance Whee a Lg Export List Help i r x i cx Chapter 3 Configuration 45 46 2 3 The Add Repository Wizard is displayed Add Repository In the Database Server text box type the database server you want to audit or click the browse button to display the available database servers as shown below Select from the available database servers and then click OK E eel be Sh ee pisri pln ien anya 4 ti Come f If you want to connect using SQ L Server authentication click the SQL Server authentication radio button enter a logon name and password and then click N ext Note If a repository server has not been established on this server the Service Log On screen from the Repository Server wizard is displayed Go to step 3 in A ddinga Repository Server Instan
8. purging 130 configuration 31 examples 67 optional tasks 31 required tasks 31 setting up three machines example 82 setting up two machines example 68 wizards add audited server instance 32 add collection agent 35 add database 33 add repository 34 add repository server instance 34 add remove tables 35 add remove views 35 change collection agent 35 overview 32 configuring the web server with IIS 159 custom reports 9 Index 155 D data types of data collected 6 data collection agent 4 134 agent level options 135 definition 6 process 6 database permissions 137 database level options 130 DELETE selecting 54 E EMC See Entegra Management Console Entegra browser viewing 139 capabilities 1 components 3 configuration 5 optional tasks 6 required tasks 5 configuring the web server with IIS 159 functions 5 management console level options 128 restrictions 157 system architecture 3 web browser 5 web server 5 Entegra Management Console 5 description 31 Entegra software registering ii technical support ii event log errors 145 F first installation See initial Entegra installation I IIS configuring the Entegra Web Server 159 import history folder 133 improving performance 32 142 Information resources FAQ i online Help i User Manual i initial Entegra installation 36 INSERT selecting 54 installation
9. 3 Click Next 96 Entegra User Manual 4 5 The screen where you choose a database server to audit is displayed Add Server lnstance to Audit Sane Dinner s rlaiehcee seam In mef Dateien k rra kis w1 Connect ag Te afeeberes aed ed to M Egl b ra mula Lopin nares O Paved j E Coleco ae on bere ache a he eae ee L H r l Cancel Het In the Database Server text box type SERVER1 or click the browse button to display the available database servers as shown below Select SERVER1 and then click OK Add Sarwar matances bo ALT z Accept the default Windows authentication make sure that the Collection Agent runs on same machine check box is selected and then click N ext Chapter 3 Configuration 97 The Service Login screen is displayed Service Login Pa i E ger hiph BPA _ Hei He Decisis Agri eevee bp came E Peleg pees ba kag mir Her HT pma T Lena GAHE Achad T HT hcin pih c to Pe Tapa tarwi The NT cori nera Lm a DORA eres This screen asks for login information that the Collection Agent uses to run its service The local system account is the default However because this agent is managing an audited server on a separate machine specify a username and password This account must have logon as service permission on SERVER1 6 Specify a Windows login and then click N ext The Data Collection Agent screen is displayed Data Colle
10. Atthe EMC right click Audit Data Repositories and then click Add Repository Server Instance E Correok Root 3 Eritegra Management Console_ Audited Server Instances k Enbegral 3 B Audited Databases E Collection History 3 Mir Add Repository l Add Repository Seryer Jnstance dll View i Collect f La Export List aLi Help The Add Repository Server Instance wizard is displayed Jay Chnnep s dielehger smem in hed bhm sarii repomeriip Da iair banm Fims Coren D hejen miheriman C JoL bere s enreon Leger mre i Pansard f were Cem em 42 Entegra User Manual In the Database Server text box type the database server you want to host your repository on or click the browse button to display the available database servers as shown below Select from the available database servers and then click OK Note Only SQL 2000 Servers may be selected Selecting a SQL 7 Server generates an error message Add Reportar Server instances WEL e ime F Tie peeing ees paa Hh hee a nani ee es a If you want to connect using SQ L Server authentication click the SQL Server authentication radio button enter a logon name and password and then click N ext Note If there is already a repository established on this machine go to step 7 The Service Log On screen of the Repository Agent Wizard is displayed Service Lag On ae Z Apae hipaa EM TERNAY S
11. Repositories on it You can right click Audit Data Repositories and select Add Repository to launch the Repository Server wizard followed by the Repository wizard To add a Repository Server without also creating a new Repository on that server right click Audit Data Repositories and select Add Repository Server Instance Chapter 5 Entegra Management Console Reference 127 Server Level Options By right clicking the name of a Repository Server Instance you can access the following options Option What it does Add Repository launches the Add Repository wizard to create a new repository on this server instance Upgrade initiates an upgrade of the Repository Server and associated Repository Agent Delete causes the selected Repository Server Instance and all Repositories on that instance to be removed Refresh refreshes the display Properties allows you to configure and or view the following options for the selected Repository Server Instance the login method and username password for the Management Console and Repository Agent to use to log on to the databases on this server the location of the Repository Agent for this server this information cannot be changed TCP ports for the Repository Agent to listen for commands and data from other Entegra components Location of audit archive logs see Chapter 4 Email information for notifying you when the Repository Agent fails to import audit
12. Repository This wizard is automatically incorporated into the Add Repository wizard when the Add Repository wizard is invoked from the Audited Repositories folder Chapter 3 Configuration 31 You specify the following information in this wizard e the Server instance SQL 2000 or better and login e the Agent login Windows or local system admin e Archive location e Alerts notification The Add Repository wizard uses the existing repository server if the Add Repository wizard is launched from the context menu of a Repository Server node This wizard is also incorporated into the Add Database wizard when that wizard is used to create a new repository You can also use this wizard to connect the Entegra Management Console to a previously established Repository for example if you have installed the Management Console on a new machine and wish to use it to administer your existing Entegra setup Add Repository Wizard The Add Repository Wizard creates a new Repository to hold audit data You must have a Repository Server Instance set up to host the Repository If no Repository Server Instance exists when you begin the Add Repository Wizard the Add Repository Server Instance Wizard is incorporated into the Add Repository Wizard During the Add Repository Wizard you specify the following e the Repository Server Instance that hosts the new Repository e the Repository name e the database that contains the Repository Note Since the R
13. Repository Wizard is displayed Refer to the Adding a Repository Server Instance procedure for details Add Databases to Audit Jay ER TETAAN he maki sis hron For cde i ane vet ype bu ee Pegomas rap Bod pai mies bees irimi en eek A epee rie eresie oe H eged ray Rial cae ENTEGRAT kragar Dera iaoea Cimahi hier Fieacomep Chapter 3 Configuration 49 9 Select the default repository by clicking N ext or click the Create N ew Repository button See the Adding a Repository Server Instance procedure The screen with the names of the databases to be audited and the repository is displayed Add Databases to Audit funicent s3 m Meranda EH ih Pam Trai io sij fhe ieg detainee io fre Au Tie mai dali hine Hena hielo mi gu bi Bs joir gy Fi deed Be ieh Di ipid y ihi Deminas p lo ie Be dalia bins Feer delaia j Pieneen F EME CRA Deir Merrin Timur Back I Frat Coce Het 10 Click Finish to add the databases to the audit Adding Removing Tables To add or remove multiple tables see the section A udit Settings for Multiple T ables To add or remove all or selected tables do the following 1 Atthe EMC right click an audited database and then click Add or Remove Tables B Coreote Root 4 Entegra Management Console Hinorthwird B Audited Server Instances al Enteral Audited Databases ig Ps Ga cal Add Databases Add or Remove Tables Audit Oa di
14. Setup Read the licensing agreement and then click Yes The Choose Destination Location screen is displayed Entegra Management Cansole Setup Dheors Geinutian Lacation Saket better chare Setup poll recall fim Chapter 2 Installing Entegra 15 5 Click Browse to choose a different location than the default and or click N ext The Start Copying Files screen is displayed Entegra Management Console Setup kiar Copying Pilea UMinel 1 Emmm eee mhara cap png him m Stag has deagh fers o t ap ag the file Di imni i tence or i tr vias ore DEDERAT wah Uia TAAA DAR Rast be bogie mingr chek Gack sa aoa 6 Verify your destination location and then click N ext The InstallShield Wizard Complete screen is displayed Entegra Management Console Setup latal thoi Winer Car plete Sau ta arated rte Peer Meret Corana On pmr campur E MiA riepa Herpes Dorini me F ki et Start Dad aed Renan Min e 7 To start the Entegra Management Console now and display the documentation click Finish The Entegra Management Console is displayed 16 Entegra User Manual Upgrading You can upgrade to v2 0 1 from version 1 3 or later If you have versions prior to v1 3 you must upgrade to v1 3 before you can upgrade to v2 0 or later CAUTION The Entegra component upgrade process is irreversible To prevent loss of data do the following 1 Back up the configuration databases for each Audited Server Instan
15. SrcRepName the repository suffix of the repository to restore StartTime the start timestamp for the restoration timerange EndTime the end timestamp for the restoration This command causes LMRestore to list all Intermediate Files that are needed for the restore based on the parameters you specified along with information on which of those files are on disk and which are missing If any files are listed as missing you must locate them in your archives and replace them in the Intermediate File directory see the section on Intermediate File Handling above 3 Ensure that all necessary files are in the correct directory before you perform the next step 4 Return to the command line window and type mrest ore restore and the following required switches SrcRepServer the server that hosts the repository to restore SrcRepD B the database that hosts the repository to restore SrcRepName the repository suffix of the repository to restore StartTime the start timestamp for the restoration timerange EndTime the end timestamp for the restoration DestServer the destination server to which data is restored DestD B the destination database to which data is restored DestLogin the login to the destination server DestPwd the password to the destination server DestRepN ame the destination repository suffix Note See the switch description table and the examples below for more details Chapter
16. Windows NT or Windows X P e SQL Client components e The most recent version of Microsoft s JD BC driver The Entegra installation media provides a link to the JD BC download site Audited Server Instance Because the Audited Server Instance is already running SQL Server 7 0 or 2000 it generally meets the hardware and software requirements of Entegra by virtue of meeting the requirements for SQL Server The SQL databases to be audited should be set to Full Recovery Mode This mode setting is important because if this mode is not set some audit data may be lost Backups also need to be performed on a regular schedule Supported platforms include Windows 2000 Windows 2003 Windows NT 4 0 with Service Pack 6 and Windows XP Repository Server Repository Agent The Repository Server should be a server class machine with at least 1G Hz processor speed 512MB of RAM and 20GB of available disk space These minimums are typical the exact hardware requirements vary greatly depending on the number and size of databases being audited and the amount of audit data number of transactions The following formula may be useful in determining the disk space necessary for collections Transaction log size of 100MB x 3 x 10days 3GB The Repository Server must be running SQL Server 2000 and it must support SQL authentication login vs Windows only SQL 7 0 is not supported for the Repository SQL Service Packs 2 and 3 are fully supported Supp
17. a collection agent if Entegra collections are negatively affecting performance on a production machine and you want to move this workload to a different machine In this case the Change Collection Agent wizard smoothly transfers the workload from the old machine to the new machine It is best to do this when no collections are taking place Using the Configuration Wizards This section provides step by step instructions on how to use the configuration wizards to set up your Entegra environment Instructions are included for the following wizards e Adding a SQL Server instance to audit e Adding a Repository Server Instance e Adding a Repository e Adding a D atabase to audit e Adding Removing Tables Chapter 3 Configuration 33 e Selecting Audit Settings for Individual Tables e Selecting Audit Settings for Multiple Tables e Adding Removing Columns e Selecting the Logical K ey e Adding Removing Views e Adding a Collection Agent e Changing a Collection Agent Overview of an Initial Entegra Installation Installing Entegra for the first time requires you do the following 1 Add a SQL server instance to audit 2 Add a database to audit 3 Manually collect data Adding a SQL Server Instance to Audit To add at least one SQL server instance to audit do the following 1 Atthe EMC right click Audited Server Instances and then select Add Server Instance la Console Root Server Nam b Z Entegra Management Console_
18. agent Note The Windows account used to log on to the Audited Server is specified on the Agent logon page Specify the account for the Collection Agent service to use to log on to the NT server and then click Next Note The logon you use must have Logon as Service privileges on the Agent machine If you choose a logon name that does not have the necessary privileges you receive a logon failed error message Chapter 3 Configuration 61 The screen that allows you to select a storage directory is displayed Note If the Installation Directory location box is not available then there is already an Entegra component installed on that machine Entegra installs all of its components to the same directory on a given machine Change Collection Agent Machine ae Aga get EH TETAAN iind blank iste gerd eric EG 0 baiiian De Das Tiemi Drim lt woe Pgs Pie Liege neg eer cmr mere cece nen 4 Specify the D ata Transfer Directory where you want the Agent to store audit data files prior to transmitting them to the Repository Agent and then click N ext The screen that allows you to type your email information for server failure notification is displayed Change Collection Agent Machine Se Agm goto EH TETRAN Biogas Leer Sapra ral ered sleds in g reihe ghen grirhen het m neam izaha n Spends mrmi reri gpa sien kamja r Corr er i haga core Ao Mere cercet Heo 5 S
19. allows you to select alert events is displayed Add Server lnstance to Audit Saree TENNER Qin sirai all be peres siei arah ees rimimi eved mas m am mabeni Agta on eeren TEREA T E Dere Don Da ahiih E Depr bn ep Cleert phm pan ae heisa Crete Ate Drop o Teese Tabka E Giri Dary Freni e Pie a cot Ferme gpn F Ge Feeree Le bet Aii hee Nas D Daai Diris C D CE i Repre Hanee E Cate E Pade kage M iumin i Lope Ber Mere caret ee 12 Select database events that you wish to be alerted of in real time and then click N ext 106 Entegra User Manual Important Selecting the Successful login option generates a large number of alerts If these alerts are emailed to you server performance may be impacted The screen that allows you to complete the configuration wizard is displayed Jumicent ss t s Terem HEHYIHNJ Pan Trah bo configs e recada e Thi l ani the Cofecios Agan Ha configs a hrad Save rhe dirii emam eiar in dae e a carcet Heo 13 Click Finish to complete the installation Entegra installs necessary components on SERVER2 and adds the SERVER2 setup information to the configuration of the Collection Agent on SERVER1 You have now finished setting up your two servers as Audited Server Instances and deploying Collection Agents Next you create a Repository to hold the audit data from the two databases you plan to audit Create a Repository to hold the audit data from the two databases
20. available in the A ppendix at the end of this manual Further detail is provided in Chapter 6 8 Entegra User Manual Chapter 2 Installing Entegra Before You Install Setting up Entegra on your system involves the installation of several software components that may reside on numerous machines To facilitate a smooth installation process this chapter outlines the decisions you need to make and the hardware software and network components that you need before you install Entegra Overview You need to configure a set of server machines to run the various components of the Entegra system The following conditions and restrictions apply e A Collection Agent may be installed on the same machine as the databases being audited or it may run on a separate machine e A Repository Agent is automatically installed on the same machine as the Repository for which it is responsible e The Management Console and Web Server may be installed on any machine that has sufficient connectivity to the other components machines e Audit data can be viewed in an ordinary Web browser on any machine that has access to the Web Server machine All components the Agents Audited Server Instance Repository and Management Console may reside on the same machine However for optimal performance it is recommended that you place at least the Repository on a different machine from the audited server Note If you are installing the Entegra product
21. complete the Add Table Wizard before auditing can begin The Enable Data Modification auditing on all tables check box is unavailable if there are no DML or DDL licenses assigned to the server Enable SELECTs auditing on all tables and views You can audit data about SELECT statements performed on Audited Server Instances This data is collected via SQL Server s trace function All information generated by SQL Trace is stored on the machine that hosts the Audited Server Instance in a location that you specify SELECTs keeps track of every SELECT statement issued against the tables being audited The tables that are audited for SELECT have the SELECT opcode filter set SELECTs data is temporarily stored on the audited server and may take up a lot of disk space if there is a lot of activity on the tables and views being audited Be sure to specify a SELECTs data directory with a lot of available disk space to avoid losing any audit information The default disk space allocated is 500 MB The location of the SELECTs data directory can be set in the Audited Server properties on the Data Location tab The SELECTs check box is unavailable if there is no SELECT license assigned to the server The SELECTs check box is also not available on SQL Server 7 servers Add Repository Server Instance Wizard The Add Repository Server Instance Wizard is generally used to re establish an existing repository server configuration or as a precursor to creating a
22. database resides on foreign key with lumservers lumsessions_x This table stores information about user logon sessions on the audited server that resulted in audited transactions Each session has one row in this table Y ou can join this table with lumt ransactions to get a complete list of transactions performed by a particular session or to get the session and user information for a particular transaction sessionid numeric A unique ID for this session This column is a logical key for 18 0 this table and a foreign key with lumtransactions serverid int ID of the server on which the session occurred foreign key with lumServers spid int System process ID to which the session was assigned starttime datetime Session start timestamp endtime datetime Session end timestamp osuserid int Foreign key with lumosusers domainid int Foreign key with lumdomains hostid int Foreign key with lumhosts applicationid int Foreign key with lumapplications loginid int Foreign key with lumlogins Appendix A Repository Schema 147 lumphysicalattributes_x This table contains MSSQL server specific physical attributes This table stores low level system information about the database activities There is a one to one relationship between lumtransactions x and lumphysicalattributes x activityid numeric Foreign key with lumtransactions 18 0 physaddr1 int High DWO
23. files Repository timerange 2000 03 Files present in C Program SERVER1 umi gent Ol dRepository 16 00 00 00 000 to 2002 04 13 00 00 00 000 the archive Files Lumigent Entegra Archive SERVER1 Ol dRepository_2001_10 01 15 _00_07 t mp Entegra User Manual C Program Files Lumigent Entegra Archive SERVER1 OldRepository 2001 10 01_15_10_07 t mp C Program Files Lumigent Entegra Archive SERVER1 OldRepository 2002 10 01 15 20 _07 t mp Example of the Imrestore restore Command The following example shows the command for restoring a Repository In this example the audit data was originally stored in repository OldRepository on server instance SE RV ER1 The restored data is stored in repository N ewRepository on server instance SERVE R2 C Program Files Lumigent Entegra gt l mr estore Restore SrcRepServer Serverl SrcRepDB lumi gent SrcRepName OldRepository StartTime 2002 03 16 EndTi me 2002 04 13 DestServer Server2 DestDB lumi gent Dest RepName NewRepository DestLogin sa DestPwd server2password The following example message is displayed I Lumigent Entegra LMRestore restore repository utility II Copyright 1999 2003 Lumigent Technologies Inc All rights reserved Restoring archive files Repository Serverl lumigent Ol dRepository timerange 2002 03 16 00 00 00 000 to 2002 04 13 00 00 00 000 Destination Repository Server2 lumi gent NewReposi tory Creating ghost repository C
24. for the database containing the table or view foreign key with Lumdatabases table tablename nvarchar Name of the table or view 256 objectid nvarchar The ID assigned to the table or view by the target server is_systable char Whether the table is a system table 1 or a user table 0 objtype int Whether the object is a table 1 or a view 2 ownerid int Foreign key to lumOwners lumkeydesc_x This table stores the names of columns that make up the logical key for a table This table may have at most one row for each audited table The columns column here is a concatenation of the logical key column names delimited by semicolons keydescid int Foreign key with lumkeys columns nvarchar The column names that make the key 4000 lumkeys_x This table stores key values associated with D ML events in lumt ransactions Key column descriptions column names that make the key can be found by joining with lumkeydesc The va lue column is asemicolon delimited concatenation of all column values that make the key keyid numeric Logical key foreign key with Llumt ransactions 18 0 tableid int Foreign key with lumtables keydescid int Foreign key with lumkeydesc value nvarchar Key value 4000 Appendix A Repository Schema 145 Example of lumkeys and lumkeydesc_x The following shows a sample listing of contents of the lumkeys and lumkeydesc tables to illus
25. in a clustered environment refer to the information in Appendix B Restrictions Limitations For an example of how to install in a clustered environment see Chapter 3 example 4 Entegra components require a server class operating system such as Windows 2000 or XP The only exceptions are the client machine being used to browse the Repository this machine may run any operating system capable of running the required Web browser see below and the machine hosting the Audited Server Entegra supports Windows NT 4 0 with Service Pack 6 for this machine in addition to Windows 2000 and X P For obvious reasons all machines in the Entegra environment must be able to reach each other over a network connection although they need not all be in the same Windows domain Chapter 2 Installing Entegra 9 Hardware Software Operating System Requirements 10 The following sections provide the requirements for each Entegra component D epending on your desired configuration the same machine may be described by two or more of the following sections All required components are included with the Entegra setup program Entegra Web Server The Web Server only needs connectivity to the Repository Server and Repository databases The Web Server requires a server class machine running at least 500 MHz processor speed with at least 512MB of RAM and 1GB of available disk space The Web Server requires the following software e Windows 2000 Windows 2003
