User's Guide
Contents
1. Active Server None 4 Configuring Data M onitoring without Schemas 2 Right click the server to select Login You may also double click The AuditM aster Login dialog box appears a 4uditMaster Login x User Name I Password Cancel 3 Enter the default user name admin and the password MASTER Note The built in user ID admin has the default password MASTER Passwords are case sensitive user names are not 4 Click OK 5 Select Admin Audit Configuration The Audit Configuration window opens Audit Configuration Configuration Pervasive SQL Generic m Product Information Product Name Version Pervasive SOL Demo Product Description Pervasive SOL Demonstration Data Configured Components Date Configured Monitored Files 6 3 Working with Audit Configurations 6 Intheleft pane right click Pervasive PSQL Generic and select New Configuration You may also double click to open it The Pervasive SQL Generic Configuration dialog box appears 7 From the drop down list select the drive on which to choose Pervasive PSQL data files to be monitored and click OK The system displays the Selection of Files to Be M onitored window a Selection of Files to Be Monitored Configuring Data M onitoring without Schemas 8 Click Add Group The Enter Group Name dialog box appears Pervasive AuditMaster x Enter Group Name2. V Version number of the application to which the data belongs for Version field in Audit Configuration window e Path and file name to which to export h Help Example C gt amschemamaint export d d lt installation directory gt demodata p Pervasive PSQL Demo v 10 0 s Pervasive PSQL Demonstration Data e d lt installation directory gt demodata auditschema remove M anaging Schemas from the Command Line AuditM aster Schema M aintenance remove utility Description Removes a schema from the AuditM aster system Syntax amschemamaint remove p product name v version a folder Options Option Description a Data directory on remote server where AuditMaster amserver file resides Optional if amserver resides on the same machine as the client p Name of application to which the data belongs for Product Name field in Audit Configuration window With spaces use quotation marks v Version number of the application to which the data belongs for Version field in Audit Configuration window h Help Example C gt amschemamaint remove p Pervasive PSQL Demo v 10 0 a d data audit B 5 Advanced Operations list B 6 AuditM aster Schema M aintenance list utility Description Displays all schemas currently in the audit configuration Syntax amschemamaint list a folder Options Option Description a Data direct
3. Running a Query on an Archived File QueryingAudit Data Directly through SQL This section refers to the virtual database DemodataV you created under Creating a Virtual Database The qdmg script sets selected tables in the virtual database to point to audit recordsin the current view file The default path for this file isC lt installation directory gt Audit data amlog As explained in this section you can reset the path to an archived file if you know its name Archived filenames are based on creation date yyyymmdd nn where yyyy is year mm is month dd is day and nn isnumber of archived file that day starting with two zeroes Filenames end in acapital V The default folder for archived files is C lt installation directory gt Audit Arch When an archived file is compressed it moves to a different folder the default for which isC lt installation directory gt Audit Comp and the V in the file name changes to Z When the file is decompressed it returns to the Arch folder and the Z changes back to V As with queries within AuditM aster direct queries run only on uncompressed records The method described in this section uses two SQL scripts m Thefirst script sets the virtual database to point to an archived fileinstead of the current view file Thesecond script resets the virtual database to its original state so that queries again return results from the current view file The following steps demonstrate the
4. 6 Intheleft hand list select Directories The Directories window appears G2 Properties for DEFAULTDB jol x Directories General Relational Constraints Dictionary Location Browse Remove Security Data Directories Up Down Restore Defaults Apply cm 7 Under Directories usethe New button to add the audited file path names Include all directories where application data files reside If needed contact the application vendor for file locations 8 When you re done select OK to close the window 9 In Pervasive PSQL Explorer under DefaultDB right click Groups gt New The New Group dialog box appears AuditM aster Basics Ka New Group xj Group Create a new group i Group name cms 10 IntheGroup Name field enter auditusers and click Finish The group auditusers appears in the DefaultDB branch under the Groups node next to the built in PUBLIC group B DEFAULTDE Master Tables B Views 9 Stored Procedures 9 User Defined Functions E Triggers B System Objects Users 9 Groups e PUBLIC F H A F auditusers 114 Right click auditusers Properties The group properties window appears Running AuditM aster under Pervasive PSQL Security Properties for auditusers 12 In theleft hand list click Permissions Thegroup permissions for Defa