26. location box is not available then there is already an Entegra component installed on that machine Entegra installs all of its components to the same directory on a given machine Data Collection Agent Ag ptre Ee PEO igerd hare EN Tea epee eric beat allan D iaiki secre Flee Leen nies Chaba Ti amie Drie DEN DE Frogin Pee Liege nity Pe cmr mere cece ie 8 Select the locations where you want the Collection Agent installed and where you want it to store its audit data files and then click N ext The Notification screen is displayed Hohification Agee hipaa Ee TEOMA Prieger nierien Geers ral sere sleds in s redde ghen grirhes shen eee fhe m ris Speeds mermi reri gpa mhar memean mg ar Emre rna a wind pte arpay coe _ sm Mere cece en 9 Enter email information for the Collection Agent to use when emailing you about collection failures You must enter a To and From email address and the name of your mail server and then click N ext 38 Entegra User Manual The screen that allows you to select your license capabilities is displayed Add Server Instance to Audit l Jann EM TETMAN he camped ares yani bree acid bee cme regal oy Bho bri bee vom er ari Chi a cena oo be enipe bn den ever Hiabin ninen 10 Type or paste the license key into the License Key text box and click Add All features available in this key are displayed in the wi
27. log on to the Entegra Browser all data for the selected Repository is displayed The navigation pane shows the names of the Audited Server Instances whose audit data is contained in this Repository You can click an Audited Server Instance name to display a list of audited databases on that server you can then click a database name to view a list of audited tables in that database Finally you can click a table name to filter by logical keys After you have drilled down in the navigation pane you can click Table Database or Server to return to the corresponding view You can use the paging controls at the top right of the activities pane to move between pages of data Initially the word multiple is displayed in lieu of the total number of pages To save time Entegra does not automatically calculate the number of pages required Y ou can force calculation of the number of pages by clicking multiple Each row in the activities pane represents a single activity with multiple columns of data about that activity For more detail on the activities pane see the following sections When you highlight any row in the activities pane the corresponding item in the navigation pane is highlighted Chapter 6 Using the Entegra Browser 133 For example if the navigation pane is currently displaying a list of audited tables and you click a row in the activities pane that represents activity on the Customers table that table is highlighted in the
28. machine outside the cluster This configuration is exactly the same as Example 1 In this case SERVER1 would be the server instance name of a clustered server The collection agent and repository are on a non clustered machine ENTEG RA1 This is the recommended configuration when auditing a clustered server Note that the Management Console and Web Server may be installed on cluster machines as well if desired The Collection Agent Repository and Repository Agent are the only components that must not be installed on a cluster Chapter 3 Configuration 113 Chapter 4 Archiving The archiving feature provides an added layer of security for your databases in the case of data loss due to hardware or software failure or user error With archiving enabled all Intermediate Files are retained on the Repository machine indefinitely Archiving Process After audit data is collected by the Collection Agent the archiving process is as follows Stage What Happens 1 The audit data is packaged into an Intermediate File 2 The Intermediate File is sent to the Repository Agent on the Repository machine 3 The Repository Agent extracts the audit data and uses it to populate the Repository 4 The Intermediate File is then moved to an archive directory for storage 5 Audit data in the Repository may be deleted after a certain amount of time has passed Specifying Archive Options There are three m
29. navigation pane Similarly clicking the Customers table in the navigation pane highlights all items in the activities pane that involve that table If you select a row in the view and it does not display a key in the status bar it means that there are no logical keys selected for that table You may define the logical key in the EMC See Selecting the Logical K ey in Chapter 2 Collections from that point forward should have detailed activity recorded for that row and may be displayed in the transaction history The following sections provide more detail on sorting and filtering data Sorting and Filtering Data This section provides information on how to do the following e show hide columns e view details e filter data Showing Hiding Columns To select the columns that are displayed in the activities pane click any header and then select Show H ide To sort displayed data by a particular column click the column header and select Sort Ascending or Sort Descending The following columns are displayed by default Column What is displayed LSN The SQL Log Sequence Number of the transaction Transaction ID The SQL Transaction ID of the transaction Time The time the activity occurred OpCode Code indicating type of activity SELECT DELETE INSERT UPDATE LoginName SQL Server login identifier of the user who initiated the activity Table The audited SQL table affected by the activity Owner The S
30. next to the features that you wish to enable for this audited server instance and then click N ext The screen that allows you to set auditing frequency is displayed Add Server lnstance to Audit Jaren Ted Bee ple side eee wed berpremrp bee eee fee were igari Fo ahrs HEMVErE I Sates on af eee be peste eel ee feng dobia ri eee depi eng 7711 700 1 i a Duaa tie o y 1 Bimi rar i temo ave it F z 12 Set the schedule for automatic collection Recommendation Schedule collections for low traffic times of day Also avoid overlap of collection and backup operations Ideally collections should be run shortly after the backup completes For this example set the collection schedule to 7 00 A M and 7 00 P M every day To do so click the arrow a Inthe Start Date box select tomorrow s date b In the Start Time box select 7 00 A M c In the Frequency section change the units to hours and enter 12 in the text box 84 Entegra User Manual 13 To choose the option Shutdown the server on audit error to protect audit integrity select the check box and then click N ext Note If you select this option the following warning is displayed Warning This option Instructs SQL Server to shut down if any auditing operation fails This sn happen if the amount of server disk apace set aside for Entegra is too small It can also happen if a change In server seourlby settings causes SOL Server to be unable
31. other countries This product includes software under license from Wireless Trading Ltd and Sun Microsystems Inc This product includes software developed by the Apache Software Foundation http www apache org See file Apache Software License or http www apache org licenses LICENSE for more information Contents Abo t This BOOK ses sie cdsiancusstastaavnedeas araara esaerea rasva eaaa aaraa aoa EO E OSE i Intended Pel TN CO 2 cesecvaveasespcesceuaas av areas EREEREER RORE EET a i Other Information Available from LUMigent c ssssssssssssessessecssssssssssessscsssssssssscssscssecsseessssssessees i CONVENTOS cumin wien EEEE EEREN AARRE ERA i Contacting Lumigent Technologies sssssssssssssssssssssssssssssssessssssssoeoeooeeoeeteeteeeeeeooonssusnsnsnssnnnnonssssss i Chapter 1 Introduction essesseesseesscssecesccescesscesocesoessceseesocesoesscesocesocesoesscesoee 1 How Entegra WorkKSisisssisnnnncannnnnnnnnn n a A i iii 1 Why Entegra is better than other solutions essesssessessssessesesscsoesessesoesessesoesossesessesoesosssseso 1 SYSE O VOR VN Wo ar A EEEE EEEE R Ea Tie 2 Architect erconenirereririgii niiae e AR EE ERTE EEEE G R 3 Major COMPONENtS a ahictewticteo enw deta deta dake eta etd oe dala A AAAA teak 3 M j r FV COTS sch ate cca cata cts t Ph cheated Pao n aie tanta aa EE Pearce EE Ea Ea EEA Aaa TE ERa esata 5 Chapter 2 Installing Entegra ssessessessessessessessossossossossoss
32. screen asks for login information that the Collection Agent uses to run its service The local system account is the default Alternatively you can specify a username and password This account must have logon as service permission on SERVER1 7 Click Next Entegra User Manual The Data Collection Agent screen is displayed Data Collection Agent TENNER BEAVER eee UE Coen Pile Leer nee Daia Trak D rece TEN a AP gat Pie Lis mgd ii rga Pd Select the locations where you want the Collection Agent installed and where you want it to store its audit data files and then click N ext The Notification screen is displayed Hotification Agee hapta ew eo4 Enisey nierien Sgr ral seed steeds jo a eden prihen her eee fore m ieie Epig ermi rreri gpa shen Erai ta miman rm er Ered doer Ermer onge rE E p Epee com Enter email information for the Collection Agent to use when emailing you about collection failures Y ou must enter a To and From email address and the name of your mail server and then click N ext Chapter 3 Configuration 83 The screen where you select your licensed capabilities is displayed Jay Erre ee ee om bbe compo abd oes hy obey 1 uei eee bp Check fe cen oo be eigen den ever 10 Type or paste the Entegra license key into the License Key text box and click Add All Entegra features available in this key are displayed in the window 11 Check the boxes
33. server click N ext and then go to step 7 Or Clear the Collection Agent runs on the same machine as this database server check box and then click N ext Entegra User Manual The screen that allows you to add a machine for the collection agent is displayed Add Server instance to Audit oliin mie Best celled mack babes Beery ier daba vou sere es hat ee eres ee hnceap maming pieni g reece 9 eam they Cinders dpe hore Giger Aembee he amp t CSCSC CO Sood fea zaop moan In the Agent Machine text box type name of the machine from which you want to run the Collection Agent Service and then click N ext The Service Login screen is displayed Note If the fields are not available and the Service Status indicates that the service is running you can use MMC Services to manage the account Service Login I Aga hipa EH TEOMA Hii Her Diocletian bes beg is Her HT serves T Lead GAHE Aor T HT acces pih cnt fo fe Tape barwi The NT scone ner Pm a DORA eres A LL Mete cece ie Specify the login information that the Collection Agent uses to run its service and then click N ext The local system account is the default Alternatively you can specify a username and password This account must have logon as service permission Chapter 3 Configuration 37 The Data Collection Agent screen is displayed Note If the Installation Directory
34. to hearing from you To register your Entegra software either register online at www lumigent com or return the registration card enclosed in your product package Benefits of registration include notification of product updates and upgrades For support around the world please contact your local partner If you cannot contact your partner please contact our Technical Support team Telephone 1 978 206 3677 Email support support lumigent com Email sales sales lumigent com Web Site www lumigent com support Subscribers to the Entegra software maintenance and support plan receive product updates and unlimited priority technical support via phone or email for twelve months This support covers a variety of issues including installation and configuration use of product features and consultative assistance on using Entegra For more information contact your sales representative Chapter 1 Introduction Entegra helps organizations address data privacy and security requirements with a complete audit of database activity Entegra provides answers to the question who is doing what to which data when How Entegra works Entegra is designed to monitor and optionally alert on database activity providing a complete record of access to data and database structure Entegra provides an audit trail of data modifications and changes to database schema and permissions Entegra uses low impact data agents that harvest info
35. to write audit files 1f ether of these situation arises the database will shut down and will be unavailable FPSO Server shuts dosm due to an auditing fathure the following message will appear im the server s Event Log Error writing audit trace SUL Server is shutting down L x oa 14 Click OK to accept this option or click Cancel to clear it The screen that allows you to specify how alerts are sent from the server is displayed Add Server lnstance to Audit E Jay Ty ER Sqeerdp hraa gimis ral be eee Fue eee Pee eet pe ral fied pes peier mbah nae gence imie Bede ee eyed ey ere geran mieg cle bes bee eel and creme tog choy boy E ede eet crepes ins ee creer bog ot ees ee M Gmelin This optional feature alerts you any time an event of a specified type occurs You specify the types of events that trigger alerts in the next step By default alerts are logged to the Windows Event Log on the local server 15 Select the methods by which you want to be notified when an alert condition occurs To have alert events emailed select the Email to check box make any modifications in the text boxes and then click N ext Chapter 3 Configuration 85 86 The screen that allows you to select alert events is displayed Add Server lnstance to Audit Sew EATE Gin sirai eal be perea simi manh eer s rides ered moeras m oam mabiesi saisikaan n eeren LER ERT E Dere on Da ahai E Depr Alber ep Clery phm pa
36. umAuditRepHi story A status of 7 or 8 indicates that the file has been processed and can be removed from the archive directory The pus hfi ename column displays the name of the Intermediate File After the intermediate files are permanently deleted you are not able to restore or report on older audit data if that data is purged from the repository unless you start over by deleting the repository and the database from audit then adding them back into the audit Purging Repository Audit Data Audit data in the Repository may be purged after a certain amount of time has passed You can specify this interval at setup time or at any time thereafter from the Entegra Management Console By default audit data is retained in the Repository indefinitely but if you have a large amount of data regularly purging the Repository has the following advantages e It speeds up import times e It speeds up the Web Browser UI and automated reporting e It reduces the amount of data displayed in the Web Browser If you change Retain Data Online in days to be non zero all data beyond the number of days you set is purged from the Repository during the next Import operation into that repository Purged audit data can be restored from backed up Intermediate Files see Restoring Archived D ata later in this chapter Chapter 4 Archiving 117 Purging Data Procedure To regularly purge audit data do the following 1 Right click the Repository name a
37. which it is running This registry information tells the Collection Agent which SQL server instance it is responsible for 2 The Collection Agent then launches a collection process for each Audited Server Instance 3 The information about each Audited Server Instance including which database to audit and which table and column within that database to audit is stored on the server machine The Collection Agent reads this configuration information upon connecting to the Audited Server Instance Keeping this information on the audited server rather than on the Collection Agent s machine allows you to manage the Audited Server Instance from multiple locations and ensures that your audit configuration is preserved in the event of a cluster failover or other problem The following types of data can be collected e data modification language D ML operations data definition language D D L operations transaction information session information security events In addition data view SELECT queries can be collected although this information is gathered differently than described above see next section 4 After the data is collected it is packaged into Intermediate Files one for each database The Collection Agent transmits these files to the Repository Agent see next section 6 The Collection Agent stores a complete record of its own processes in a history database on the Audited Server Instance machine The Intermediate
38. 4 Archiving 119 120 Switch Description Table The following table lists the available switches and their purposes Switch Description SrcRepServer Name of the server instance that contains the Repository whose data you wish to restore SrcRepDB Name of the database that contains the Repository whose data you wish to restore always lumigent SrcRepName Name of the Repository whose data you wish to restore StartTime Beginning of the time range you wish to restore You can specify the time in one of three ways YYYY MM DD YYYY MM DD hh mm ss YYYY MM DD hh mm ss mmm EndTime End of the time range DestServer Name of the server instance onto which you want to restore the data DestDB Name of the database in which you want to create the new repository DestRepName Name of the new repository DestLogin Login name for the server instance specified in destserver DestPwd Password for the specified login name Example of the Imrestore list Command This is an example of the Imrestore list command C Program Files Lumigent Entegra gt l mr estore list SrcRepServer Serverl SrcRepDB lumi gent SrcRepName Ol dRepository StartTime 2002 03 16 EndTi me 2002 04 13 The following example message is displayed I Lumi gent l II Copyright Entegra 1999 2003 Lumi gent Technologies LMRestore restore repository utility Inc All rights reserved Listing archive
39. Agent the Collection Agent machine Audited Server Instance the Audited Server Instance Repository Agent machine if different the Repository machine if different Look for events from sources LMExportAgent or LMExport The text associated with the error event should provide further assistance Pinging On occasion the EMC displays an error To display the error message right click sound or message but the error message is hidden the Windows task bar context menu and your behind the main MMC window select Tile Windows Horizontally or Tile machine Until the error message window is closed the Windows Vertically Stopped MMC makes a ping noise when clicked or your The error message window is displayed responding machine does not respond Close the window to continue working Error The volume of alerts on the server ENTEGRA1 No corrective action is necessary E mail message DESKTOP SQL2000 is currently higher than the alerting will automatically resume once the Disabling E rate at which the e mail server can process frequency of alerts declines mail Alerts messages Entegra is therefore temporarily If you receive this message often you can on Server disabling e mail alerts on ENTEGRA1 DESKTOP SQL2000 No more e mail alerts will be sent until the frequency of alerts drops to a manageable level This temporary change only affects e mail alerts Entegra is still gathering audit data The audit trail in your Ente
40. CT adding overview 28 prerequisites 28 procedure 28 auditing 7 license key 28 selecting 54 selecting the logical key procedure 58 service login privileges 14 status history 82 storing data See repository T table level options 132 technical support ii troubleshooting 143 U UPDATE selecting 54 upgrading the EMC 20 prerequisites 20 procedure 20 upgrading the Web Server procedure 25 using multiple Entegra Management Consoles 67 caution 67 W wizards add audited server instance 32 add collection agent 35 add database 33 add repository 34 add repository server instance 34 add remove tables 35 Index 157 add remove views 35 change collection agent 35 158 Entegra User Manual
41. Click OK to accept this option or click Cancel to clear it Entegra User Manual The screen that allows you to specify how alerts are sent from the server is displayed Add Server Instance to Audit iawn Speeds hea smin ral hr wesi him Pan eee Phe ruent page ell mamiy grea gia aaie pds reh eyed ey ete geram se and creme tog choy biaen E lel est rece i ee peed eg or Be M pnas This optional feature alerts you any time an event of a specified type occurs Y ou specify the types of events that trigger alerts in the next step By default alerts are logged to the Windows Event Log on the local server 15 Select the methods by which you want to be notified when an alert condition occurs To have alert events emailed select the E mail to check box make any modifications in the text boxes and then click N ext The screen that allows you to select alert events is displayed Add Server lnstance to Audit ECE Gin sirai eal be perea simi canh ee eked reerd mas m amn mabeni site on eeren ERY EAI E Dere bon Da ahai E Depr Abm hep Cimri phm pan ied ees T heii Ceas Aia Drop c Tee Tbe E Giri Dary Freni e Pie j iid Perse j gpn F ki Feeree Ure E oami haee Nis D Daai Diris C D CE H Rere laene D eer Uer E Pied ingen M Eusi legen I Lipi Ber i n f cm oe 16 Select database events that you wish to be alerted of in real time and then click N ext Important Selecting the Successful login option generate
42. Delete SIM Refresh al Def Collectio Properbes m ee The Add or Remove Tables wizard is displayed Enabling the Data Modification auditing on tables option audits the table for the following operations e INSERT e UPDATE e DELETE Note A DML license for the server is needed for this option 50 Entegra User Manual Enabling the SELECTs auditing on tables option audits the table for SELECT operations A SELECTs license for the server is needed for this option The Tables to Audit window on the right displays the tables that are currently selected for auditing and the Available Tables window on the left lists tables in the database that are not selected for auditing Addor Remove Tables Jau mihi Vitae niken inam ype ell a ait el yee ihe riders habien 4 ina Bate ares tal pea genie na Se arp aa lee Pl pai s Ton hamp la iT abla Cip Fu M oa a a rece mabir Dipy bl ote pahing pn peier nis JELICTI pectin m ihe Lomin O Cees nem 2 Select the tables you wish to move and use the right arrow and left arrow buttons to move tables from one window to the other Y ou can click the All box to quickly select all tables in a window When you are finished making selections click Finish Note By default all columns in a table are audited If you wish to exclude certain columns from auditing see A dd Remove C olumns to A udit By default the logical key is automatically selected for each table To s
43. Entegra Component Setup Restrictions The following restrictions apply to component setup e The Entegra Management Console cannot run on Windows NT 4 0 or earlier e A Repository Server Instance cannot run on SQL Server 7 0 or earlier SQL Server 2000 is required e Collection Agents Repository Agents and Repositories cannot run on clustered servers Auditing Restrictions The following restrictions apply to auditing e ALTER DATABASE commands are currently not audited e Many alerts are not available for Audited Server Instances running SQL 7 0 e Auditing of SELECTS does not work for SQL 7 0 only SQL 2000 e Entegra does not export updates to BLOB columns Other Restrictions Other restrictions include the following e The Entegra Browser does not accept Windows authentication for logging in to Repositories e The Import History view in the Entegra Management Console cannot be purged Appendix B Restrictions 151 Appendix C Configuring the Entegra Web Server with IIS This appendix provides the steps for configuring the Entegra Web Server with IIS Procedure This procedure is divided into two parts Part 1 creates the virtual directory and Part 2 sets up the ISS web filter Part 1 Create a new Virtual Directory To create a new virtual directory do the following 1 2 Click Start C ontrol Pand A dministrative Tools Internet Information Server Expand W amp Sites right click D efault W eb Site and then
44. Entegra Management Console displays your configuration information as it was before you upgraded the EMC t Entegra Management Console File Action View Help e 2 La Console Root A Delete All Objects Upgrade Refresh By S Properties Help CAUTION The Entegra component upgrade process is irreversible 7 To prevent loss of data do the following a Back up the configuration databases for each Audited Server Instance b Back up the configuration databases for each Repository Server Instance c Back up each database that hosts an Entegra Repository 8 Right click the top level Entegra Management Console_0 node and select Upgrade The Welcome to the Upgrade Wizard screen is displayed i 7 a 3 fate both Urar Aled Ther bole Ente cores ell bo geet Fest dget EXTE GR Flarncefoy Sam CMTE ORAI Aopen Coola Alper ritan pert ExTEGRa Lorm J tect hae 9 Click Next 20 Entegra User Manual The screen that displays upgrade status is displayed i i Pe Pinih bo upa eda a oorgaan eied on the pevka paga Brain L cma C e 10 Click Finish The following Caution screen is displayed CALTICEI The Enteya component Lupy ade process is irreversible To prevent loss of data do the following 1 Back up the configuration databases for each Audited Server Instance 2 Back up the configuration databases far each Repository Server Instance
45. File is archived to allow for full recoverability For more details on the archiving feature see Chapter 4 Entegra User Manual Auditing SELECTs Audit data about SELECT statements performed on Audited Server Instances is collected via SQ L Server s trace function All information generated by SQL Trace is stored on the machine that hosts the Audited Server Instance in a location that you specify By default the trace files are stored on the audited server machine in a subdirectory of the Program Files Lumigent Entegra D ata directory Periodically the Entegra Collection Agent gathers this data filters it and appends it to Intermediate Files It is then imported into the Repository along with all other audit data SELECTs is licensed separately from the auditing of D D L DML activity Contact Lumigent customer support for details Logical Keys Logical keys are used to determine what defines a unique row for any given SQL table By selecting a particular column or set of columns as the logical key for a table you enable Entegra to identify unique rows in the audited dataset and to reconstruct this data in a useful way When you set up a table for auditing Entegra selects columns to create a logical key for the table typically by detecting the logical key if one is already established for the table If no logical key is selected Entegra attempts to determine the most logical selections A fter setup is complete you can mod
46. Hethuo leg path Cages en SOL e L Fua Presisi ff aee item bem ot Bom ahg chee bey O a i e o ae L ne cmm He Ensure that the Enable Data Modification auditing on all tables check box is selected and if available that the Enable SELECT auditing on all tables and views check box is clear and then click N ext If you are certain that the backup log for the selected databases is not in the SQL Server default location enter it in the Backup log path box otherwise leave the default For a full explanation of the other options on this screen see Chapter 4 The following screen is displayed Add Databases to Audit e oe me ee Toor anit dit bore Sow sabres Pahere mili te hee Pirate Does Pai iesi bein ried re mesie eee Hepes ray Pii r Ber n _ cem ee Click the down arrow select Payroll Repository from the drop down menu and then click N ext Chapter 3 Configuration 93 The screen that allows you to complete the configuration wizard is displayed Add Databases to Audit fuMigent Berandi ETETE Mamah bo sij fee joeg deasa io Pre ee Vie maii dali hane Hens ieee ol ge ka Wa lice ie lee Pam ee Pan Fidaim p bi rie oe eee Piee F ERTE OR Paerd Aerie Timu nr h mmn ce O o 5 Verify that all your selections are correct and click Finish The Payroll database is now set up for auditing 6 Repeat the previous five steps for the Customer database and the Customer Reposi
47. M Eusi legen I Lipi Ber i n f cm oe 15 Select database events that you wish to be alerted of in real time and then click N ext Important Selecting the Successful login option generates a large number of alerts If these alerts are emailed to you server performance may be impacted Chapter 3 Configuration 101 The screen that allows you to complete the configuration wizard is displayed jumicent s fer Pan Ties bo cone dirbi oe hiar in de fhe nemcied Saabas verses Thi sell daniy the Cofeciss Agan Ha configs ee Auctied Save nri reat caret nem 16 Click Finish to complete the installation Entegra installs the Collection Agent and necessary components on SERVER1 You have now finished setting up SERVER1 as an Audited Server Instance and deploying A gents Add the second Audited Server Instance and deploy Agents To add the second Audited Server Instance and deploy Agents do the following 1 Right click Audited Server Instances and then select Add Server Instance la Console Root Collection H S Services Loc 102 Entegra User Manual ba Entegra Management Console E Audited Saeanmlactansa Audit Datat ve T stance Server Nam View Refresh Export List Help The Add Server Instance to Audit wizard is displayed Add Server lnstance to Audit jumicent 3 oo j i t eth helo oe ket eral configees tes bae
48. Manual Index A accessing the browser 138 add audited server instance wizard 32 add collection agent wizard 35 add database wizard 33 add repository server instance wizard 34 add repository wizard 34 add remove columns procedure 57 add remove tables procedure 53 add remove tables wizard 35 add remove views wizard 35 adding a collection agent procedure 60 adding a database to audit procedure 50 adding a repository procedure 48 adding a repository server instance procedure 45 adding a SQL server instance to audit procedure 36 adding views procedure 59 agent See data collection agent architecture See Entegra system architecture archive files 9 archiving process 119 archiving options 119 intermediate file handling 121 purging the repository 121 SQL backup log handling 120 audit data purging 122 restoring after purge 124 audit settings individual tables 54 multiple tables 55 selecting DELETE 54 INSERT 54 SELECT 54 UPDATE 54 audit status 82 audited objects 4 audited server level options 129 B browser columns showing hiding 140 sorting 140 columns displayed 140 filtering data 141 log on 138 navigation pane 139 permissions 137 viewing 139 viewing details 141 C change collection agent wizard 35 changing a collection agent procedure 64 collection agent See data collection agent collection history 129
49. QL user ID that initiated the activity OS User The Windows username that accessed the database to initiate the activity in DOMAIN user format Description The type of activity for example DDL DML etc 134 Entegra User Manual The following columns are also available Column What is displayed Session ID The SQL session ID in which the activity occurred Activity ID A unique ID assigned to the activity by Entegra Client Hostname Name of the machine from which the user was logged on AppName Name of the application that initiated the activity Server Name of the audited server on which the activity occurred Database Name of the database on which the activity occurred Key Concatenated values of the logical key columns for the affected row Index Internal use column Filtering Data The Entegra Browser provides several functions that allow you to filter data thus narrowing the field so that you view only the data that interests you As described above you can use the navigation pane to drill down and view data about a particular audited server database or table At the table level you can click a table name in the navigation pane to access the Filter K eys dialog This dialog allows you to enter a text string to be matched against the table s logical key Entegra then displays that key value in the navigation pane when you click it rows whose key values match your selec
50. RD of physical row address Physical row address of the row changed by the record This address is set for DML log records physaddr2 int Middle DWORD of physical row address physaddr3 int Low DWORD of physical row address logrecaddr1 int High DWORD of physical log record address logrecaddr2 int Middle DWORD of physical log record address logrecaddr3 int Low DWORD of physical log record address indexname nvarchar Index name read from the log record 256 context nvarchar MSSQL internal log attribute text 256 description nvarchar 256 lumhosts_x This table stores the names of the host machines used for the user logon sessions on the audited server hostid int Unique ID for the host and a foreign key with lumsessions hostname nvarchar Host machine name 512 lumdomains_x This table stores the names of the windows domain names for the user logon sessions on the audited server domainid int Unique ID for the domain and a foreign key with lumsessions domainname nvarchar Domain name 512 148 Entegra User Manual lumapplications_x This table stores the names of the applications used for the user logon sessions on the audited server applicationid int Unique ID for the application and a foreign key with lumsessions applicationname nvarchar Application name 512 lumlogins_x This table store
51. Select the databases you wish to audit from the Available Databases window and click the right arrow button to move them to the Target Databases window and then click N ext Click the All box to quickly select all databases Tip You can also double click databases to move them Chapter 3 Configuration 73 3 5 The screen with the databases that you selected to audit is displayed Note O nly newly selected databases are displayed databases that are already set up for audit are not displayed Add Databases to Audit l lt E Iam evi _ apera p pes bes eee be Be ee mimmi a ey reri paper ibea jei ma ira etievmbast riai riure Labra bay tats ees let pee I Emer Dele aien prtu al ites Crete SELECT paling oe a bebo ed ee Hecho nth Pa Pierce SOL Seer et SOL heh Fua Prsia jaane ee baj wr Boe amban ches bey o eao amu re L cami _ Ho Ensure that the E nable Data Modification auditing on all tables check box is selected If you are certain that the backup log for the selected databases is not in the SQL Server default location enter it in the Backup log path box otherwise leave the default For a full explanation of the other options on this screen see Chapter 4 If available select the Enable SELECTs auditing on all tables and views check box and then click N ext Since you have not yet created a Repository the Repository Server Instance wizard is incorporated into the Add D atab
52. User Manual Entegra Version 2 0 1 for Microsoft SQL Server 7 0 and 2000 UM GENt si This document and the software described in this document are furnished under and are subject to the terms of a license agreement or a non disclosure agreement Except as expressly set forth in such license agreement or non disclosure agreement Lumigent Technologies Inc Provides this document and the software described in this document as is without warranty of any kind either express or implied including but not limited to the implied warranties of merchantability or fitness for a particular purpose Some states do not allow disclaimers of express or implied warranties in certain transactions therefore this statement may not apply to you This document and the software described in this document may not be lent sold or given away without the prior written permission of Lumigent Technologies Inc except as otherwise permitted by law Except as expressly set forth in such license agreement or non disclosure agreement no part of this document or the software described in this document may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical or otherwise without the prior written consent of Lumigent Technologies Inc Some companies names and data in this document are used for illustration purposes and may not represent real companies individuals or data This document may i
53. You can browse the new Repository with the Browser as normal Although archived Intermediate Files are stored on disk they need not remain there while not in use You can move them to a different machine copy them to tape or CD ROM backup or back them up using any other method of your choosing When you attempt to restore the data from Intermediate Files that have been moved you are prompted to replace the necessary files in the archive directory 118 Entegra User Manual Restoring Purged Audit Data At any time you can restore audit data that has been purged from the Repository provided that you still have the Intermediate Files containing the desired data Entegra includes a command line tool called LMRestore for restoring old data Restriction Restored data cannot be replaced in the original Repository The restore utility requires you to create a new Repository to hold the restored data You can create the new Repository on the same server instance that hosts the original Repository or on a separate server instance Restoring Data Procedure To use the LMRestore utility to restore data do the following 1 Open acommand prompt window and navigate to your Entegra installation directory C Program Files Lumigent Entegra by default 2 Type Imrestore list and the following required switches SrcRepServer the server that hosts the repository to restore SrcRepD B the database that hosts the repository to restore
54. a User Manual The screen that allows you to complete the configuration wizard is displayed Add Databases to Audit fuMicent Seeger TPRP Mam Trai io sij hs joep detatenee io iha Aui Vee maki iali binu Hemna ae ee sal gu ta ie cre ieee Par beia L foetal pe Poa Pienaar lane bins Fess lal Piecen F ERTE ORLA Deir Pisncetap Timi E e A T 5 Verify that your selections are correct and click Finish The database is now set up for auditing 6 Repeat the previous five steps replacing SERVER1 with SERV ER2 and the Payroll database with the Customer database You have finished the configuration process Audit data from your databases is collected according to the schedule you selected 7 If you wish to collect data immediately expand Audited Server Instances right click a server name and select Collect Data N ow Users can now view audit data by using the installed desktop shortcuts or by connecting their browsers to ht tp ENTEGRA1 8080 1 umi gent login ht ml and logging in with the appropriate permissions see Chapter 6 Example 4 The SQL Server instance being audited is part of a cluster In Example 4 the SQL Server instance being audited is part of a cluster This example assumes that the Audited Server Instance resides on the active node of an active passive cluster All other components the Entegra Management Console Collection Agent Repository Repository Agent and Web Server reside on a separate
55. a database name in the Console s navigation pane the details pane displays the following e alist of audited tables and views in that database e the type of audit e the number of columns being audited e the total number of columns for each table The asterisk in the table detail view represents all columns in the table The asterisk is used to avoid looking up the actual number of columns being audited So an asterisk in the Columns being audited column means all columns in that table are being audited Entegra User Manual Table Level Options By right clicking the name of an audited table you can access the following options Option What it does Add or Remove Columns opens the Audited Table property page that allows you to select which columns in the table you want to audit Delete removes the selected tables from the list of Audited Tables Refresh refreshes the display Properties allows you to configure and or view the following options for the selected database Logical keys for this table Which columns in this table are audited Which events operations on this table are audited Help launches the Lumigent Entegra online Help Audit Data Repositories This node lists all SQ L Server instances that you have set up as Repository Server Instances Under each server is a list of Repositories that exist on that server It is possible to have a Repository Server with no
56. ables 5 2 5 ahead VEKER E REEE T eavinn aa cnenennenatoutmeendumernnnemanan 23 l mkeydest Kenani A ter E atenTsen Son eon oer an ea tere re i 23 UVa EN SAAE TEE E E E E AEEA E E 23 lumise OPS Kinsosocosroinenini in iR E E ER ER EEEE nana TE ER e 23 l mdatabases X sane ke ase aa aie a AN a aia tae 23 NATA ARESTO ALS EREA EA AARE ae arouses 23 lumphysicalattribut s Kisena E E A A Man venvouegce 23 LAETA AN KONS KSE PN chet tanh E E A AN 23 l mdomains 055s sacs ed eee ncen E AE E E a 23 h ma pph tah onS K siitin ene ea tale eee deere EEEE 23 Tiana GUIS OAA E O nen cen eon sev dscrs esos cps tenndesne aorascnaencieaeR 23 l mos serS 50s esas tanya eda hens ea cateeea eta aida adhe at as achat al al eed alte a i ANAS 23 TUG 010010 le S RA EAIA OEN NA aida tab aman al Awa niente ari ane dea aianata 23 lumtranstahlos Xa scesctis tests snag Qieabarsdlasucacszensatadeunwvbssebeowieuseonty ons eatuatnavindebbowieavasevay ANEA 23 TUNG TES esos coerce E EREE EEEE E CEEE EE E 23 Appendix B Restrictions seessesseessessecssecsscesecesocesocsscesocesocesoesscesocesocesoesse 23 Comp nent Setup R strichoNSininicieinicinnn E E a iai 23 A ditng Restons skri i a et i a oae aaki 23 Other RestrichonS nee a EE EER E NORN A 23 Appendix C Configuring the Entegra Web Server with IIS ss0000 23 Pro COGS io ea E O ese AN TRE E E E meee 23 About This Book This User Manual provides conceptual information about the Entegra product a
57. achine hosting the Audited Server Instance the Entegra login needs Log On as Service privileges It must also have at minimum read access to all directories containing SQL transaction log backups for audited databases Chapter 2 Installing Entegra 13 Installing This section provides you with the prerequisites and the instructions for installing Entegra If you are upgrading Entegra see the U pgrading section of this manual Prerequisites Before attempting to install Entegra ensure the following e You have met the system requirements as provided in this chapter e The Entegra Management Console is not running e The Entegra Web Server service is stopped Procedure To install Entegra do the following 1 Run sdup exe from the Entegra version 2 0 1 media provided The Installation screen is displayed Date ences Rn iny Vorsion 2 0 7 Installation Eriegn Macuqa nem Comoe Eriegr Web Sarast Tra Friege Rl ae The rte eb Sheree ee A ee E EE yil Tee ogee ai dap mee of akiki ma ey tere Bape i Cohesion Agere MYDEL et PEATE The bisa jH Driver i mi pp Poe ta Crepi en Dee insisi euegre Ulmageracsi ionmh D hadi ha AE T 3 ral lanaa Wels enar ovise 7 See 2 Click Install Entegra Management Console 14 Entegra User Manual The Lumigent splash screen is displayed Welcome to Lumigent Entegra Management Con Click N ext The License Agreement screen is displayed Entegra Management Console
58. ag eile 8 Select the locations where you want the Collection Agent installed and where you want it to store its audit data files and then click N ext 68 Entegra User Manual 10 11 The Notification screen is displayed Hohification hapaa bigest Pe AEAN Priego Ualierienn Sages all sored steels ho g esther erkbess hen a ees fake n Spends ermi condqpe shar Erdia mean p rer Ered aoe Ea e i p coe co Enter email information for the Collection Agent to use when emailing you about collection failures You must enter a To and From email address and the name of your mail server and then click N ext The screen that allows you to select your license capabilities is displayed Add Server Instance to Audit Sam Tie eps oes hee Buus es A N a Wena ua sell mbinn naprid ea hy ee ied rnr hep Check Fa cenit m be smigead in dn ever gone aatia Hiabin amn w nr n s cece ie Type or paste the license key into the License Key text box and click Add All Entegra features available in this key are displayed in the window Check the boxes next to the features that you wish to enable for this audited server instance and then click N ext Chapter 3 Configuration 69 The screen that allows you to set auditing frequency is displayed Add Server Instance to Audit I Iau Pa Sed Em phe ieee oe keeper be rey Fe eres igari haies ITE oa Io Th n qme on mrii eee
59. ain options you can specify for the archiving feature e how the SQL backup log is handled after Entegra has finished processing it e how the Entegra Intermediate File is handled after the data it contains has been imported into the Repository e how long data is retained in the Repository before being purged Chapter 4 Archiving 115 SQL Backup Log Handling 116 At the Add Database to Audit wizard screen you can specify the disk location of the SQL backup logs The same wizard screen also displays the Post Processing menu which allows you to specify how Entegra handles the backup logs after audit data is extracted from them The following options are available e Leave the log in the backup directory e Rename the log to a post processing directory e Delete the log Leave the log in the backup directory This option tells Entegra to do nothing after it is finished with the log The log file remains in its directory indefinitely or until you delete it either manually or via another application Rename the log to a post processing directory This option tells Entegra to move the log to a separate directory after processing If you select this option the Post Processing Directory text box is displayed allowing you to select the directory to contain processed log files Delete the log This option tells Entegra to delete the log file from the disk after processing it You can also view and change this setting after a database
60. ame This screen allows you to specify a Repository license key If the license that you entered during the Add Audited Server Instance Wizard included Repository capabilities it is displayed here and can be used for the Repository you are now creating If not you must enter a valid Repository license key before continuing The screen that allows you to complete the configuration wizard is displayed Add Databases to Audit luniccent aaa 5 mrama Lee AERA Poe Trah bo wij fhe jig disias io fre Au Toa ME e loa sree emp nia malin Wier errs in Bem ee eer Rr a iada binn Peco r EME OR Deira Mercat Timur Back L Friii j Carms 11 Verify that all your selections are correct and click Finish The Repository is set up the Repository Agent is deployed and the selected databases are set to be audited Chapter 3 Configuration 77 You have now finished configuring your Entegra environment Automatic collection of audit data occurs according to the schedule you selected 12 To start collecting data immediately select the Audited Server Instance right click and then select Collect Data N ow Note The first collection may take a long time if there is a large amount of historical data for the databases being audited Entegra collects audit data from all of the transaction logs and log backups that are available in the directories you specified You can check on the progress of the auditing process by selecting any of th
61. as Example 1 Example 1 Setting up two machines as an Entegra environment 64 Example 1 presents the process of setting up two machines as an Entegra environment The first machine to configure called SERVER1 is aSQL Server machine running a production database The second machine called ENTEG RA1 is dedicated to the Entegra software This example takes you through the following stages Stage What Happens 1 Prerequisites and installation 2 Add an Audited Server Instance and deploy Agents 3 Specify databases to audit Prerequisites and installation To ensure that the prerequisites for installation are met and to install Entegra software do the following 1 Ensure that both machines meet the hardware software operating system and network connectivity requirements described in Chapter 2 Entegra User Manual 2 Ensure that login names and passwords are available that fit the criteria described in the Security section of Chapter 2 For the purpose of this example Windows authentication is used throughout the system Log on to ENTEG RA1 using a Windows login that has full administrative privileges on the machine Using the provided media install the Entegra Management Console and Web Server on ENTEGRA1 This concludes the installation portion of the setup process Next SERVER1 is set up as an Audited Server Instance and Agents are deployed Add an Audited Server Instance and deploy A
62. ase wizard Add Databases to Audit Cazi Nem In the Database Server text box type ENTEG RA1 or click the browse button to display the available database servers as shown below Select ENTEG RA1 and then click OK 74 Entegra User Manual Add Dateless to Auth Eas Sm Lemm om a ilasan een ee Peed Tiom ceo sig meal ny Biisit erur i lene Sates ree id Click N ext to accept the default of the currently logged on account Alternatively you may enter a valid SQL Server database login name and password The Service Log On screen is displayed Service Lag On Siete Hur araia eee ese Meg Pepsi rap Gegerd mal nn sa m reame hima gota T ioca byen Asana T HT Ac cee pih c to a apia Dam nna The NT acari nera Lm a DORA eres I m The Service Log On screen information is used by the Repository Agent to run its service Leave all fields blank and click N ext to use the local system account Alternatively you can specify a username and password This account must have logon as service permission on ENTEGRA1 Chapter 3 Configuration 75 76 The Archive screen is displayed Archive Agua gets ba They painy regag ina Bap ee rm ppi ayn thes spay meee m Bees cers Sele bee Ecm bee niski E igram iia ett riega a p di dpa n ciebei mo hanere Fle baire barpj eect eed mig jhe faena Thare fee can be atenei be iong bers peterson or dearhn wie fee