5. AuditM aster provides two ways to create archived files a Using the Data Tree to Archive Audit Records a Using Archive M anager Working with Archived Audit Records Using the Data When you first install an AuditM aster event handler and its server Tree to Archive appearsin the data tree no audit records have been archived If you Audit Records expand Archived Files the number of archived files is zero WDB_SERVERSPYSWAUDIT DATAS E F Archived Files 0 total C None After you begin logging audit records may be archived The system automatically creates an archived file when the audit log reaches a set limit by size or by date and time You can also archive manually Note In thedatatree you may sometimes need to right click the Archived Files icon and select Refresh All to update the list This section covers the following tasks a To archive manually a Toset thenumber of archived files to show To automate archiving see Automated Archiving gt To archive manually You may want to archive manually for the following reasons m Theaudit log has grown large queries and other operations take longer and you don t want to wait until the next automated archiving to regain performance speed Automated archiving will not occur soon but an event of interest makes it preferable to archive now m You wish to archive and compress records to manage disk space In the data tree select the current view fi
6. TheWindows user name under which you login and open AuditM aster Viewer must have write permission for the Pervasive PSQL database being monitored Neither Windows nor the Pervasive PSQL server recognize the administrator and regular user accounts created within AuditM aster Thefile listed in the audit record must not have been removed from its audit configuration since the operation occurred Undoing operations from within AuditM aster carries a risk of putting application data into an inconsistent or illogical state You should be an advanced Pervasive PSQL user who understands the cautions regarding changing one part of an application database independently of another part 7 44 Using AuditM aster Undo e If filesin an audit configuration group have the same name but different paths undo applies only to the first file listed Note Remote client logins do not support undo gt To undo a database operation 14 Intheaudit record grid right click one or more records The shortcut menu appears Copy Undo Operation s AutoSize All Columns AutoSize Selected Column s Hide Selected Columns Graph Trigger Information 2 Select Undo Operation s Thesystem prompts you to confirm the undo attempt Confirm Undo J Are you sure you want to attempt to undo the operation Modify After Record No 101 on database PERVASIVE SQL Yes Toll Skip Cancel 3 Click Yes or Cancel if
7. AddingaNew Alert a Setting an Action for an Alert including Setting an EmailAlert Action Setting aRunProgram Action a Editing an Existing Alert a Stopping an Alert Note After creating or changing an alert close AuditM aster Viewer and restart the AuditM aster event handler so that the alert takes effect See Restarting the AuditM aster Event Handler 7 23 Querying Audit Records Adding a New gt Alert To create an alert In AuditM aster Viewer run a query to display the type of audit records for which you would like to create an alert condition Select File Alerts The Alerts window appears iF alerts ID Name Description Edit Script Action Delete Close 7 24 Click New The New Alert window appears Enter a name for this alert using letters numbers or spaces In this example we create an alert for new students in the Pervasive PSQL demonstration database Enter a description for the alert using letters numbers or spaces We suggest you describethe event for which thealert isto watch x Trigger Data Name New Students Description Inserts of new students in demodata IV Enabled cma Working with Alerts 6 Click Continue The Query Builder window appears 7 Definethecriteria for this alert using the tabs in the Query Builder For details on using these tabs see Running Queries M MESSAGE AM ENGINE MESSA M MESSAGE AM MESSAGE ER