63. ata if it already collected against that database If you never want to see the details for a particular field in the table you can remove the table from the audit Removing tables from the audit also saves resources and improves Entegra s performance Refer to the Add Remove Columns section for more detail 136 Entegra User Manual Chapter 7 Troubleshooting This chapter discusses troubleshooting issues that you may encounter with your Entegra setup If you get an unexpected error contact support lumigent com Attach theemcerror og file from the Entegra installation directory This file contains the error that was displayed Support may also ask to see the application event logs from machines that are involved in the error you encountered Entegra Management Console Issues The following table lists EMC errors a description of the error and a recommended solution Chapter 7 Troubleshooting 137 Error Description Recommendation Snap In This error usually indicates that you are To solve the problem run the Entegra Failed To attempting to run the Entegra Management installation program on the machine from Initialize Console from a remote machine by opening the which you want to use the Management msc file Console Transfer This message on the Collection History page can To diagnose check the Application Event Failed indicate a variety of problems with the following Logs on the following Collection
64. atabase for the Repository to reside in By default it is installed in the lumigent database Restriction Using a non alphanumeric character as the first character of a repository name can cause problems Use an alphanumeric character to begin a repository name Y ou may use special characters the following are accepted _ elsewhere in the repository name 8 Click Finish to set up ENTEGRA1 as a Repository Server and create the new Repository Y ou have finished setting up the Repository Server and creating the Repository Next set up the databases for audit 110 Entegra User Manual Set up the databases for audit To set up the databases for audit do the following 1 Atthe EMC expand Audited Server Instances right click SERVER1 and then select Add Databases Corsote Foot Server Mame i Entegra Marsgement Corel E Audited Server nshances SS Add ODababnses Agd Server instance Collect Cata Mice Lipo ade Change Collection Agent Machine When F Delete Refresh Esport List FProperies Help The Add D atabases to Audit wizard is displayed Add Databases to Audit Save TEHNEET Tias kbh Ban al altala irgi vil li aiita bee mets deishe Plaee rlatabaase Bs prer umei be m aii Wale Degg et dees Avie Dahisi Tap alla Teale are raced rei Riket eed Fea EH Imani se M a 2 Select the Payroll database in this example it is lumigent from the Available Databases wi
65. auditing fatlure the following message will appear im the server s Event Log Error writing audit trace SQL Server is shutting down L x oa 13 Click OK to accept this option or click Cancel to clear it Entegra User Manual The screen that allows you to specify how alerts are sent from the server is displayed Add Server Instance to Audit Jam TEMER Seerds hea smit ral r wesi him Pns mem hr res poge call ed pm prier nimh nee prea gis imis Bae rh reh eyed ey pieni geran sieg rine bne bhar eral and rapi tog hh berae E i ert epea b ep pe ky on E mm M prsi This optional feature alerts you any time an event of a specified type occurs Y ou specify the types of events that trigger alerts in the next step By default alerts are logged to the Windows Event Log on the local server 14 Select the methods by which you want to be notified when an alert condition occurs To have alert events emailed select the E mail to check box make any modifications in the text boxes and then click N ext The screen that allows you to select alert events is displayed Add Server lnstance to Audit ECE Qin sirai eal be peres simi canh ees rimier ever mas m am mabeni site on eeren ERY EAI E Dere bon Da ahai E Depr Abm hep Cimri phm pan ied ees T heii Ceas Aia Drop c Tee Tbe E Giri Dary Freni e Pie j iid Perse j gpn F ki Feeree Ure E oami haee Nis D Daai Diris C D CE H Rere laene D eer Uer E Pied ingen
66. begin auditing you need to accomplish the following tasks e Specify at least one SQL Server instance that you want to audit Then for each audited server specify at least one database to audit e Specify at least one SQL server instance to be a Repository Server and create at least one Repository to receive audit data Optional tasks You can also perform the following optional tasks with the Entegra Management Console e Set up alerts and notifications using email and or the event log e Create multiple Repositories on the same server or different servers to receive audit data from multiple Audited Server Instances and or databases e Select what operations to audit for each table SELECT INSERT UPDATE DELETE Fine tune the columns to audit in each table Specify the columns that identify the unique row using a logical key in one or more audited tables Chapter 3 Configuration 29 Note The unique row enables better detail in audit reports Entegra does this automatically but you may want to fine tune the logical key to add or remove the activity details that are included in the audit report browser view The amount of data collected depends on the various types of activity in your database If you have a large number of transactions you may generate a lot of audit data This means that you need to ensure adequate room for your repository s database or you may want to reduce the following from being audited
67. bo eet ee ee Aenea dobia mn eee dea derry 711700 TE im Dms mi Je IL Set Teer i aH FERF f cnr H cece ne 12 Set the schedule for automatic collection Recommendation Schedule collections for low traffic times of day Also avoid overlap of collection and backup operations Ideally collections should be run shortly after the backup completes For this example set the collection schedule to 7 00 A M and 7 00 P M every day To do so click the arrow a Inthe Start Date box select tomorrow s date b In the Start Time box select 7 00 A M c In the Frequency section change the units to hours and enter 12 in the text box 13 To choose the option Shutdown the server on audit error to protect audit integrity select the check box and then click N ext Note If you select this option the following warning is displayed Warning This option Instructs SQL Server to shut down if any auditing operation fails This sn happen if the amount of server disk space set aside for Entegra is foo small It can alsa happen if a change In server seourlby settings causes SOL Server to be unable to write audit files If ether of these situation arises the database will shut down and will be unavailable FPSO Server shuts dosm due to an auditing fatlure the following message will appear im the server s Event Log Error writing audit trace SQL Server is shutting down L x oa 14
68. c Foreign key to join against lumkeys table This key is set 18 0 for DML operations to identify the record which was changed by the operation sessionid numeric Unique ID of the SQL login session during which the 18 0 transaction occurred Foreign key to lumsession table databaseid int Unique ID of the database on which the transaction occurred Foreign key to lumdatabases table serverid int Unique ID of the audited server instance on which the transaction occurred Foreign key to lumservers table time datetime Timestamp of the event transid1 int High DWORD of system transaction ID for the event transid2 int Middle DWORD of system transaction ID for the event transid3 int Low DWORD of system transaction ID for the event seqnum1 int High DWORD of unique sequence ID for the event LSN for SQL Server SCN for Oracle seqnum2 int Middle DWORD of unique sequence ID seqnum3 int Low DWORD of unique sequence ID opcodeid int Foreign key to lumOpcodes tableid int Obsolete This field has been replaced by the lumtranstables_x table ownerid int Foreign key to lumOwners aborted_op char 1 Whether the event was part of an aborted transaction 1 if aborted 0 otherwise failed char 1 Whether the event was part of a failed transaction 1 if failed O otherwise Appendix A Repository Schema 143 lumdetails_x This table stores column change d
69. ce 2 Back up the configuration databases for each Repository Server Instance 3 Back up each database that hosts an Entegra Repository If you are upgrading all your repositories to version 2 0 1 you must do the following After you have upgraded the EMC ensure that you right click the Entegra Management Console_0 node and select Upgrade before you attempt to view any existing repositories Upgrading the EMC Prerequisites Before attempting to upgrade Entegra ensure the following e You must have Entegra v1 3 or v2 0 installed to upgrade to v2 0 1 e You meet the system requirements as provided in this chapter e The Entegra Management Console is not running e The Entegra Web Server service is stopped e You have backed up the files listed in the Upgrading section Procedure Be sure to perform this procedure on each machine running an instance of the EMC To upgrade the EMC to Entegra 2 0 1 do the following 1 Close the existing Entegra Management Console and stop the Web Server service 2 Run sdup ee from the Entegra 2 0 1 media provided Chapter 2 Installing Entegra 17 The Installation screen is displayed Lurnigertt Date arose Ao itiny Version 2 0 1 Installation Eriegm Magamat Coos Entegra Web Sener The Grieg Ble Coe The Emapa Web Saree ne A ee ee Ea pil ae gare ed dap mpera of guid mA Ley ieee Bs pacer dl GETE REL le Pe The kicrsr SOR Dever i peri ee fe Crepi San banm L toed owrsre tia
70. ce This Agent handles both SERVER1 and SERVER2 On high volume systems you can run the Collection Agent on a machine other than the Audited Server Instance as shown in Example 1 The Collection Agent may cause slight performance degradation on a server machine This example takes you through the following stages Stage What Happens 1 Prerequisites and installation 2 Add the first Audited Server Instance and deploy Agents 3 Add the second Audited Server Instance and deploy Agents 4 Create a Repository to hold the audit data from the two databases you plan to audit 5 Set up the databases for audit Prerequisites and installation To ensure that the prerequisites for installation are met and to install Entegra software do the following 1 Ensure that all machines meet the hardware software operating system and network connectivity requirements described in Chapter 2 2 Ensure that login names and passwords are available that fit the criteria described in the Security section of Chapter 2 For the purpose of this example use Windows authentication to connect to the databases on both servers You need Windows usernames and passwords that have sysadmin privileges on the servers 3 Logon to ENTEGRA1 using a Windows login that has full administrative privileges on the machine 4 Using the provided media install the Entegra Management Console and Web Server on ENTEGRAI This conclude
71. ce to Audit wizard is displayed Add Server instance to Audit a at a Tee eed belo eee ot l ass thee e eve ibe eee Te 1 levees men arime Po daiam hi ae J mha dee i n ee mewe ht rimda maii lda Cedars ari rere gpn resh d eaha A Cnet rrieri rs 4 Zimi ari neo erri a re Click Next The screen where you choose a database server to audit is displayed Add Server Instance to Audit Sau Dinner rlaiehaer seam In meti Diath barri Tinm Cont ming E fanes mimina C ggi b ra miira Len rrer _ _ _ __ _ Fj Paad m E Coichon deed ua on ere Tachet ai th Aia H sn h He J O In the D atabase Server text box type SERVER1 or click the browse button to display the available database servers as shown below Select SERVER1 and then click OK Chapter 3 Configuration 81 82 Add Server inatance bo Aidt 5 Select the SQL Server authentication radio button and enter the username and password for a SQL account that has sysadmin privileges on SERVER1 Make sure that the Collection Agent runs on same machine check box is selected and click N ext The Service Login screen is displayed Service Login hima Bigot MENUT Hpi He Colles tees igri epee bp ap Eo Pg pea h kag min Her HT een T Lena GAHE Aor T HT hcc pih cm to Pe Tapa tarwi The NT Soori nera prec a DORA ma x teck n cece en This
72. ce wizard and continue Entegra User Manual The screen that allows you to complete the configuration wizard is displayed Add Repository Pas r N Jary EN TERGHMAS Pere pree ha iiy rapa jipya Dhi l bee Be rer i Bop Peper Pm ele oy ha Eder Bee uem Banca one bares eles _Meponey1 ihe Heppin eal fer d bleep than one oe s Lo mir Cancei jf Hein 4 Provide a name for the new repository specify a database for the new repository and add the license key and then click Finish Adding a Database to Audit To add at least one database to audit do the following 1 Atthe EMC right click the relevant audited server then click Add Databases Corsote Foot 2 Entegra Management Dorsale Ga Audited Server mshances J at ae Bg Ge Sery Add Gata arses Add Server restarce Collect Cata Mhow ipso a Change Collection Agent Machine Wien F Delete Refresh Expeort List Propertez Help Chapter 3 Configuration 47 The Add D atabases to Audit wizard is displayed Important Do not select the database that is used as a repository for the audited data If you audit the repository tables it sends the audit data to the repository causing the repository to grow at a rapid rate If you wish to audit the repository database set up a separate repository to hold the contents of that audit data Add Databases to Audit Jenn EH EDTA Ths Ek khi an al hab
73. chive screen is displayed 88 Entegra User Manual Se does n colectedt ino menebre Plier baliye barky yer pd mig jha a Thae Gee can be ated he long hem pimiion o cea C open enaa ee ache al 5 Select a location for audit data to be archived after it has been imported into the Repository and then click N ext For more details on this feature see Chapter 4 Chapter 3 Configuration 89 90 The Notification screen is displayed Hohification hapaa bigest Pe AEAN Eniegeg s Ualierienn Sages ral sored steels ho g reihe phen griben hen a ees fake n Spends mrmi rerigpa shar Erai to memean nrm aer Ered aoe Ea e SAT P pinat i p coe co BaT F Fimi 6 Enter email information for the Repository Agent to use when emailing you about import failures and then click N ext The Add Repository screen is displayed Add Repository Sen EH reo Pere eee be th rapa Peete ee be ep ge i Fop Pe panai rapes m dan Erie Segre uam ieee Benasi Hares Fea face 2 t Spender a dagbere eters ihe Hepie eal feos ble them one Peeler rm Lettie bal bane barry eam Ms Breede Hp aed depenh nn ee errari m cid Cole ied iran he Disb ee ee ee a Lorm L cecs O n In the Repository N ame text box type Payroll_Repository In the Database text box type payroll Note that this screen also allows you to specify a Repository license key If the license that you entered d
74. ction Agent Agee kipara TENNER figer H arhe EEAVERi gerd eric zpopanin baala Dae Opn Pie ureri ere Daia Ti amie Drie B iopen Pleas iregi E riage et ahaa 7 Select the locations where you want the Collection Agent installed and where you want it to store its audit data files and then click N ext 98 Entegra User Manual The Notification screen is displayed Hohification el epee tigen eH Endegeg s laerien Sige ral sored steels ho g esther priben hen ay ees fake n Spend mrmi rerigpa shar Eredia mea nmp rer Ered aoe Ea e i p coe co 8 Enter email information for the Collection Agent to use when emailing you about collection failures You must enter a To and From email address and the name of your mail server and then click N ext The screen that allows you to select your license capabilities is displayed Add Server Instance to Audit Sam Tie eps oes hee Buus es A N a Wena ua sell mbinn naprid ea hy ee ied rnr hep Check Fa cenit m be smigead in dn ever gone aatia Hiabin amn w ner n s coc ie 9 Type or paste the license key into the License Key text box and click Add All Entegra features available in this key are displayed in the Available Capabilities window 10 Check the boxes next to the features that you wish to enable for SERVER1 and then click N ext Chapter 3 Configuration 99 The screen that allows you to set auditing fre
75. data Help launches the Lumigent Entegra online Help In addition under the Audit D ata Repositories node you there is a folder called Import History When you highlight the Import History folder in the navigation pane history information about recent import operations is displayed in the details pane 128 Entegra User Manual Repository Level Options By right clicking the name of a Repository you can access the following options Option What it does Add Repository launches the Add Repository wizard Upgrade initiates an upgrade of the Repository Server and associated Repository Agent Delete causes the selected Repository to be removed Refresh refreshes the display Properties allows you to view configuration information about the Repository such as its name location and license information view and modify information such as how long to retain Intermediate Files IFs and where to store them on the Repository machine Help launches the Lumigent Entegra online Help Collection Agents This node lists all Collection Agents that you have set up on your system By expanding the Collection Agents tree you can see a list of computers by machine name that have Collection Agents on them Expand any machine name to see a list of the audited servers being handled by that Collection A gent By right clicking Collection Agents you can select Add Collection Agent to c
76. dmin privileges in SQ L Server or Entegra can t collect session data DDL SELECTS and alerts To determine whether the account has sysadmin access do the following 1 Logon to Windows using that domain account then use Query Analyzer to connect to SQL Server 2 Use Windows Authentication to connect and then issue the following query SELECT SYSTEM USER IS SRVROLEMEMBER sysadmin The query returns two columns the account name in the first column and the number 1 in the second column If 0 is shown in the second column then this account does not have sysadmin access and Entegra won t work Audited Server Machine On each machine hosting an Audited Server Instance the Entegra login needs the following permission set e Read and Write access to the Windows Registry e Read and Write access to the file system e Read access to the directory where SQL Server backup files are stored e System Administrator permissions on the SQL Server instance being audited unless you plan to use SQL Authentication see above These permissions are used by the Collection Agent If you choose to implement the SELECT s auditing feature see Chapter 1 the Entegra login also needs full access to the directory where you wish to store SQL trace files For details see Chapter 3 Entegra User Manual Repository Machine On each machine hosting a SQL Server Instance that contains a Repository the Entegra login needs the following permission
77. e dbo lumAuditCollectAlerts SERT UPDATE DELETE SELECT dbo lumAuditCollectConfigvars SERT UPDATE DELETE SELECT dbo lumAuditCollectDatabases SERT UPDATE DELETE SELECT Elcbo lumAuditColectDateFiles SERT UPDATE DELETE SELECT Elcbo lumAuditCollectEventData SERT UPDATE DELETE SELECT Elcbo lumAuditCollectHistory NSERT UPDATE DELETE SELECT Elcbo lumAuditCollectotification NSERT UPDATE DELETE SELECT lcho lumAuditCollectTables NSERT UPDATE DELETE SELECT Eidbo lumAuditCollectTraceFiles NSERT UPDATE DELETE SELECT lcho lumAudltRepRepositores GERT UPDATE DELETE SELECT BY doo sysconstraints SELECT PY doo syssegments SELECT Chapter 2 Installing Entegra 27 Chapter 3 Configuration Chapter 3 provides the necessary configuration options to begin auditing your data Now that you have successfully installed Entegra you need to set up the necessary configuration options to begin auditing your data The configuration tasks discussed in this chapter are performed by the Entegra Management Console EMC The EMC is a Microsoft Management Console MMC snap in that allows you to setup and configure your Entegra environment including e defining objects such as databases tables and columns that you wish to audit e creating Repository Servers and Repositories to contain audit data e creating alerts for particular database activity types and assigning notification methods to these alerts Required Tasks To
78. e Add Remove Views Wizard The Add Remove Views wizard is available on the Audited D atabase menu when the Audited Server Instance is SQL Server 2000 or better and has a SELECTs license assigned to it A View is a way to select and view data from multiple tables at the same time View transactions show up in the Audited D ata browser as both a SELECT on the View and as a SELECT on each table associated with the View This allows you to filter by View name or by table name and get a complete listing of SELECT transactions for each Add Collection Agent Wizard The Add Collection Agent Wizard is generally used to re establish a connection to an existing collection agent The Add Collection Agent wizard is automatically incorporated into the Add Audited Server Instance Wizard and the Change Collection Agent wizard if you specify an Agent machine that does not have an established collection agent Change Collection Agent Wizard The Change Collection Agent Wizard allows you to move a particular Audited Server s collection processing load to a different machine You can reassign the Audited Server to an existing Agent that is already handling other Audited Servers If you specify an Agent machine that does not have an established collection agent the Add Collection Agent Wizard is automatically incorporated into the Change Collection Agent wizard This is not a wizard that is generally run as part of initial configuration You may want to change
79. e following nodes in Entegra and pressing the F5 Refresh key e Collection History under the Audited Server Instance e Import History under the Repository Server Instance e Databases folder under the Audited Server Instance When the Import is complete your users can access the Entegra Browser by using the installed desktop shortcuts or by connecting to http ENTEGRA1 8080 1 umi gent ogin html and logging in with the appropriate permissions see Chapter 6 Optionally you can now fine tune your configuration by doing any of the following e selecting which tables to audit see Add or Remove Tables e selecting which columns to audit see Add or Remove Columns e selecting logical keys for tables see Selecting the Logical K ey Example 2 Setting up a distributed Entegra environment on three machines 78 In Example 2 you set up a distributed Entegra environment on three machines An existing SQL Server machine called SERVER1 holds two important databases Payroll and Customers each with its own security information A second machine ENTEG RA1 receives the audit data and stores it in a local repository while a third machine ENTEG RA2 runs the Web Server The Entegra Management Console runs on ENTEGRA1 ENTEGRA1 hosts two repositories one for audit data from the Payroll database and one for audit data from the Customers database Maintaining separate repositories allows the administrator to apply different permiss
80. e machine Note that completing the Audited Server Instance wizard is not sufficient for Entegra to begin auditing You must complete the Add Database Wizard for auditing to begin 30 Entegra User Manual Add Database Wizard The Add Database to Audit Wizard sets up a specified database for auditing The Add Database wizard can only be performed on a previously established A udited Server Instance To successfully use the Wizard you must complete the Audited Server Instance wizard You can use the Add Database Wizard to add multiple databases simultaneously provided that they are all on the same server instance The Add Database Wizard requires you to assign the new audited database to a Repository If you have already created a Repository Server Instance and created a Repository you can select the existing Repository during the Add D atabase Wizard If no Repository exists yet or if you wish to create a new Repository for this database the Add Repository Wizard is incorporated into the Add D atabase Wizard During the Add Database Wizard you may select the following optional features e Enable Data Modification auditing on all tables e Enable SELECTs auditing on all tables and views Enable Data Modification auditing on all tables You can set Entegra to audit all tables in the selected database this is the default or not If you clear the Enable Data Modification auditing on all tables check box in the Add Database Wizard you must
81. e types of transactions e number of tables e number of columns A large number of transactions being audited increases the amount of time required to import the data into the Repository When auditing a database for the first time Entegra reads in all transactions available in all of the backup logs for that database If there is a large amount of data in these logs the first collection and import takes a significant amount of time The examples in the next sections demonstrate how to accomplish each of these tasks Configuration Wizards Overview The Entegra Management Console provides several wizards that facilitate the configuration process The following sections provide an overview of the wizards Examples of how to use these wizards to set up a complete Entegra environment are provided later in this chapter Add Audited Server Instance Wizard The Audited Server Instance Wizard sets up a specified SQL Server instance for auditing You can also use this wizard to connect the Entegra Management Console to a previously established Audited Server Instance for example if you have installed the Management Console on anew machine and wish to use it to administer your existing Entegra setup During the Audited Server Instance Wizard you specify the following e server instance e various login information e auditing options e whether to install the D ata Collection Agent on the same machine that hosts the server instance or on a separat
82. ection Agent for this server instance resides Delete causes the selected server instance to be removed from the list of Audited Server Instances Refresh refreshes the display Properties allows you to view and or configure the following options for the selected audited server Notification method for real time alerts Database events you want to be notified about in real time Schedule by which collection tasks are performed Login method for the Management Console and Agents to access the server s databases Licensing information such as which features are licensed for the server and which additional features you may enable on this server Installation path where the Collection Agent for this server is installed this information cannot be changed Location where the Collection Agent stores its working files Help launches the Lumigent Entegra online Help In addition under each server is the Collection History node Highlight Collection History to reveal in the details pane information about all collection tasks that have occurred on the server For each collection you can see the following e start time e status e LSNs that form the boundaries of the data gathered in that collection e location and filename of the Intermediate File If the Collection History display becomes too long you can purge it by right clicking Collection History in the navigation pane and s
83. ed that you create a Windows user on your domain to be used only by Entegra This login referred to in this book as EntegraLoginUser is used by the Entegra Management Console and the following Agents to perform various tasks e Collection Agent Account e Repository Agent Account e Account currently running on the machine hosting the Console The permissions required by this login are described below Note Although the following information is broken down by Entegra component you may install multiple components on the same physical machine therefore the same machine may be described by more than one of the following sections The following sections are based on the use of Windows authentication to access all relevant SQ L Server databases as follows Chapter 2 Installing Entegra 11 12 e databases being audited e databases containing Repositories e databases containing Entegra configuration information You must enable EntegraLoginUser to access the necessary databases If you prefer to use SQ L authentication for any of these databases you can create a SQL login for example EntegraSQ LUser to be used only by Entegra Audited SQL Server Instance Service Privileges The service login of each audited SQL Server instance must have sysadmin privileges in that audited server instance Because LMServer runs within SQL Server itself and it uses Windows Authentication to log on to SQL Server it must ran as an account with sysa
84. elect the logical key see Sdecting the L ogical Key Selecting Audit Settings for Individual Tables To change audit settings for an individual table do the following 1 Right click the relevant audited table and then select Add or Remove Columns The Add or Remove Columns Properties screen is displayed 33 a igent 1 db Add or Remove Columns Hdd view 3 db Delete db db Refresh dh Export List dd Properties db mih Help Chapter 3 Configuration 51 2 Select the Audit Settings tab The audit setting check boxes are displayed Add ar Remove Columns Properties T En D albiiti linge Ti em og The tele op bey hobby mal ote er rl beg eters Cheops The mar ted el be de Pe bee ie ee HAT UAE ELETE F SCT e 3 Make your selections and then click OK Selecting Audit Settings for Multiple Tables You can set the audit settings for multiple tables by doing the following 1 Atthe EMC expand the audited database to display the tables in the results pane 2 Use Shift click or Ctrl click to select more than one table right click the selections and then select Properties E SERT UPDATE GELETE dbo un udito onrigars MEET UPDATE DELETE aldo lum nditcolletistanses INGER T UPDATE DELETE INSERT UPCATE DELETE MEER T UPDATE ELETE to lumAudiColledTracF lles INSERT UPDATE CELETE 52 Entegra User Manual The Properties on Multiple O bjects screen is displayed
85. electing Purge Chapter 5 Entegra Management Console Reference 125 126 This command causes the Entegra Management Console to purge the display of all collection tasks except the most recent The data collected in these tasks is still available The Purge operation does not remove any data It only removes information about the time and status of past collections After a purge you are not able to retrieve the collection history lines that were displayed except for the last collection status for each audited database Database Level Options By right clicking the name of an audited database you access the following options Option What it does Add Databases launches the Add Database wizard Add or Remove Tables opens the Add Table dialog Add or Remove Views opens the Add View dialog Delete causes the selected database to be removed from the list of Audited Databases Refresh refreshes the display Properties allows you to configure and or view the following options for the selected database General information about the database Status as to whether all required Audit components are set up for the database Location of the SQL backup files for this database Handling of SQL backup files after they are processed see Chapter 4 Name of the Repository in which this database s audit data is stored Help launches the Lumigent Entegra online Help When you highlight
86. ents performed on Audited Server Instances This data is collected via SQL Server s trace function All information generated by SQL Trace is stored on the machine that hosts the Audited Server Instance in a location that you specify Prerequisites To add the SELECTs feature you need an appropriate license key to enter during the procedure Procedure Be sure to perform this procedure on each machine running an instance of the EMC 1 Atthe EMC right click the audited server instance and then select Properties Entegra Management Console Mle Acton W Helo a Fey A oe Consola Paat Serve E Enis a Management Coreole_O I TERK E Audited Sewer maamees Add Databwamen T Add Server rotante Ii a Ae Collect Data Morey Gacole Peada l Service henge Collection Agent Machina Delete Puatresh Help Chapter 2 Installing Entegra 25 The screen that allows you to select your license capabilities is displayed mM Pent Properties z Ate Sphere Noahs Lomein rie is Calc eel ie Tint m Tha ceeetdiiers pr eg pl gan pled i bes Bpi bop es oar ad ether copiers hp eee aahi bee bp heck She cies be ee eee bp ih pee Di B rii orim 1 2 Click the License Keys tab and then at the License Key text box type or paste your SELECTs license key click Add select the Selects check box and then click OK 3 At the EMC select the audited database node The audited tables are displayed in t
87. epository is a set of SQL tables it can reside in any database on the Repository Server Instance By default it is installed in the lumigent database Restriction Using a non alphanumeric character as the first character of a repository name can cause problems It is recommended that you use an alphanumeric character to begin a repository name Y ou may use special characters the following are accepted _ elsewhere in the repository name When you use the Add Repository Server to connect to an existing Repository Server configuration the EMC automatically picks up any Repositories that are established in that server instance Add Remove Tables Wizard The Add Remove Tables Wizard allows you to specify which tables in an audited database should be audited If you cleared the Enable Data Modification auditing on all tables check box in the Add D atabase Wizard you must run the Add Tables Wizard to specify at least one table to begin auditing It is not recommended changing settings during a collection or import EMC returns an error message if it is not a good time to change the settings 32 Entegra User Manual A logical key needs to be defined for any table on which you want to view activity details The audited columns in the table are the columns that are displayed in the Activity D etails pane on the web browser Y ou need to define both logical keys and audited columns to see any activity details for a transaction on that tabl
88. er Manual The screen that allows you to type your email information for server failure notification is displayed Add Collection Agent _ Apert Mph Ex TEOMA SS a erei p aem Sean ral sarj spd s in a reie ghen grirhen che ees ioe Spend mrmi rerigpa sher Erai a irme a 7 Ered ioe ia STF Pleat iad Maegan cere C BATEE 5 Specify your email information for failure notifications and then click N ext The screen that allows you to complete the configuration wizard is displayed Add Collection Agent lunicent 7 a aF a Mam Trai bo eemabieh an Agari on Pa ioe eee ape heme BWTE fi 6 Click Finish to create the new Agent or click the Back button to change options Chapter 3 Configuration 59 Changing a Collection Agent This is not a wizard that is generally run as part of initial configuration You may want to change a collection agent if Entegra collections are negatively affecting performance on a production machine and you want to move this workload to a different machine In this case the Change Collection Agent wizard smoothly transfers the workload from the old machine to the new machine It is best to do this when no collections are taking place To change a Collection Agent do the following 1 Atthe EMC right click the relevant audited server instance and then click Change Collection Agent Machine I Corsale Root ff Entegra Management Corecle Audi
89. er heat vill er maii hee Por amei daine meram leer ieee Bia prar ened endl eve tie Taa Daiei si An hiahia Durabis Tap Cl Cezmi Hein 2 Select the databases you wish to audit from the Available Databases window and click the right arrow button to move them to the Target Databases window and then click Next Click the All box to quickly select all databases The screen with the databases that you selected to audit is displayed Note Only newly selected databases are displayed databases that are already set up for audit are not displayed Add Databases to Audit Z Jam PRiParAt meir win nemam in Pe kesi pe hare mimmi a my pee mei ra eefermiasd iiai does Lies Peres H Hees ie ee Dice ae to irre DS Erap kee bel iahon meding ory wl Aakers D Em SELECT s uti oe a jeb md see Behaobgowth Co Pmage Piece SOL Gee ots SOL bach Fua Prcecomikiragy aee tee bem ot Bom ahg cbs bey speck Mere cemi Histo 3 Ifyou do not wish to audit all tables clear the Enable Data Modification auditing on all tables check box Note If you clear the Enable Data Modification auditing on all tables check box you must manually specify tables to audit after you complete the Add D atabase wizard See Add or Remove Tables 48 Entegra User Manual If you want to enable SELECTs auditing on all tables and views and the check box is available select the Enable SELECTs auditing on all tables and views check b
90. erver and local service login for the agent or you can use Windows logon for both the audited server and the agent each on a different machine it is highly recommended that you use Windows logon for the audited server and the agent Note The Windows account used to log on to the Audited Server is specified on the Agent log on page 3 Specify the account for the Collection Agent service to use to log on to the NT server and then click N ext Note The log on you use must have Logon as Service privileges on the Agent machine If you choose a log on name that does not have the necessary privileges you receive a logon failed error message The screen that allows you to select a storage directory is displayed Note If the Installation Directory location box is not available then there is already an Entegra component installed on that machine Entegra installs all of its components to the same directory on a given machine Add Collection Agent Agen hipaa Ee Teor tiger Mache interna peered eres BGO 1 0 baala Dabo Date Tiemie D ecto Paget Pe Liege neg ee ae ee ee ee The Data Transfer Directory is the directory where the Agent stores audit data files prior to transmitting them to the Repository A gent 4 Specify the D ata Transfer Directory where you want the Agent to store audit data files prior to transmitting them to the Repository Agent and then click N ext 58 Entegra Us
91. etails associated with INSERT DELETE and UPDATE operations There is one row in this table for each change to a column for example a transaction that changed three columns would have three rows in this table but only one row in the lumt ransactions table This table can be joined against Lumt ransactions through the act ivityid column to associate column changes with operations lumtracedetails_x 144 activityid numeric An ID for the transaction foreign key with lumtransactions 18 0 colname nvarchar Name of the column that was changed 512 val1 ntext New column value val2 ntext Old column value reconst char 1 Reserved This table stores details associated with D D L and security events that were audited There is one row in this table for each audited event This table can be joined against lumt ransactions through the act ivityid column to associate a transaction with the Operations it performed activityid numeric An ID for the transaction foreign key with lumtransactions 18 0 detailtext ntext String containing the details of the audited event Typically this is a SQL statement Entegra User Manual lumtables_ x This table stores a list of audited tables and views on the Audited Server and can be joined with lumt ransactions Viathe lumtranstable table tableid int A unique ID for this table or view databaseid int Unique ID
92. eters 101 Perase riage eo 00 cee 3 Click Next 22 Entegra User Manual The License Agreement screen is displayed Entegra Web Server Setup x Litera digreement Limit a ite Piem reri Per bey oe eee ep ra Froan Ber PESE DIAU bep bu ima He tart oF Pre agrare WUMISEHT TEC HHO DSE PUTE GE ACTA POR SL SCRE TH BOFTAAAE LIORADE LGRETHELT HEDETENT De pou accept al the tarraa ef the pracedeng Limnia agreement lt pra choces Mo the iip Ae dam Towai Erdegee ad Sere gee mant acces foe agrari 4 Read the licensing agreement and then click Yes Note If you are currently running the Web Server a stop notice is displayed The Microsoft JD BC Drivers Install Path screen is displayed Entegra Web Server Setup Bicramh M Divara mial Fath UMIE a A alae Lure Ente ip ervey ioe Pinni DS vised Ppr confers the boca mi ee een SOE Gries iain Fodder Cr Wel nt Gay Geren BR raar or IAG 5 Confirm the location of the Microsoft JD BC drivers and then click N ext Chapter 2 Installing Entegra 23 A Web Server service is starting notice is displayed and then the Maintenance Complete screen is displayed Entegra Web Server Setup Haisiensrce Complete kmis Thaid ster bar barhad eto g marimea oparebene mi Erdegee Fen Server 6 Click Finish 24 Entegra User Manual Adding the SELECTs Feature to an Existing Entegra Environment You can audit data about SELECT statem
93. g is displayed Warning This option Instructs SQL Server to shut down lf any auditing operation fails This sn happen if the amount of server disk space set aside for Entegra is too small It can alsa happen if a change In server seourlby settings causes SOL Server to be unable to write audit files 1f ether of these situation arises the database will shut down and will be unavailable FPSO Server shuts dosm due to an auditing fathure the following message will appear im the server s Event Log Error writing audit trace SQL Server is shutting down L x oa 10 Click OK to accept this option or click Cancel to clear it Chapter 3 Configuration 105 The screen that allows you to specify how alerts are sent from the server is displayed Add Server Instance to Audit Jam TENMET perdp hea simip ral e wed hem Pas eee ir res poge ral iei pmi pede beh ane prm gia imie Bie m ani ey ee gerem mieg riue es hir re and rapi tog hh berae T Emsis cm mere cece ie This optional feature alerts you any time an event of a specified type occurs You specify the types of events that trigger alerts in the next step By default alerts are logged to the Windows Event Log on the local server 11 Select the methods by which you want to be notified when an alert condition occurs To have alert events emailed select the Email to check box make any modifications in the text boxes and then click N ext The screen that
94. gari oeh D bordi hara AK iaar D kral linga Wels unar UMS ounri See O 3 Click Install Entegra Management Console A Reinstall or Remove Entegra screen similar to the following is displayed Entegra Management Console Setup Wokone Paria or Perce She pip ET Welcome to the Enis gri Parage rent Corams Panie rara map uT The peup ET Wir pau reiriail er reves the carreri ruisisian Eo Pentel Eriga 62 01 D peros Diagma ee DL 4 Click Next 18 Entegra User Manual The License Agreement screen is displayed Entegra Management Console Setup Lirsnas Agreement ince F Piara read the flower keme eperme ceay oa Prep the PAGE DOM bee looted the Peel the penes Pee A bajk agreement bates pao gE a 00 dadaa Ie pl BARE ess URAANIA Kea Bw KEJA oro ma and rigar Techrcioga IPE iumgani forthe uae of a mat oF ed ernie E BOE S fag IF pea hoca Mo Hie bruh w iker T nobel Entegra Muea pirat SLi Anas rpari es CRT 5 Read the licensing agreement and then click Yes The Installation Complete screen is displayed Entegra Management Console Setup that an Imita atin Complebe at Ur the Enega Serge rent Conama b upea ecirorg IEEE ani PCO To eby ah ngi dek pe a pada ore honit Upgrade E Slat riega Mace Corie eee Baad Clete Noten ioe 6 Accept the default Start Entegra Management Console now and then click Finish Chapter 2 Installing Entegra 19 The
95. gents To add an Audited Server Instance and deploy Agents do the following 1 Launch the Management Console from the desktop shortcut or the Start Menu Start Programs L umigent E ntegra M anagement C onsole The initial screen resembles the following Entegra Management Console File Acton View Help Fae E E Ceraole Root Shere is 1 Rapcsibory in this configuration There is i Audited Server Instance in this configuration MTree is 1 Audited Database in this configuration A Audit Data Repositories a Bi Collection Agents Services iLocal Chapter 3 Configuration 65 2 Right click Audited Server Instances and then select Add Server Instance B Console Root Server Nam n i Entegra Management Sous w Audited Sgeas Audit Data Collection view gt H S Services Loc l Refresh Export List Help The Add Server Instance to Audit wizard is displayed Add Server Instance to Audit uMiceNnt Ta aT Ta WEE hepr Fr et ee conige thee eebe een i bee ed d bejm mn arim Boe ese a aE J wha mie iin bee menr he reda ai laa J issbrme srai meme kaye previer d min a Onliner pries 4 Zimi a reie ghn erria a marae 3 Click Next The screen where you choose a database server to audit is displayed Add Server Instance to Audit Conad ong O Snmhoeers an eet ors C GDL Cesena Logn ren Pe Paad iss E Colcol bere ce a he eae ee x
96. gra repository is uninterrupted reduce the number of e mail alerts being sent by clearing some of the Alerts options In the Entegra Management Console right click the Audited Server Instance ENTEGRA1 DESKTOP SQL2000 select Properties and click the Alerts tab 138 Entegra User Manual Web Server and Browser Issues This section describes common issues that may arise with the Entegra Web Server and or Browser If you have tried all of the suggestions in the following sections and you are still having problems please contact technical support as described in the preface to this book Error Starting Web Server If you are using Tomcat or another application when starting the Entegra Web Server you may observe the following error Catalina start Lifecycle Exception null open java net BindExcepti on Address in use VM Bind 8080 This error indicates that another application is using port 8080 As explained in Chapter 2 the Tomcat installation uses port 8080 by default To solve the problem either identify the conflicting application and set it to use a different port or change the Tomcat setup to a different port as follows 1 On the machine where you have installed the Entegra Web Server navigate to C Program Files Lumi gent Entegra WebUl Server conf and open the server xml file in a text editor 2 Locate the following section of code lt Connector className org apache coyote tomcat4 CoyoteC
97. h to move and do the following e to add views use the right arrow button to add your selections to the Views to Audit window e to remove views use the left arrow button to move your selections to the Available Views window 3 Click Finish Tip You can click the All box to quickly select all views Adding a Collection Agent To add acollection agent do the following 1 Atthe EMC right click Collection Agent and then click Add Collection Agent 3 Console Root i There is if Entegra Management Console_ ik E A Audited Server Instances Audit Data Repositories a Colleg Add Collection Agent a Services Refresh Help 56 Entegra User Manual The Add Collection Agent wizard is displayed Add Collection Agent Teiti a mhn bry Spend ve ee zoen i manm a a Specify the location machine name where you want to install a Collection Agent and then click N ext The screen that allows you set the collection agent service is displayed Add Collection Agent z _ AgetMactre EBTEGRIAY o S be Her T perken digas mamar inam Por idee gy pcre bi beg mir He Pi seve T foen Guen Acar T HT hcc pih cat to De Tapa eel The NT soot nera LP on DORA gers r ao Chapter 3 Configuration 57 For this screen you need to consider the following If you want the Audited Server Then and the Collection Agent on the same machine you can use the database logon for the s
98. has been set up for auditing To delete the log do the following 1 Right click the database name and select Properties The Properties screen is displayed lumigent Properties Drips 1 orang brir OE ae H rs Bec SS D saime bened n i re er aaie ETE Gime mab rberaten mary br wai iste ba d a bag Fite a ai Beckum bag prh fe erT Frea SOL Sarees SOL sbeecdo Poe Moeg f Deaete beg nes bacon Eaei Taasisi Jip bhe peut EE lehes bo pa H che Fammnang ENTE CAN krepa ea a Entegra User Manual 2 Atthe Post Processing text box click the down arrow select Delete the Log and then click OK Entegra Intermediate File Handling After you create a Repository you can specify the directory in which Intermediate Files are stored on the Repository machine After Intermediate File data has been imported into the Repository you are free to move it offline for storage purposes For example you can copy the files to tape backup or onto a CD ROM to free hard drive space Audit data may be purged from the Repository after a certain amount of time see next section so you need access to your Intermediate Files to restore this data To determine which Intermediate Files have been processed and can be safely removed from the disk use SQL Server s Query Analyzer or other query tool to query the lumigent database on the Repository Server Instance Within lumigent run the following query select status pushfilename from
99. he enterprise as necessary 4 Entegra User Manual Entegra Web Server and Browser The Entegra Web Server and Browser allow you and others in your organization to view audited data in a familiar web browser The Entegra Browser s powerful filtering capabilities make it easy to understand your data and find the information you need Y ou can also use the Entegra Browser to print reports with your data Major Functions This section provides an overview of the following major functions of Entegra e Configuring the Entegra Environment e Collecting Audit Data e Storing Data e Archive Files e Viewing and Managing the Data Configuring the Entegra Environment The first major function necessary for auditing your data with Entegra is configuring your Entegra environment Configuring enables Entegra to automatically perform its next two major functions collecting audit data and storing the data After which you can view and manipulate the data The installation program provided with Entegra installs the Entegra Web Server and Entegra Management Console Y ou perform the remainder of the configuration tasks with the Entegra Management Console Required tasks To begin auditing you need to accomplish the following tasks e Specify at least one SQL Server instance that you want to audit Then for each audited server specify at least one database to audit e Specify at least one SQL server instance to be a Repository Server and create at