8. The window closes and the system prompts you to restart the AuditM aster event handler Pervasive AuditMaster x Gi Changes will take effect only after restarting Pervasive AuditMaster Exit this application and all other Pervasive SQL clients before restarting If needed ask an administrator for assistance Click OK Follow the steps given under Restarting the AuditM aster Event Handler After the restart the new AuditM aster configuration becomes active and auditing begins You are now ready to attempt to create an audit configuration for your own Pervasive PSQ L database server application databasefiles and schema Proceed to M anaging Schemas 6 15 Working with Audit Configurations Operations to Audit by File Each file in an audit configuration receives a default list of audit events but you also can click the Operations to Audit button in the Selection of Files to Be M onitored window to reset that list as shown here x Selected Files class mkd r Configurable Operations course mkd dept mkd I Insert IV Reset enrolls mkd Pas faculty mkd IV Delete JV Begin End Trensactio mkd roominkd V Modify Before After V Abort Transactio tudent mkd higonmed I Login Logout I Read Grayed out operations cannot be applied to individual files To set auditing for those operations use the Server Settings window Cancel Apply Thefollowingtablelists operations you can set
9. Conca 27 Enter an AuditM aster administrative user name and password and click OK Note The built in user ID admin has the default password MASTER Passwords are case sensitive user names are not To change this password see Changing Your User Password For information on the relation of AuditM aster logins to database and OS logins read under Displaying Audit Records under Pervasive PSQL Security a Pervasive AuditMaster Active Server Pervasive SQL 4 oj x Fie Edit Tools View Server Admin Help DOTAS A2 se The new AuditM aster server is now ready to operate without a network share Other server settings are unchanged and previously captured audit records captured remain in the system Only the means of the viewer client connection has changed 3 15 Administering AuditM aster Reviewing System Activity in the Status Log AuditM aster Status Log Viewer displays the activity logging that the system performs on itself It provides a list of status messages and internal errors generated by AuditM aster operations In a development environment it also can be configured to capture messages for debugging purposes gt To view filter and sort status log records 1 Open Status Log Viewer by doing one of the following In AuditM aster Viewer select Admin then View Status Log Access the Status Log from operating system Start menu or Apps screen or from the installation location the
10. coe 6 10 6 7 Configuring Data M onitoring with a Schema In the left pane of the Audit Configuration window right click Pervasive PSQL Demo and select New Configuration You may also double click to open it The Pervasive PSQL Demo Configuration dialog box appears a Pervasive SQL Demo Configuration E x Select a local drive to scan for new files to be monitored Drive Ic z H i Version fg 7 Cancel If you havea standard Pervasive PSQL installation click OK to accept the default drive C for the Pervasive PSQL Demo drive location and the version of Pervasive PSQL Otherwise use the drop down list to change to the appropriate location for your Pervasive PSQL database The system displays the Selection of Files to Be M onitored window f Selection of Files to Be Monitored xi r Group Name a AadGroup Delete Group Show Files in Subdirectories m Files to Be Monitored Operations to Audit 8 Click Add Group 6 11 Working with Audit Configurations The Enter Group Name dialog box appears xi Enter Group Name Cancel m A group isa set of oneor morefilesto monitor Group namesare case sensitive and can use any keyboard characters including spaces up to 40 characters in length Since group names are globally visible it is recommended that you name a group to reflect the audit configuration under which you are creating it 9 Ent
11. m A group isa set of oneor morefilesto monitor Group namesare case sensitive and can use any keyboard characters including spaces up to 40 characters in length Since group names are globally visible it is recommended that you name a group to reflect the audit configuration under which you are creating it 9 Enter agroup name and click OK For this example the group name Pvideo is used The Selection of Files to Be M onitored window activates the Available Files area GY Selection of Files to Be Monitored i x r Group Name Add Group Delete Group m Available Files Drive e o H bin E cmsynergy 4 Documents and Settings DRIVERS 138s DNumericTest xl Show Files in Subdirectories m Files to Be Monitored Operations to Audit 6 5 Working with Audit Configurations 6 6 10 IntheAvailable Files area navigate through the folder hierarchy to locate files to monitor Only files in Btrieve format will be listed You may also usethe Show Filesin Subdirectories button after double clicking a folder to display a list of all Btrieve files from the double clicked directory downward Note A large number of files may take time to display in the list 11 Highlight afilename and click Select You may also double click to select a file m Available Files Drive C ia i Show Files in Subdirectories Select Select AIl Thefile path name