100. he right pane Table Name AdE Tie Colurins being audited eho lurQudieColechiterts IHEERT LPO TE DELETE Mdo lumaudCollectConfigy ars TEER T LPOS TEsDeELETE Hibo luauditiodiectDistabeses INSERT LEDTE DELETE 4 Eds kumvuditiollectatar iles IKEERT UPD TE DELETE 1 Hia umiudicolectEreiaa IREERT LFDATE DELETE i Eda umud oletHisiy KEERT L LPDATE DELETE i dbo lumduditCodecthotification INSERT LADS TE DELETE dbo lurid Collect Tables HEERT LPDA TE CELETTE 7 dbo lurbudit ofiect TraceFiles INSERT LPOOTEDELETE s 4 Are you selecting more than one table for audit If yes use Shift click or Ctrl click to select more than one table right click the selections and then select Properties If no right click the table select Properties and then click the Audit Settings tab 26 Entegra User Manual The audit settings screen similar to the one below is displayed pe eet Jae caiga oe EM IEGRAT A meirge bor hor pap of labin E aieia ee T abl dio bur oarrik io hr ee ie Tha believer da share ore eo here lee val cones a el il bhi iibh TD a ca ll pe cen ey eee nd iaa E MAT F UPATE i DELETE O SELECT oc Ewa C 5 Select the SELECT check box and then click OK 6 To verify that the tables are enabled for SELECT ensure that SELECT is displayed in the Audit Type column as shown below Table Name Audit Typ
101. hecking archive file list All archived data files are present Restoring 3 archived data files RESTORATION IN PROGRESS Monitor restoration progress fromthe Import History view under the Server2 repository server LMRestore is exiting Chapter 4 Archiving 121 Chapter 5 Entegra Management Console Reference The Entegra Management Console provides a range of functionality for configuring and managing your Entegra setup This chapter contains a comprehensive reference for all the functions and controls of the Management Console Navigation Tree This chapter provides information on all the options available to you in the EMC Navigation Tree They include Entegra Management Console 0 Audited Server Instances Audit D ata Repositories Collection Agents Entegra Management Console_0 This node lists the following e Audited Server Instances e Audit Data Repositories e Collection Agents Chapter 5 Entegra Management Console Reference 123 Console Level Options By right clicking Entegra Management Console_0 you access the following options Option What it does Delete All Objects deletes all audit information for the objects referenced in the console file including repositories audited server instances and collection agents Note The No option deletes all objects except for repositories Upgrade initiates an upgrade of all objects referenced in the console file View allows you to determine how items are dis
102. hy aa Te rere ce he swt or dorset inf jibe tie vit Check Fa cenit oo be mpe in dn ee Type or paste the license key into the License Key text box and click Add All Entegra features available in this key are displayed in the window Check the boxes next to the features that you wish to enable for this audited server instance and then click N ext Entegra User Manual The screen that allows you to set auditing frequency is displayed Add Server lnstance to Audit rT HRI RI Bei be ple deie Tea aei berpremrp ha ener Pn serar igari H ahrs EERVEF Io Steere on aed eee be pe eee rip hy fen Job in ri eee depi eng 77711 2700 1 ki ir per Fricke y Juk TL D Himi frer i tenn aH Freprrap e _ i 8 Set the schedule for automatic collection Recommendation Schedule collections for low traffic times of day Also avoid overlap of collection and backup operations Ideally collections should be run shortly after the backup completes For this example set the collection schedule to 7 00 A M and 7 00 P M every day To do so click the arrow a Inthe Start Date box select tomorrow s date b In the Start Time box select 7 00 A M c In the Frequency section change the units to hours and enter 12 in the text box 9 To choose the option Shutdown the server on audit error to protect audit integrity select the check box and then click N ext Note If you select this option the following warnin
103. i riennniennceiiieeniidiieenieh iaee an 23 Entegra Intermediate File Handling sssssessssssssssssssssssssssssesesesssoooososoeeeteeeeeeeoeononnnnnnnnnnnnnnnssssssssss 23 Purging Repository Audit D aha ssssscsessssssvensscvisevsvievnnsssnssvy ioc adevdereeaaraeaesbarducasbentuceiersisabenioonnonaannbens 23 About Restoring Audit Data sessessssessssessesessesoesessesocsesscsossesscsoescsosocsossesossesscsossesocsossesoe 23 Restoting P rged A dit D Aled nna RE GET 23 Chapter 5 Entegra Management Console Reference ssscssssssesseeees 23 Navigation TiC ssssssssssssossssesssssssersosssssestss sott reent ot n OOE VENEKEN TEDER EEE TENEO SETE O o Esot 23 Entegra Management Console O sssssserssssssssssssssseseerterreessssssssssssseeeeeeettireeessssteeeesssssssssssstnreeees 23 A dited SERVIER INSTANCES iiine ir r ete EA EAER 23 Au dit Data Repo sitoneSssecnannsanneniiannan an a a a 23 Collection AGENS ey cnc chacennceseeearstetecene ct ciecetecnteesteeleedd ve echt dn EREE ATAR 23 Chapter 6 Using the Entegra BrOWSEeT sssssssssscssscssssssscssscssscssscssesees 23 N cessary Pe SS ASer asorr vans taara panasus vaasessiandsvansedevapavsdecssveudeelovencuswuevsdteves 23 Starting the E ntegra Web Server essessssessessssessesssscsoseesesscssesesocsosscsoesossesoesossesoesessesocsessesos 23 SEI AON iP 0 Dh E IA EEEE con avenolansbenabenaveradet 23 Logging Oline n n n a a a i iiia 23 Viewing the Repository with the Enteg
104. ication architectures funnel access to data through a shared portal however this technique works only for portal enabled applications requires software changes and cannot capture access outside of those applications Triggers Traditional methods of capturing data access at the database server utilize database triggers These triggers have the following disadvantages e cannot capture data viewing activity e cannot capture changes to database schema or permissions e are often hard to write correctly e add substantial performance overhead e require minimizing the number of actions to record Only Entegra captures changes to database structure and permissions and no other approach offers Entegra s complete management collection and reporting capabilities System Overview 2 This section provides an overview of the system architecture and describes the major components and functions of Entegra Entegra User Manual Architecture The following diagram illustrates the architecture of the Entegra system E mail or Fal A Event Log E ALERT TEx i Management Console Database Servers The entire Entegra system is configured and administered using the E ntegra Management Console a Microsoft Management Console snap in Generally Entegra works as follows 1 Components called Collection Agents collect audit data from target Microsoft SQL Server instances and transmit the data in proprietary format to Rep
105. ify or fine tune Entegra s selections manually for each table Storing Data Audit data is stored in a Repository which is a set of SQL tables The complete schema of the Repository is available in Appendix A A single Repository may contain audit data from one or many SQL databases The Repository may reside on the same machine SQL instance as a database being audited or on a separate machine instance Importing data to a Repository is performed by a component called a Repository Agent that runs as a Windows service on the Repository machine Unlike the Collection A gent which can be installed on a separate machine from the A udited Server Instance the Repository Agent must reside on the same machine as the Repository After an Intermediate File is received from the Collection Agent the Repository Agent extracts the data from the Intermediate File and uses it to populate the Repository This process is called importing The data is now stored and ready to be viewed and queried The Intermediate File is also stored on the Repository machine or on a separate machine as an archive see Chapter 4 Chapter 1 Introduction 7 Archive Files Collected audit data is stored in an archive file This archive file is automatically imported into the repository Repositories may become quite large over time so you may want to purge older audit data from the repository A purge speeds up reporting and importing but also makes the older audi
106. ime nap dees Bee bee jim onl le em E Tope Fe Lure ee chee Nerat wini armji Back W n Cece en 8 Select a location for audit data to be archived after it has been imported into the Repository and then click N ext For further details on this feature see Chapter 4 The Notification screen is displayed Hotification Agm bigot EH TETAAN pi Bayra ral vanz meds in g reidhe ghen prihen shen m ream aah re ed ipea mre oerien aby Erai ta mimina mg re Ered anes LS T STF pinat Mate Pet Fa 9 Enter email information for the Repository Agent to use when emailing you about import failures and then click N ext Entegra User Manual The following screen is displayed Add Databases to Audit ae Ee TEChA Perap gree Pa bhp rapa Poe Ti ell bee Be eee pi Fop Pee eeu ee dee Ede Bees uem iE Benasc Hanes eles _Meponey You have the option of selecting a name for the Repository By default it is called Default Repository 10 Type anew Repository name or keep the default and then click Next Y ou can also select an alternate database for the Repository to reside in By default it is installed in the lumigent database Restriction Using a non alphanumeric character as the first character of a repository name can cause problems Use an alphanumeric character to begin a repository name You may use special characters the following are accepted _ elsewhere in the repository n
107. ions to each for greater security In this setup you install the Collection Agent on the Audited Server Instance SERVER1 for convenience On high volume systems you can run the Collection A gent on a machine other than the Audited Server Instance as shown in Example 1 The Collection Agent may cause slight performance degradation on the server machine Entegra User Manual This example takes you through the following stages Stage What Happens 1 Prerequisites and installation 2 Add an Audited Server Instance and deploy Agents 3 Create a Payroll Repository and create a Customer Repository 4 Set up the databases for audit directing each database s audit information to its own Repository 5 Set up separate SQL login accounts for the two databases Prerequisites and installation To ensure that the prerequisites for installation are met and to install Entegra software do the following 1 Ensure that all machines meet the hardware software operating system and network connectivity requirements described in Chapter 2 2 Ensure that login names and passwords are available that fit the criteria described in the Security section of Chapter 2 For the purpose of this example use SQL authentication to connect to the two databases Y ou need a single SQ L username and password that has sysadmin privileges on both databases on SERVER1 3 Logon to ENTEGRA1 using a Windows login that has full admini
108. ipetip he tres gerd obec Hen Peeing Lorri mal non so ee T Lowe GAHE Ad T HT ic cee pi ce O De Peis Se roel The MT Soomi nares pad a DMAP eee r Biia aai Gives dhata Click N ext to accept the Local System Account default or click NT Account with access to the Repository Server Instance s radio button and type the Account Name and Password and then click N ext Note Select the local system account if you used a database logon on the previous screen Specify a Windows login if you specified Windows logon on the previous screen This account is used to log on to the Repository during Import operations Chapter 3 Configuration 43 The Archive screen is displayed Archive eee dee Colkecied mio inereeediete la betes bark eed eed mig thee pap Thae Bee pan be eed be bong fees ete oo nies Coe Sogn Fe rege vege chee Nerse in Gee 5 Specify the directory for the archive files to be stored and then click N ext The Notification screen is displayed Notification Agere ipta EM TEOMAS Enisi A iray Spend mal ats hn edhe sahen ig meyan k are wert U Errar cline pod reer TEN i r peri SAT P beat fired oregano bf F Em wE 6 Type the notification address where you want alerts sent when a server failure is detected and then press N ext 44 Entegra User Manual The screen that allows you to complete the configuration wizard is displayed Add Repository Server Instance jumicent
109. least one Repository to receive audit data Optional tasks You can also perform the following optional tasks with the Entegra Management Console e Set up alerts and notifications using email and or the event log e Create multiple Repositories on the same server or different servers to receive audit data from multiple Audited Server Instances and or databases Note that one repository can hold data from multiple Audited Server Instances but you can only assign one repository to an Audited Server e Select what operations to audit for each table SELECT INSERT UPDATE DELETE Chapter 1 Introduction 5 6 e Fine tune the columns to audit in each table e Specify the columns that identify the unique row using a logical key in one or more audited tables All of the above tasks are described in more detail in Chapters 2 and 3 Collecting Audit Data Data collection is performed by components called Collection Agents which run as Windows services A single Collection Agent may be responsible for any number of databases on any number of Audited Server Instances Typically collection is performed on a fixed schedule that you set up You can also manually initiate a collection task at any time When a Collection Agent launches either in response to a manual command or as part of a scheduled task it does the following 1 The Collection Agent reads its configuration information from the Windows registry of the machine on
110. mputer that has Entegra components installed Alternatively you may ignore the initial text The important part of the event is the text that appears after The following information is part of the event 140 Entegra User Manual Appendix A Repository Schema This appendix provides an entity relationship diagram and tables for the schema structure of the Entegra Repository Entity Relationship Diagram The following diagram is the Entity Relationship Diagram for the Entegra Repository Schema potas FRC rea ee FRE CAT ABASEID PRU SERVERID PRT SERERA Ui eP n Tk it STAT The FER SEADH TACT n EM Appendix A Repository Schema 141 Schema Tables The Repository schema is a normalized design that balances the requirements of the Entegra Browser minimization of space used and minimization of import time The schema consists of eighteen tables Table What it stores lumtransactions_x Stores audited activity data lumdetails_x Stores details of each column change that occurred as a result of an audited transaction lumtracedetails_x Stores details of each audited DDL or security event and SELECT text lumtables_x Stores information about each audited table lumkeys_x Stores the logical key for associated with modified row lumkeydesc_x Stores the names of columns for each audited table that constitute a logical key lum
111. n ciel tees D heii Crete Aia Drop c Teo Tabi E Giri Dary Freni e Pie Z fetid Parmer pn E ki Memar Ure E Ami heee Ns D Daa Code Ciel D CE H Perry anene E o E Cleat E Pied ingen Guccesthal legen Pm Lipi _ an Mere cece te 16 Select database events that you wish to be alerted of in real time and then click N ext Important Selecting the Successful login option generates a large number of alerts If these alerts are emailed to you server performance may be impacted The screen that allows you to complete the configuration wizard is displayed lunicent s3 ceo Pan Trai bo configs he ected Geeta meee Thi vel dei the Colar Aget Ha configs tee hired Save rrea dirki Soe feeder in diaa h e ren cercet nen 17 Click Finish to complete the installation Entegra installs the Collection Agent and necessary components on SERVER1 You have now finished setting up SERVER1 as an Audited Server Instance and deploying a Collection Agent Next create two Repositories to hold the audit data from the two databases you plan to audit Create a Payroll Repository To create a payroll repository to hold the audit data from one of the two databases you plan to audit do the following Entegra User Manual 1 At the Entegra Management Console right click Audit Data Repositories and then select Add Repository Console Root 1K Entegra Management Coreote 3 D Audited Server Instances H Ente
112. nclude technical inaccuracies or typographical errors Changes are periodically made to the information herein These changes may be incorporated in new editions of this document Lumigent Technologies Inc may make improvements in or changes to the software described in this document at any time 2002 2003 Lumigent Technologies Inc all rights reserved U S Government Restricted Rights The software and the documentation are commercial computer software and documentation developed at private expense Use duplication or disclosure by the G overnment is subject to the terms of the Lumigent standard commercial license for the software and where applicable the restrictions set forth in the Rights in Technical D ata and Computer Software clauses and any successor rules or regulations Lumigent Entegra and the Lumigent logo are trademarks or registered trademarks of Lumigent Technologies Inc All other names and trademarks are property of their respective owners and are protected by the laws of the United States and other countries Entegra uses technology that is the subject of one or more U S patent applications of Lumigent Technologies Inc Sun Sun Microsystems the Sun Logo Java and Java based marks are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other countries Microsoft and SQ L Server are either trademarks or registered trademarks of Microsoft Corporation in the United States and or
113. nd select Properties The Properties screen is displayed Default _Repository Properties ziea Repertere Lorobpn Liste Kaya LP ERIDOMAT Lage Bodeces hemme edt daisi ip cen Pepeeetces Tha Colecton doe ranh thes mrt cheba be dir Pepin hrag fhe Daia Port joe ee e Aeponhory Mares Deptt Aepoeore CHTE OR SOL Darai bevepetd hoo Prep canann Dura fede Patent At he eee pih ee in ceed bo ai pepo iri ed maid are Seige Tie Cee bo del in chess Derecho aes ge ens Feed e r pg The Retain Data Online in days value controls how long in days data is kept in the Repository By default this value is set to zero 0 meaning that audited data is never deleted from the Repository 2 Set the Retain Data Online in days value to a number greater than zero Audit data older than the specified number of days is deleted from the Repository However because the Intermediate File is archived deleted data can be retrieved at any time About Restoring Audit Data If you need to restore audit data that has been purged from the Repository you can do so by using Entegra s LMRestore utility to create a new Repository with the older audit data You provide the time range and audited database information and the Repository Agent determines which Intermediate Files it needs to restore the requested information It then creates a new Repository on a server instance that you specify and populates it with the requested data
114. ndow 11 Check the boxes next to the features that you wish to enable for this audited server instance and then click N ext The screen that allows you to set auditing frequency is displayed Add Server lnstance to Audit Jay EN TEUNAN Bei e ied ini Tae ceed berpremrp ha emery Pn serar Agari Meche EENIA i Salient on mrj qe be p ee eee Pemp dobi mnie depi derta 7711 700 1 ii Caa riy h Himi frer I O o o 12 To choose the option Shutdown the server on audit error to protect audit integrity select the check box Chapter 3 Configuration 39 40 Note If you select this option the following warning is displayed Warning This option Instructs SQL Server to shut down if any auditing operation fails This sn happen if the amount of server disk apace set aside for Entegra is foo small It can also happen if a change In server seourlby settings causes SOL Server to be unable to write audit files 1f ether of these situation arises the database will shut down and will be unavailable FPSO Server shuts dosm due to an auditing fathure the following message will appear im the server s Event Log Error writing audit trace SOL Server is shutting down a cre 13 Is this the first collection being performed If yes do the first collection manually by setting the Start D ate a day or two in the future and then click N ext Note The first collection may take several hours if there are a large numbe
115. ndow and click the right arrow button gt to move it to the Target Databases window and then click N ext Tip You can also double click databases to move them Chapter 3 Configuration 111 The screen with the database that you selected to audit is displayed Note Only newly selected databases are displayed databases that are already set up for audit are not displayed Add Databases to Audit Jay apap pargam ies rimm br Bee Leinan embed Pe ee rere capers fre eiaha id hore Lie Pree ee im rere Erse Date Hediste esta mm ates Erme SELECT s adimg a labin amd eee Hecthuo leg path Cages en SOL e L Fua Pramis aee tee bem ot Bom ahg chee bey 1 o eee i e 1 Hete j Cocei 3 Ensure that the Enable Data Modification auditing on all tables check box is selected and if available that the Enable SELECT auditing on all tables and views check box is clear and then click N ext If you are certain that the backup log for the selected databases is not in the SQL Server default location enter it in the Backup log path box otherwise leave the default For a full explanation of the other options on this screen see Chapter 4 The following screen is displayed Add Databases to Audit Se eo sa FZ Taa ete Rena ENTDORe Legare Dain Placa itabi Pier Fh in p Ber Mere caret ee 4 Click the down arrow select a repository from the drop down menu and then click Next 112 Entegr
116. ng a SQL server instance to audit 36 adding views 59 changing a collection agent 64 configuring the web server with IIS 159 installing Entegra 17 purging the repository 122 removing views 59 restoring purged audit data 124 selecting the logical key 58 upgrading the EMC 20 upgrading the Web Server 25 purging collection history 130 repository data 9 121 R removing views procedure 59 reports custom 9 interactive 9 scheduled 9 repository 7 definition 4 disk space required 12 permissions 137 purging audit data 122 restoring purged data 124 schema entity relationship diagram 147 table structure 148 server level options 133 repository agent 4 definition 7 repository schema 147 repository level options 134 restoring archived data 122 purged audit data procedure 124 restrictrions component setup 157 S scheduled reports 9 schema table lumapplications_x 155 lumdatabases_x 153 lumdetails_x 150 lumdomains_x 154 lumhosts_x 154 lumkeydesc_x 151 lumkeys_x 151 lumlogins_x 155 lumopcodes_x 155 lumosusers_x 155 lumowners_x 156 lumphysicalattributes_x 154 lumservers_x 152 lumsessions_x 153 lumtables_x 151 lumtracedetails_x 150 lumtransactions_x 149 lumtranstables_x 156 schema tables 148 security requirements 13 audited server machine 14 collection agent machine 16 repository 16 repository machine 16 SELE
117. onnector port 8080 minProcessors 5 maxProcessors 75 enableLookups true redirectPort 8443 acceptCount 10 debug 0 connectionTi meout 20000 useURI ValidationHack false gt Change port 8080 to specify the desired port 4 Stop and then restart the Tomcat service for the change to take effect Change the URL in all Entegra Browser shortcuts for example desktop and Start Menu shortcuts created by the Entegra install to specify the correct port Event Log Errors The following error may occur in the Application Event Log on an Entegra machine The description for Event ID 1 in Source LMRepAgt cannot be found The local computer may not have the necessary registry information or message DLL files to display messages froma remote computer The following information is part of the event Repository server online SERVERI C Memphis Source Audit Repository LMRepositoryAgent CSrvObj c pp 564 Chapter 7 Troubleshooting 139 This error is not a program error but a problem causing Windows Event Viewer to display informational messages incorrectly This problem generally means that you are viewing Entegra event log messages on a machine that does not have the necessary tools to interpret them This problem can occur if you view the event log from a machine without Entegra components installed or under certain circumstances if you have uninstalled Entegra To work around this problem view the Event Log from a co