12. 6 13 Working with Audit Configurations 6 14 12 When you are finished selecting files click Close In the Audit Configuration window the Configured Components area identifies the new configuration Expanding the newly added group in the M onitored Files area lists the files Audit Configuration Configuration r Product Information Pervasive SQL Demo 9 DB_SERVERT c Product Name Version Pervasive SQL Generic Pervasive SQL Demo 3 Product Description Pervasive SQL Demonstration Data Configured Components j Date Configured Generic BTR Table 9 07 Jun 05 lt System Tables gt 3 07 Jun 05 lt User Tables gt 9 07 Jun 05 Monitored Files B one AuditM aster is now set to monitor the file 13 If you wish to change the audit configuration do the following In the audit configurations expand the one that contains the group and file you want to change then click the Select Files button to display the Selection of Files to Be Monitored window and return to step 10 Note All groups and files in an audit configuration that uses a schema must use the same one If you try to add a file that does not match the schema for the audit configuration AuditM aster warns that the file is not registered for monitoring 14 15 16 Configuring Data M onitoring with a Schema When you are finished with entries in the Audit Configuration window click Close
13. Click Finish to import your schema with the following settings gue wia ia aa EEG TORRE version 1 0 AuditMaster Se Product Pvideo Description Example imported schema Click Finish to complete the import The wizard reports the result of the schema import M anaging Schemas Schema Maintenance Wizard for Pervasive AuditMaster Completed Schema Import You have successfully imported Data Definitions for Pvideo waaa aa affa RAS mw AuditMaster 12 Click Close When you open the Audit Configuration window theimported schema will appear and be ready for use Note Schema import does not affect display of data already captured Removing a Removing a schema from the AuditM aster system allows you to Schema from replace it with a different schema AuditMaster gt To remove a schema from AuditMaster 1 Access Schema Maintenance Wizard from the operating system Start menu or Apps screen The Schema M aintenance Wizard appears 6 23 Working with Audit Configurations 6 24 Schema Maintenance Wizard for Pervasive AuditMaster Welcome to the Pervasive AuditMaster Schema Import Wizard Before AuditMaster can display records in proper field format or define field based triggers it must know the schema data definition of your database This wizard will guide you through importing the needed information or removing old definitions E
14. Existing Alert cannot changetheconditionsfor thealert To monitor for a different event delete the old alert and enter anew one gt To change an alert name or description 1 IntheAlerts window select an alert from the list and click the Edit button The Edit Alert window appears Figure 7 6 Edit Alert Window x Alert Name New Students Description Inserts of new students in demodata IV Enabled 2 Editthename and description for this alert and click OK 7 35 Querying Audit Records Stopping an To stop an alert from running you can disableits action or deletethe Alert alert entirely Note Deleting an alert does not delete any email group associated with its action Email groups associated with an EmailAlert action remain in the system for use with other alerts gt To disable an alert action 1 Select a alert from the Alerts window and click the Edit button The Edit Alert window appears x Alert Name New Students Description Inserts of new students in demodata IV Enabled 2 Clear the Enabled checkbox and click OK Thealert action is disabled You can enable it again later gt To delete an alert 1 Select an alert from the Alerts window list Click the alert to select it 2 Click the Delete button A window prompts you to confirm the deletion 3 Click Yesto confirm Thealert is deleted and can no longer run 7 36 Printing Reports Printing Reports AuditM aster
15. 5 In AuditM aster configure one or more tables to be monitored for changes Use the qdmg utility to create a virtual database for the database of the tables you re monitoring so that you can run delta queries against captured audit records to find the alert condition Create an AuditM aster alert and enter amda exe as the RunProgram action and set its parameters Within thealert build a query for the M odify After event for the table or tables where the alert condition will occur Select email recipients to be notified when thealert triggers Thedetails of these steps are given under Delta Alert Example which shows how to create a working sample of a delta alert on the D emodata database Parameters for the amda Utility Using the Data Alert Utility The parameters for the amda utility definethetest for the delta alert amda a database t table r e Recrp c columns u username p password o operator Parameters Option Description d DSN of the virtual database created using QDMG t Name of table to query r Placeholder parameter ReclD for the record ID of the required row in the queried table C Name of one or more columns to test comma separated with no spaces u User name if database security is enabled p Password if database security is enabled 0 Boolean operator or default or and when querying more than one column h Help For example t