118. orted platforms include Windows 2000 Windows 2003 Windows NT 4 0 with Service Pack 6 and Windows XP Entegra User Manual Collection Agent If the Collection Agent runs on a separate machine that is not also an Audited Server Instance it requires a minimum of 512MB of RAM and must have SQ L Client components installed Supported platforms include Windows 2000 Windows 2003 Windows NT 4 0 with Service Pack 6 and Windows XP Entegra Management Console The Entegra Management Console can run on any server class machine capable of running the Microsoft Management Console SQL Server client components must be installed on the Management Console machine Supported platforms include Windows 2000 Windows 2003 and Windows XP The Entegra Management Console cannot run on Windows NT 4 0 or earlier Entegra Browser The Entegra Browser requires Microsoft Internet Explorer 6 0 or later Users can access the Entegra Browser from any machine capable of running this application Network Requirements The various machines running Entegra need not be on the same domain but they must have network connectivity to each other The agent machines must be running the Remote Registry Service Security Requirements To allow you to meet your corporate security needs the security requirements for installation configuration and ongoing operation of Entegra are designed for maximum flexibility and therefore are fairly complex It is recommend
119. ositories where the data is stored 2 An Entegra Web Server queries the data and serves it to a Web interface the Entegra Browser that can be accessed from any browser 3 At predetermined intervals audit data can be archived on disk and cleared from the Repository to make room for new data Major Components This section provides an overview of the following major components of Entegra e Audited Objects e Data Collection Agents e Repository e Entegra Management Console e Entegra Web Server and Browser Audited Objects Audited objects include the following hierarchy of SQL Server objects Chapter 1 Introduction 3 e server instances referred to in this book as Audited Server Instances e databases e tables e columns By default you specify a server instance and a database then Entegra audits all tables and columns in that database however you can fine tune this configuration to exclude tables and or columns of your choosing Data Collection Agents Data Collection Agents can be installed on any Windows machine in the network A Data Collection Agent may be assigned to one or many audited SQL Server instances It is responsible for collecting audit data from the SQL transaction logs of the server instances and transmitting that data to the Repository Because the D ata Collection Agent need not be installed on the same machine that hosts an Audited Server Instance performance impact is minimal even when auditing high
120. ossoesocsoesoesoessessesoeso 9 Before You Installs aao aora ona o ao Da N EONO E EOSS Sa 9 O WELT a wc nes ss asa Sones ENR ERRA ER SEE EEEE EAEE RIEN E ISS 9 Hardware Software O perating System Requirements c scssessssseessesssssssssesssesseesnessnesseaseesees 10 NEetWOTK Rere ents irritan ai a a A EE ROEE 11 Security Reg lr m ntSsyenini niei e e A A E NEEE ES 11 Installing ssrsisisrsosi risiste es e AC EEO ea DUade vo eEOIVNYE 4 FPP BAUTEN 14 Procediti ie i E REEE E E 14 UU CTA ING disease secs es es sees ei rnae anioe NUNA ES naeia ST NANS Ti EEn SENES asese Stat eee Stories SEEE Sot 17 Upgrading THE TNC assess cree saiseteaeaasevearastetstoealmea ease catsuit av a E A RAA 17 Upgrading the Web SET OL cada vdecdcc vein dee esce cde cdee eevee acetals ebventsw distin oeadheldndodbeiddantedtee 22 Adding the SELECTs Feature to an Existing Entegra Environment cssssssssesseesseesneeseeeses 23 Chapter 3 Conf QuraGon sjscsssssseassssisesesenasenasenasenasennseasseassousseuasonsesennvnnvensvey 23 REQUITeU TASKS is scevecvsecusecvsessasavacesaseceosncssronaveas eareasesaresasaagersnaa reitores deuvensuaunesvnnivondesees 23 Ophonal VAG ES vsisi cap casas rasan tea a see ce vee vss EEEE ae dl ements nae 23 Configuration Wizards Overview essesessessssesscsssesscsoesessesesscsocsesscsoescesesoesossesesossessesossesoes 23 Add Audited Server Instance Wizard x 5cu 5 cciciseveesduapesavecivdunbenveneerqpedivoeipscebecayceubavopenave
121. ox Note The SELECTs check box is not displayed for SQ L Server 7 servers If you are certain that the logs for this database are not kept in the default SQL Server directory enter the appropriate directory in the Backup log path field otherwise use the default Note This backup log path is used for all the databases displayed on this page If these databases use different backup log paths then add them separately You can also access the properties of each database after they are added to enter the correct directory for each database Recommendation It is recommended that the database s online log be kept in a directory separate from the backup log directory At the Post Processing drop down box click the down arrow and select an option for how the database logs should be handled after Entegra finishes collecting data from them Note Entegra provides the following options for what to do with the backup log after the audit data has been harvested e Leave the log in the backup directory default e Rename the log to a post processing directory e Delete the log Entegra ignores logs that it has already processed See Chapter 4 for details If you select Rename the log to the post processing directory then at the Post Processing Directory field enter the path name to the directory Click N ext If you have Then already added a repository the following screen is displayed not yet added a repository the Add
122. pecify your email information for failure notifications and then click N ext 62 Entegra User Manual The screen that allows you to complete the configuration wizard is displayed Change Collection Agent Machine E4 pe lumi ent z Pan Trah o mnp a r Doken gari ic geha aP deis he a Saree iraia Gyo Piian iaTEGAA Jern jea ETEora Beck frm cece et 6 Click Finish to create the new Agent or click the Back button to change options Using Multiple Entegra Management Consoles It is recommended that you use only a single console to administer your Entegra configuration If you use multiple consoles you must adhere to the following guidelines You can install and run the Entegra Management Console on multiple machines to manage separate Entegra environments as long as the multiple EMC s are not auditing the same servers Caution In cases where Entegra administrators are using multiple consoles be aware that the configuration may get into an unexpected state if administrators operate on the configuration for the same component at the same time This outcome is most likely to occur if the console property pages are kept up for long periods of time hours days before being committed Configuration Examples This section includes examples of typical configurations These examples are intended as an introduction to the configuration process they may not precisely match the steps you take but they provide an over
123. played in the result view of the console The Detail view is recommended Refresh refreshes the display Export List allows you to export a list of audited servers into a text file Properties allows you to view and or configure licensing information such as which features are licensed for the server and which additional features you may enable on this server Help launches the Lumigent Entegra online Help Audited Server Instances This node lists all SQ L Server instances that you have set up for auditing Under each server name is an Audited D atabases node which lists all databases on that server that are selected for audit You can add a new server to audit by right clicking Audited Server Instances or on any server s name and selecting Add Server Instance This launches the Add Audited Server Instance wizard 124 Entegra User Manual Server Level Options By right clicking an audited server s name you access the following options Option What it does Add Databases launches the Add Database wizard Add Server Instance launches the Add Audited Server Instance wizard Collect Data Now instructs the Collection Agent associated with this server to begin a collection task Upgrade initiates an upgrade of the Collection Agent and any audited servers being handled by that agent Change Collection Agent Machine allows you to change the machine on which the Coll
124. quency is displayed Add Server lnstance to Audit Jay Biyi Bei be ples deie Jem aei berpremrp ha mpjury Pn serar igari Hais EERVEM Sade gee on aed eee be pe eee rip hy fen Job in ri eee depi eng 77711 2700 1 ki ir per Fricke y Juk TL D Himi frer i tenn aH Freprrap e _ i 11 Set the schedule for automatic collection Recommendation Schedule collections for low traffic times of day Also avoid overlap of collection and backup operations Ideally collections should be run shortly after the backup completes For this example set the collection schedule to 7 00 A M and 7 00 P M every day To do so click the arrow a Inthe Start Date box select tomorrow s date b In the Start Time box select 7 00 A M c In the Frequency section change the units to hours and enter 12 in the text box 12 To choose the option Shutdown the server on audit error to protect audit integrity select the check box and then click N ext Note If you select this option the following warning is displayed Warning This option Instructs SQL Server to shut down if any auditing operation fails This sn happen if the amount of server disk space set aside for Entegra is foo small It can alsa happen if a change In server seourlby settings causes SOL Server to be unable to write audit files If ether of these situation arises the database will shut down and will be unavailable FPSO Server shuts dosm due to an
125. r of transactions in the database backup logs Y ou can access the Audited Server instance properties after the first collection is complete to fine tune recurring collections Recommendation If there are automated backups perform collections soon after the backup completes For best performance avoid overlapping backup and audit data collection operations If no click the down arrows to select the start date start time and frequency for auditing the server and then click N ext The screen that allows you to specify how alerts are sent from the server is displayed aw ER TERA T Sqeerdp hras gimis pal be eed ees Fae ee Ve puah pe veal fied pens pei mhh eB eed eb eani ey phere ger ses chu ees bee m Sieh let roast pond hg ee M Grid ie 14 Accept the default to Add alert events to the event log on the server or clear the check box Recommendation The event log always contains an accurate trail of D D L alerts so it is recommended that you select the Add alert events to the event log on the server check box If there are a large number of e mail alerts more than 100 per second the e mail alerts throttle back If neither box is checked you are not notified of DDL alert events and the following screen is not displayed Entegra User Manual 15 16 17 To have alert events emailed select the E mail to check box make any modifications in the text boxes and then click N ext The screen that allows yo
126. r username and password in the corresponding boxes Requirements You must use credentials that have the access rights described in the N ecessary Permissions section You cannot use NT authentication to log on through the Entegra browser 3 Type the server instance name in the Repository Server box or select it from the drop down menu and click the Get List of Repositories button A list of available Repositories on the selected server instance becomes available on the Repository drop down menu 4 Select the desired Repository and click the Login to Repository button Entegra User Manual Viewing the Repository with the Entegra Browser The Entegra Browser view consists of the following sections the top navigation location pane which you can use to move around within the data and to narrow the selection of displayed data and the bottom activities pane which displays your actual audit data Entegra location pane T T E FG 82 8 82 4 TTi vinai erie i Soo ____Olisjeset ip X navigation pane activities pane nrd fha DHL maaa zar a w Beri Demang Teel eT a ee E Pit mam Harar a Pi HTT a py Brrr Hine a i r MECOS ar A SRT ere re ye me Pies Winkie Pa eek PETET SEET Sa EA Te EL Plt el eT 6 FOROS BL dad ES SET 74 500 Fe Hr ed ef 1937 10 23 00 00 00 000 LOF22 Reb 00nd oo 600 La Sufolk Ln Boise POH Bit Paa ay ASERT Oe EL a amet When you first
127. ra BrOWSET sessssessssessessssessesosesscsoesesoesessesossosseso 23 Sorting and Filtering Data sessesesessesessessssesseseesesscssssesoesesscsoesessesossessesesossesocsossessesossesoes 23 Showing Hiding Co lUMiS vrsi EE EATER RORE 23 Filtering D atas manina o EE NOTNO NERONEN ONNE TAAA NINE 23 WiewWin A D ETAS orea AE a RAEE EEOAE A E 23 Chapter 7 Troubleshooting essessessessessessessossessossossossossossossossoesoesoesoesoesoeso 23 Entegra Management Console ISSues sssscsssscsscsssssssssscsssssssssssessssssessssssesssessesseeses 23 Web Server and Browser ISSUCS ssssssssssssssssessesssscsssssssssssssssssssssssssssssssssssssscesseseesers 23 Err rostaung W eb Server neos aaa A E aso eee a EROS 23 Eyent Log EITOIS sisiesivsacsiasvivas coscadedccsictateadiaicieveiadcdsasesneien us cdesaietadatbaessiastuadtaassansenveniebine 23 Appendix A Repository Schema sccssccscssscssscssscssscsssssssssssssssssssssseees 23 Entity Relationship Diagram ssssssssrsssssssssssessssssessssnssssssncssesonessssoessssesssessesssessoneses 23 Schema T aS 6s cescssudeseswssvasess aswesiasasasdsssussanasdussdassaacaeasansisesisasianioasaisaseassinletensiassiusaiens 23 TUM ear SACS HC weaned as tawes sane tvachepssascadoanaeetau T E TANTRA NAAS 23 lumd tails Noe ce casesa haan cared saree R RREA T ae area oun Ee E me aanuatananan 23 l mtrac details Ho a enenan Soc sede Stace duces Sade Tadao Daas E elated 23 Tua t
128. ral 2 E Audited Databases 5 Collection History Add Repository a Add Repository Server Instance Whee a CF _ i Lg Export List Help a r The Add Repository wizard is displayed Add Repository Jaume Danger s dielehger smem in heed ihe ak epee Dashns be fona Coren ass Co Varese ery C SQL 5er afena E rareer E ry EST j L use ce ee 2 In the Database Server text box type ENTEG RA1 or click the browse button display the available database servers as shown below Select ENTEG RA1 and then click OK Chapter 3 Configuration 87 Add Rapes itary om gt a i Ds oe dae eee E Dene Mee eee a ate eee iT i Salict Server se weaken mutes mt baya aam Pamm T is jakana Set narma dH te 3 Select the SQL server authentication radio button and enter the username and password for a SQL login account that has sysadmin privileges on ENTEG RA1 and then click N ext The Service Log On screen is displayed Service Los On r Agere hipa EHTBETHAN Sipeis Hur hres arrandi m ahah Han Pegasi rap Dgrri mal n en m emare T Leta GiH Aer T HT ac ccge pih caa to De Napian Jam nna The RT ctp ner pm on DORA ma I m The Service Log On screen information is used by the Repository Agent to run its service 4 Accept the Local System Account default and then click N ext The Ar
129. reate a new Collection Agent The Agent software components are installed on the computer you specify but the new Agent is not associated with any Audited Server Instances To assign the new Agent to an Audited Server Instance right click the desired server in the Audited Server Instances node and select Change Collection Agent Machine Chapter 5 Entegra Management Console Reference 129 Agent Level Options By right clicking the name of a Collection Agent machine you can access the following options Option What it does Upgrade initiates an upgrade of the Collection Agent Delete causes the selected Collection Agent to be removed Refresh refreshes the display Properties allows you to configure and or view the following options for the selected Collection Agent Installation location of the Agent and the directory where it stores its files while processing them Port information for the Agent to use when listening for communication from the Entegra Management Console Email information for notifying you when the Collection Agent fails to collect audit data Help launches the Lumigent Entegra online Help 130 Entegra User Manual Chapter 6 Using the Entegra Browser This chapter explains how to access and use the Entegra Browser to view your audit data Necessary Permissions For users to log on to the Entegra Browser and view data in the Repository they must have certain permissions on
130. riuegnneern coin 23 Add Database WV IZAIUL oa c5 3 cbiaetascti ve sbsnaicest ab asics abedaternesstaonceaUtaan a A 23 Add Repository Server Instance Wizard c scssesssssssssssssssssscsscsssssssssssssscsssssssesssssscssscsseesssnessneestes 23 Add Repository Wizard ssa ccsoxesuecsdsovtosecoeavsecvsaevaevaeaacetoaeana das dues coeds eae ces oh an oeentdentdera 23 Add Remove Tables Wizard siisii e uadadseinncnanwonaeananke nein 23 Add Remove Views Wizard iisen siieitadasiie ne dadie ia eilaia deateta unde n an e ae 23 Add Collection Agent WiZanils 1 ccnscvsainsioscuiociavenvenaeecauieterenstaece teeta entoeeeeanienioa 23 Change Collection Agent WiZdiaxccnancocinudnansnandnagnnnnmmnonandionaianesmanute 23 Using the Configuration Wizards eesessesessessesssessesesscsoesesscsoesossesossessesossessesosessesocsessesoe 23 Overview of an Initial Entegra Installation csscssesssssssssssssesssscssecssscsssssesssscsseesssssesssecsecsssesstecs 23 Adding a SQL Server Instance to Audit is daiacecrnnmundnananonanananancnnawweutuceme 23 Adding a Repository Server Instance sssssssssssssscsscsssssssssessscssessssssssssncssscesssssssscssscssseessesecsssesses 23 Addinga REPOSO isa aR ARER ee et ed elon tae 23 Adding a Database to Avi ts etscsst asus nursinin N a ena aane 23 Adding Removing Tables nencriiiirinii in i e e E E E EEE 23 Selecting Audit Settings for Individual Tables c sessssssssssssssssssssesssssssssesssecssscsseesss
131. rmation about database activity and optionally generate alerts on changes to database structure and permissions A single console easily configures and controls these data agents across the enterprise to archive transaction information to common repositories Lumigent s proprietary technology minimizes performance impact by avoiding costly triggers Entegra is designed to be easy to administer with simple scheduling across multiple database platforms and a common history repository Why Entegra is better than other solutions Lumigent s approach is built on proven and proprietary technology for analyzing the database transaction log Lumigent Entegra provides critical tracking of database activity without the performance overhead of triggers There are three common alternative approaches to auditing data activity these approaches miss certain kinds of activity introduce a false sense of security and interfere with runtime performance The approaches are as follows e changing the source code e sharing a portal e triggers Chapter 1 Introduction 1 Changing the Source Code One approach involves changing the source code of every application that might be used to access data Planning implementing and testing these changes are costly and time consuming Also access outside of these applications for example via a database administrative console is not captured thus providing incomplete coverage Sharing a Portal Some appl
132. s SQ L server security login names for the user logon sessions that used SQL server authentication on the audited server loginid int Unique ID for the SQL server login and a foreign key with lumsessions loginname nvarchar Login name 512 lumosusers_ x This table stores Windows username for user logon sessions that used NT Authentication to access the audited server osuserid int Unique ID for the user login and a foreign key with lumsessions osusername nvarchar OS user name 512 lumopcodes_x This table stores names of all auditable opcodes in Entegra opcodeid int Unique ID for the opcode foreign key with lumtransactions opcodename nvarchar Op code name 512 Appendix A Repository Schema 149 lumtranstables_ x This table joins the transactions table with the tables table This table provides a one to many relationship between events Iumtransactions and tables lumtables activityid numeric Foreign key with lumtransactions 18 0 tableid int Foreign key with lumtables lumowners_ xX This table stores the names of the SQL server object owners ownerid int Unique ID for the object owner and a foreign key with lumtransactions ownername nvarchar Object owner user name 512 150 Entegra User Manual Appendix B Restrictions This appendix lists the major restrictions for this version of
133. s a large number of alerts If these alerts are emailed to you server performance may be impacted Chapter 3 Configuration 71 The screen that allows you to complete the configuration wizard is displayed Jumicent s ara Terem O EVERT Pan Trah bo conire e ected diaaa me Thi ani the Cofeckos Agan Ha eigse ee hiarsd Save nri Arki Sem arie in ca e A 17 Click Finish to complete the installation Entegra installs the Collection Agent on ENTEG RA1 and installs necessary components on SERVER1 You have now finished setting up SERVER1 as an Audited Server Instance and deploying Agents Next you must add databases to audit 72 Entegra User Manual Add a Database to Audit To add at least one database to audit do the following 1 Using the Entegra Management Console expand Audited Server Instances and right click SERVER1 and then select Add Databases Corsote Foot Server Mame i Entegra Mearsgement Coren E Audited Server nshances it eerie hier m Add ODababnsos Add Server Instance Collect Csata Mice Lipo ade Change Collection Agent Machine hen F Delete Refresh Export List Froperties Help The Add D atabases to Audit wizard is displayed Add Databases to Audit Sau Pies oo ihe i od os eons Ebel ell bee ie feo Phr oer lied ate en Paer cata est prar aed be maki minile Lege bodes Fiviebibe Cumah T ap Cam ic Taal opez reached krani w M a 2
134. s the installation stage of the setup process Next you set up SERVER1 and SERVER2 as an Audited Server Instance and deploy the Collection Agent Add the First Audited Server Instance and deploy Agents To add the first Audited Server Instance and deploy Agents do the following 1 Launch the Management Console from the desktop shortcut or the Start Menu Start Programs L umigent E ntegra Management C onsole Chapter 3 Configuration 95 The Entegra Management Console screen resembles the following Entegra Management Console File Acton View Help fR There is 1 Rapository in this configurator f 3 3 rt corsdae g There is 1 Audited Server Instance In hie configuration y B Audited Server Iretarees There ia 1 Audited Database in this configuration 2 Adit Data Repositories 3 Si Collection Agents Services Local 2 Right click Audited Server Instances and then select Add Server Instance B Console Root Server Nam E A Entegra raeme Console_ Audit ama Add Server Instance E Collection View bs Services Loc l Refresh Export List Help The Add Server Instance to Audit wizard is displayed Add Server Instance to Audit i unicent caf Ta WEE hepr ee eet ed oige thee eebe eevee bbe ed r mis omn eee Be he ba J et ede eli bee eee he onde ail lala F issbrme srai eer kaye eresien d unde a Crierinmm prieka 4 Bimi mi noha ererig a pae
135. s well as installation configuration and usage information This book defines terminology and various related concepts Intended Audience This book provides information for database administrators and individuals responsible for installing configuring and using Entegra Other Information Available from Lumigent Lumigent provides the following information resources Resource Information Quick Start Provides overview information about Entegra as well as planning Guide installation and usage information Also provides usage information for the Entegra Browser Help Provides context sensitive information and step by step guidance for common tasks as well as definitions for each field on each window FAQ Provides answers to frequently asked questions available from the Lumigent website www lumigent com Conventions This book uses the following conventions to help you identify items throughout the documentation Convention Used For Bold e Window and menu items e Technical terms when introduced Italics e Book and CD ROM titles e Variable names and values e Emphasized words Fixed Font e File and folder names e Commands and code examples e Text you must type e Text output displayed in the command line interface Contacting Lumigent Technologies Lumigent Technologies Inc is dedicated to safeguarding the integrity and availability of enterprise data Please contact us with your questions and comments We look forward
136. select N ew V irtual D irectory The Welcome to the Virtual Directory Creation Wizard is displayed Click N ext The Virtual D irectory Alias screen is displayed In the Alias text box type Lumigent E ntegra and then click N ext The Web Site Content D irectory screen is displayed In the Directory text box type C Program Files Lumigent Entegra WebUI server bin and then click N ext The Access Permissions screen is displayed Select the Read and Execute such as ISAPI applications or CGI check boxes clear the Run Scripts such as ASP check box and then click N ext The Finish screen is displayed Click Finish Part 2 Set up the IIS filter To set up the IIS filter do the following 8 At the Navigation pane right click W eb Sites and then select Properties The Properties screen is displayed 9 At the ISAPI Filters tab click Add Appendix C Configuring the Entegra Web Server with IIS 153 The Filter Properties screen is displayed 10 At the Filter N ame text box type Entegra Redirect 11 At the Executable text box type or browse to C Program Files Lumigent Entegra WebUl server bin isapi_redirect dl andthen click OK The Properties screen is redisplayed 12 Click OK 13 At the Services control panel restart EntegraWebServer and restart World Wide Web Publishing 14 Connect to htt p machine name umi gent ogin ht ml 154 Entegra User
137. servers_xX Stores information about each Audited Server lumdatabases_x Stores information about each audited database lumsessions_x Stores information about user logon sessions lumopcodes_x Stores the names of opcodes lumtranstables_x Links the lumtransactions_x table with the lumtables_x table to produce a one to many relationship lumowners_x Stores the names of the SQL server object owners lumphysicalattributes_x Stores low level system information about each activity lumlogins_x Stores login information lumosusers_x Stored Windows login information lumapplications_x Stores name of application used for session lumdomains_x Stores domain name of client lumhosts_x Stores name of host machine used for session In each table name the x represents the name of the repository as selected by the user when the repository is created So if the repository is named Repos1 the tables are lumTransactions Repos1 lumD etails Reposl etc The following sections provide more detail on the Repository tables 142 Entegra User Manual lumtransactions_x This is the main table that stores all audit data There is one row in this table for each audited D ML insert delete update transaction each D D L transaction each Security event and SELECT statement activityid numeric Unique ID for this row This column is a foreign key with 18 0 the lumdetails and lumtracedetails tables see below keyid numeri
138. set e Read and Write access to the Windows Registry e Read and Write access to the file system e Read access to the directory where SQL Server backup files are stored e Log On as Service privileges for the Repository A gent e System Administrator permissions on the Repository Server Instance including the authority to create tables in the lumigent database see Repository section below D oes not apply if you plan to use SQL Authentication see above These permissions are used by the Repository Agent By default Repositories are created within the lumigent database However because users browsing the Repository with the Entegra Browser require a fairly high level of access permissions on the Repository database you can install your Repository on a database other than lumigent for security purposes The Management Console s Add Repository Wizard provides a mechanism for doing this For details on the permissions that are needed to log on to the Entegra Browser see Chapter 6 Repository While Entegra needs full permissions to read and write the Repository you can create one or more read only database accounts for Entegra Browser users that are viewing the audit data The only accounts that should have write access to the Repository tables in the Repository database are the Repository Agent and the Entegra administrator Collection Agent Machine On each machine hosting a Collection Agent which may be separate from the m
139. severe bo bee eid rey all macip 1 ejm rmon arime Boe eee h aE J mha mi iin be eee ha odie aa la Chek stcrmes see mme hgp resh aba a Onliner priet s 4 Bist rj eheann reri a parae uea COO Click N ext The screen where you choose a database server to audit is displayed Add Server lnstance to Audit Iau Phoner s da shasn seam In mei Dates kirra Theva Connect eng TE Materia deal bere apt mort C G0 brs mute Len nen pes Mud I Colca ae on bere Tache a he eae ee Ber i n caret Le In the Database Server text box type SERVE R2 or click the browse button to display the available database servers Select SERVER2 and then click OK Select the SQL Server authentication radio button type a login name and password clear the Collection Agent runs on same machine check box and then click N ext Chapter 3 Configuration 103 104 5 The screen that allows you to add a machine for the collection agent is displayed Add Server lnstance to Audit Agere hipaa ee riepas har nrm m rame cilierben Lype Hast pleri mond riha bees iho PE spends T hm Coleen zpi nma g a ere a g Ati mamhine Tieni a rescheren bon bap Coder bner digger Samer Gye RAL ipni sie ees Zhen onni In the Agent Machine text box type SE RV ER1 and then click N ext The screen that allows you to select your license capabilities is displayed Add Server Instance to Audit Save m Bom
140. ssessecsseessees 23 Selecting Audit Settings for Multiple Tables scsssssssscssessssssessssesseesssssssssesssscsseesssssesssseeseessees 23 Adding Removing Columns Secs cetastncc as ace avecisereupachusestivanrpestoscsyciieonnnes naespocammiansousse een cemdinpe 23 Selecting Tre TO GICAL SK CY seectre teasers ccasecaves teas a a a R R a E a Nn E 23 Adding Removmg ViewSat eeni stooris saese kasii re ennek KERESET Weta 23 Adding a Colecon A gentine AAA n 23 Changing a Collection Agent sssssssssesssssssssssseeeeeessnsssssssssssssssssssssssssssseetetttereeeosseseseeennnnnssssssssssssssssss 23 Using Multiple E ntegra Management Consoles ssssssssscssssssssssssssscssssescssssessseseess 23 Configuration Exam ples sy sssissssvevssessvevessvarsvesvvevessvessasveagnssvscsosevssevas vvoavsesvavsns sisnvesuacioasooeuee 23 Example 1 Setting up two machines as an Entegra environment scessssseesseesseesseeseesssesseenses 23 Example 2 Setting up a distributed Entegra environment on three machines 23 Example 3 Variation of setting up three machines as an Entegra environment 23 Example 4 The SQL Server instance being audited is part of a CIUStEL ccsessesseesseesseesseeseens 23 Chapter 4 ATC hi VNG irinenn E 23 Archiving PLOCESS sissien n n n n N N n dans daedaninde 23 Specifying Archive Options essssessesssessessssesscsosscsscsossessesesscsocsossesocsessesoesesssscsossessesossesoes 23 SOL Back p Log Hndlidg i
141. strative privileges on the machine 4 Using the provided media install the Entegra Management Console on ENTEGRA1 Log on to ENTEGRA2 using a Windows login that has full administrative privileges on the machine 6 Using the provided media install the Entegra Web Server on ENTEG RA2 This concludes the installation portion of the setup process Next we set up SERVER1 as an Audited Server Instance and deploy Agents Add an Audited Server Instance and deploy Agents To add an Audited Server Instance and deploy Agents do the following 1 On ENTEGRA1 launch the Management Console from the desktop shortcut or the Start Menu Start Programs L umigent E ntegra M anagement C onsole Chapter 3 Configuration 79 The initial screen resembles the following Entegra Management Console File Acton View Help 8 FSG f Console Rock There is 1 Repository in this configuration There is 1 Audited Server Instance in fils configuration There is 1 Audited Debase in this configuration E Gudited Servar E a E Sucit Data Repositories a Collection Agents Services Local 2 Right click Audited Server Instances and then select Add Server Instance la Console Root bi Entegra Mele Console_ fe Audited Sae Server Nam Audit Data 2 Collection View gt Ht Services Loci l Refresh Export List Help 80 Entegra User Manual 3 4 The Add Server Instan
142. t directing each database s audit information to its own Repository do the following Chapter 3 Configuration 91 1 Atthe EMC expand Audited Server Instances right click SERVER1 and then select Add Databases Corot kozt E Entegra Management Dorsale E 4udited Server mshances mi a BLENG DOCWS Add Dababases Add Server instance psen Collect Data Mow Upgrade Change Collection Agent Machine Viena La Delete Refresh Export List FProperies Help The Add D atabases to Audit wizard is displayed Add Databases to Audit 1 Jeu TEHNEET Piers on Eh ia ood ohl ears Hho vail hee om lime ira ammi oles Pier rLatahsan hs Wiles tas oip t hy bento Aggy Let ees Tagh Daissi mo 2 Select the Payroll database in this example it is lumigent from the Available Databases window and click the right arrow button gt to move it to the Target Databases window and then click N ext Tip You can also double click databases to move them 92 Entegra User Manual The screen with the databases that you selected to audit is displayed Note Only newly selected databases are displayed databases that are already set up for audit are not displayed Add Databases to Audit Jay apap pargam ies rimm br Bee Leinan embed Pe ee ropa REAR tier Feibrekial deteicares lamer P Pipe Heip tet eee Erse Date Hediste esta mm ates Erme SELECT s adimg a labin amd eee
143. t data unavailable in the Entegra Browser UI To report on older data that has been purged out of the repository Entegra creates a repository that contains only older data This repository cannot be used for importing newer data as it may contain a discontinuous date range The Repository Agent is used to import the archive files for the date range desired into the report repository You may then use the Entegra Browser UI to connect to the report repository and view the audit data for the desired date range See Chapter 4 for more information Viewing and Managing the Data The three primary ways to view and manage the collected audit data are as follows e Interactive reports e Scheduled reports e Custom reports Interactive reports You can create and dynamically revise reports using the Entegra Browser This graphical web based application enables you to view sort and filter audit information and produce reports D ata for the Entegra Browser is provided by the Entegra Web Server component which is installed by the Entegra setup program Scheduled reports After using the Entegra Browser to design a report you can schedule it to run automatically at regular intervals using the Windows scheduler Custom reports You can interface directly with the data in the Repository either by running queries through SQL Query Analyzer or using a third party report creation application Complete documentation of the Repository schema is
144. teck ives _carcet Helo 66 Entegra User Manual In the D atabase Server text box type SERVERI1 or click the browse button to display the available database servers as shown below Select SERVER1 and then click OK Add Server ingtance bo Aidit Select the SQL Server authentication radio button enter the username and password for a SQL login account that has sysadmin privileges on ENTEG RA1 clear the Collection Agent runs on the same machine as this database server check box and then click N ext The screen that allows you to add a machine for the collection agent is displayed In the Agent Machine text box type ENTEG RA1 and then click Next Chapter 3 Configuration 67 The Service Login screen is displayed Service Login _ Agere hipa EH Teoria 5 Hii He Toierien Agri mamie bp ap Eor Pligg prora es ha bag mir Her HT oma T Lena GAHE Aor T HT ccas pih c to e Tapa barwi The NT eco ner Le a DORA ere I r This screen asks for login information that the Collection Agent uses to run its service 7 Select the NT Account with access to the Repository Server Instance s radio button and type the Account Name and Password and then click N ext The Data Collection Agent screen is displayed Data Collection Agent 1 r Agm ptre Ee TETMA gerd Mache ite dgmi p esa zopp onnn bialko D iaiki E oo Pl Leer ere Date Tiemie D popan ilg E v
145. ted Server linetancess L Giustog Add Databases LH Add zkia Istme aa im Collect Data Mow Change Collection Agent Machine WDE Delete Coleco Refresh i Ageri gi En Properties Me Servioss LO Help The Change Collection Agent Machine wizard is displayed Change Collection Agent Machine x Apert Mache eM Teoma Aes Sere Lolei r datehase p speri T hmp Coliprien Arari ama g a ere oa orgs mem hire Tieni a raphani an bha Coker bpn Agoni Soe dymi Mamane viel Cie pe Se ey ZO Varo Opssating maien fae L Heed 1 Cancel I Hsp 2 Type the name of the new machine that you want to run as the Collection Agent Service and then click N ext 60 Entegra User Manual The screen that allows you set the collection agent service is displayed Change Collection Agent Machine Se han dipha Ee rene Mei Hoe I pier been digest eevee enon Bar ilies epee een be beg mir He HT eevee T HT Bice pih c o e Tap barwi Tee MT aori pers ora e DOM AR eee r Ber J Hear cem Heo For this screen you need to consider the following If you want the Audited Server Then and the Collection Agent on the same machine you can use the database logon for the server and local service logon for the agent or you can use Windows login for both the audited server and the agent each on a different machine it is highly recommended that you use Windows logon for the audited server and the
146. the SQL Server instance that houses the Repository On the Lumigent Database Users logging in via the Entegra Browser must have read only access to the following tables in the Lumigent database e umAuditRepConfigVars e umAuditRepRepositories e umAuditRepHistory These tables store important configuration information about the repository On the Repository Database Users also need read only access on the database that houses the Repository If the Repository resides in the Lumigent database you can ignore the previous section and give users read only access on lumigent Starting the Entegra Web Server Before you can use the Entegra Browser to browse your Repository you need to do the following 1 Start the Entegra Web Server 2 Check the Windows Services control panel to verify that the web server is running Chapter 6 Using the Entegra Browser 131 Shortcuts At any time you can stop or start the Entegra Web Server by using shortcuts on the Start Menu To access the shortcuts select Start Programs if X P A ll Programs L umigent E ntegra Start W eb Server or Stop W amp Server Logging On 132 To access the Browser do the following 1 Click the installed desktop shortcut or open Internet Explorer 6 0 and navigate to machine name 8080 lumi gent ogin html where machi ne name is the name of the machine running the Web Server 2 At the login screen provide the required valid SQL Serve
147. tion are highlighted in the details pane A logical key can be typed in and or selected from the view screen to get Row Revision History To filter on a particular column in the activities pane click the column header and select Filter The resulting dialog allows you to select and display the specific values for this column Viewing Details For any activity row you can view details about the activity by highlighting the row and clicking the Show Details link located at the lower right of the pane or by double clicking the row Depending on the type of activity involved the D etails window may show the exact SQL query that was entered the old and new data if the activity was an UPDATE statement or other relevant data To see acomplete history of changes affecting an individual row in an audited table highlight a row in the Entegra Browser that corresponds to the audited database row in question and then click the record key at the bottom of the Entegra Browser activities pane A yellow caution icon and the row s O pCode in red indicates that the transaction failed Chapter 6 Using the Entegra Browser 135 If you cannot see the details for a particular field in the table then use the EMC to add that column to the audit Changes to the configuration are not retroactive If you start collecting new tables or columns the data will be only for that collection forward Entegra does not go back into old backup logs to get d
148. tory You have finished the configuration process Audit data from your databases is collected according to the schedule you selected To collect data immediately right click SERVER1 and then select Collect Data N ow Set up separate SQL login accounts for the two databases For security purposes you need to set up two separate SQL login accounts for the two databases D o the following using the same procedure as for ENTEGRA1 1 On ENTEGRAZ2 use SQL Enterprise Manager to create two new accounts 2 Create user account payroll with read privileges on the Payroll Repository 3 Create user account customers with read privileges on the Customer Repository 4 Optionally you may also create a user account with read privileges on both Repositories Users can now view audit data by using the installed desktop shortcuts or by connecting their browsers to http ENTEGRA1 8080 1 umi gent ogin html and logging in with the appropriate permissions see Chapter 6 Example 3 Variation of setting up three machines as an Entegra environment In Example Three there are three machines in our environment Two existing SQL Server machines called SERVER1 and SERV ER2 hold important databases e Payroll on SERVER1 e Customers on SERVER2 A third machine ENTEG RA1 holds the Repository and Web Server 94 Entegra User Manual In this setup you install one Collection Agent on the Audited Server Instance SERVER1 for convenien
149. traffic databases A data definition language D D L Collection Agent resides on the same machine as a SQL Server and monitors DD L events on that server instance When a DDL event is detected the Collection Agent optionally records it in the Windows Event Log and or sends an email message to the recipient of your choice A Repository Agent resides on the same machine as the Repository This agent is responsible for receiving audit data from the Collection Agents and importing the audit data into the Repository Only the Data Collection Agent is exposed to your control The other Agents operate invisibly and are managed by internal Entegra processes Repository A Repository is a set of SQL tables that stores all audited data as well as metadata that enables the other Entegra functions A single Repository may store audit data from multiple SQ L Server instances and databases You may also license and set up additional Repositories to host audit data from different databases Since the reporting and viewing of audit data are done on a per Repository basis all data that you want to view in a single report should be directed to the same Repository Entegra Management Console The Entegra Management Console a Microsoft Management Console snap in is the tool you use to set up and configure your Entegra environment and to monitor collection history The Management Console automatically deploys Agents and other software components across t
150. trate their purposes lumkeydesc_x keydescid columns 1 employeelD 2 custID lastname lumkeys_x keyed tableid keydescid value 1 1 1 5 2 2 2 12 Smith 3 2 2 13 Jones In the example above the audited table with tableID 1 uses the employeeIlD column as its logical key The table with tableID 2 uses the custID and lastname columns as its logical key For a unique row in table 1 the employeelD is 5 Fora unique row in table 2 the custID is 12 and the lastname is Smith for a second row in table 2 the custID is 13 and the lastname is Jones lumservers_x This table stores information about audited server instances Each audited server instance has one row in this table serverid nt A unique ID for this audited server instance This column is a logical key for this table and a foreign key with lumsession and lumdatabases servername nvarchar Name of the server instance 256 host nvarchar Name of the machine on which the server instance is running 256 146 Entegra User Manual lumdatabases_x This table stores information about audited databases Each audited database has one row in this table databaseid int A unique ID for this database This column is a logical key for this table and a foreign key with lumtransactions and lumtables databasename nvarchar Name of the database 256 serverid int ID of the server instance that the
151. u to select alert events is displayed Add Server lnstance to Audit Jaru EN TETRAN Gin sirai eai be peren iri erah ee ceded evei mas m m mabeni datsan an eeren E RT Ea Ra Gere Dham Da ahah E Depp Alte ep Cieni phm pan ciel teers D heii Crete Aia Drop c Teo Tab E Giri Dary Freni e Pie F fetid Perser eur E i Memar Ure E Ami heee Ns D Daai Coke Cited D CE H Perry anene D iper Uer E Pied ingen M Eusi legen l Lipi Back Mere j Cem Select or clear the desired alert events check boxes and then click N ext Recommendation It is recommended that you do not select the Successful login check box because of the large number of alerts generated by this audit If these alerts are emailed to you server performance may be impacted The screen that allows you to complete the configuration wizard is displayed Add Server Instance to Audit uinsicent si tine sais Rises Pan Thai bo configure the eked Aimars nerves Thi sell chemi the Collecios Agen Ha configs tee hirad Save Inia dirbi See eden in dad e ren _cercet en Click Finish The Entegra Management Console automatically deploys the necessary software components to the Audited Server Instance The EMC also deploys Collection Agents as needed Note For each audited server you need to specify at least one database to audit Chapter 3 Configuration 41 Adding a Repository Server Instance To add a Repository Server Instance do the following 1
152. uring the Add Audited Server Instance Wizard included Repository capabilities it is displayed and can be used for the Repository you are now creating If not you must enter a valid Repository license key before continuing Click Finish to set up ENTEGRA1 as a Repository Server and create the new Repository Entegra User Manual Create a Customer Repository To create a customer repository to hold the audit data from one of the two databases you plan to audit do the following 1 At the EMC expand the Audit Data Repositories right click ENTEG RA1 and select Add Repository The Add Repository screen is displayed Add Repository Jay EN TETMAN Perap prom ha bhp rapa Pepe Ti mal bee ep ee i Fop Pee mee ee ha Ede See uem mipi Bensai Hares Cuncres _Nenoune a dagtapr eee Hee H perpin eal feed ble ther oe Feepowran oan be kapa te sares ees Thy eee eee ceed depeesis nn Ee errari ot ida oodierted iran he Dobe es ee ere iragar In the Repository N ame text box type Customer_Repository In the Database text box type customer Click Finish to create the repository You have finished creating the two Repositories and created tables in a database for each repository Next you set up the databases for audit directing each database s audit information to its own Repository Set up the databases for audit directing each database s audit information to its own Repository To set up the databases for audi
153. view on how you might proceed Using Online Help On any given screen in the Entegra Management Console you can click the Help button for assistance with that particular screen Chapter 3 Configuration 63 Example 1 Example 1 provides a basic configuration example in which you have one server being audited and a separate server running all the remaining Entegra components the Agents the Management Console the Web Server and the Repository Example 2 Example 2 provides a high security example A single server contains two databases Payroll and Customers each with its own logon username and password A second server contains two Repositories one for each database For additional security this configuration also uses a third machine as the Web Server Example 3 Example 3 provides a scaled enterprise example consisting of two databases on two different servers both handled by a single Collection Agent on one of the servers with both databases data going to a single Repository on a third server Example 4 Example 4 provides a cluster example A SQL Server instance that is being audited is part of a cluster This example assumes that the Audited Server Instance resides on the active node of an active passive cluster All other components the Entegra Management Console Collection Agent Repository Repository Agent and Web Server reside on a separate machine outside the cluster This configuration is exactly the same
154. you plan to audit To create a Repository to hold the audit data from the two databases you plan to audit do the following 1 At the Entegra Management Console right click Audit Data Repositories and then select Add Repository Chapter 3 Configuration 107 The Add Repository wizard is displayed Add Repository Sam Danger s delehger smem in heed the sarii epee Dit die Lee i Care aes Co Walrond ery l SQL 5er euler Log rarer el panssrd j 2 In the Database Server text box type ENTEG RA1 or click the browse button to display the available database servers as shown below Select ENTEG RA1 and then click OK 3 Select the SQL Server authentication radio button and enter the username and password for a SQL login account that has sysadmin privileges on ENTEGRA1 and then click N ext 108 Entegra User Manual The Service Log On screen is displayed Service Log On i Agee hipa EH TETRAN Speedie Hap ihren erred e hanh Hen Bigpensiong Dgr endl ren es m mawe T Lena GpH An T HT hcc pih OC o Pe apia Gam rece TeNT aoc nar per i DOA The Service Log On screen information is used by the Repository Agent to run its service To use the local system account accept the Local System Account default and then click N ext Alternatively you can specify a username and password This account must have logon as service permission on ENTEGRA1 The Archive
Download Pdf Manuals
Related Search