16. By default thesharenameis PVSWAU DIT for the path C lt installation directory gt Audit but both the name and path can beset to other values at installation time Also the share need not be hidden To meet security requirements the share can be replaced with an explicit local path name For instructions see Removing the Network Share Upgrade Notes Thefollowing notes pertain to upgrades from earlier versions Theupgrade from version 6 x to 6 4 can replace the existing AuditM aster installation without loss of audit records server settings users and passwords saved queries reports or alerts If you are upgrading from version 6 x to 6 4 to ensurea complete audit log we recommend that you open the AuditM aster Viewer client on theserver updatethe current view file and then archive it before installing the upgrade For aserver upgrade all AuditM aster Viewer remote clients should be closed For best results also upgrade all AuditM aster Viewer clients on your network 3 3 Installing Pervasive AuditM aster Installing Pervasive AuditMaster under Windows 3 4 You must install AuditM aster on a machine with a Pervasive PSQL server engine This section guides you through the process of setting up Pervasive AuditM aster under Microsoft Windows It provides instructions for running the Windowssetup of theAuditM aster event handler and an AuditM aster viewer client on the Pervasive PSQL server machine where data will be mo
17. E Desktop My Documents cal My Conor i ooo aA oe Files of type Jamsewer o Cancel My Network P I Open as read only 13 Using thenew path value that you have been implementing enter drive Pervasive PSQL root directory Audit DATA to navigate to the location of the file amserver which contains all of the settings you have just changed 8 11 Administering AuditM aster The path name you enter might resemble the following ec amseryer on your A4uditMaster Server Desktop A ay My Documents te My Computer 14 Select the file amserver and click Open Based on the new server settings you have entered the new server appears if Pervasive AuditMaster Active Server Pervasive SOL 15 Select theold server nodewith thenetwork sharein itsnameand then select Server Remove 8 12 Removing the N work Share Thesystem prompts you to confirm removal of the old server configuration x j Are you sure you want to remove Server DB_SERVER PYSWALDIT DATA Yes No 16 Click Yes Theserver is removed from thelist and the status field at the bottom of the main window indicates no server is active af Pervasive AuditMaster Active Server Pervasive SQL f loj x Fie Edit Tools View Server Admin Help O T i e 2l Ele Active Server po 17 Exit from AuditM aster Viewer In order to remove the network share AuditM aster and Perva
18. File 2716 2004 2717 2004 20040216 01 2 16 2004 2 16 2004 T 2004021600 2 10 2004 2 16 2004 z a Total Records 351 Retresh List Clear Selections Selected Records 108 Output type Screen Execute Save Cancel Current View File from DB_SERVER PVSWALIDIT DATA Since the current view file has been chosen its checkbox is selected Other examples might include other files 4 Click the Execute button at the bottom of the window Theresult of the query appears in the audit record grid Figure 7 2 Sample Audit Record Grid Visible column settings Visible Columns x JAM Server db_server PYS WAUDIT data Data Source Current View File WOBSERVERSPYSW Record No v Date Time Network ddress User Name Table Name Operation Database Engine 818 02 20 04 13 36 67 74 149 254 User n a Begin Trans PERVASIVE SQL 819 02 20 04 13 36 67 74 149 254 User Student Insert PERVASIVE SQL 820 02 20 04 13 36 67 74 149 254 User n a End Transac PERVASIVE SOL To change which record columns are visible see Working with the Audit Record Grid To view an individual record in detail see Viewing Audit Record Details Displaying Audit Records Working with Queries display audit data in the audit record grid Each column in the Audit the grid shows information for each audit record such as its capture Record Grid date and time table name operation and user name The following tabl
19. PSQL Control Center PCC for AuditMaster No AuditM aster requires no special settings in PCC Does the AuditMaster installation create any log files Yes See the file manifest txt Inadefault Windows installation you will find this log under C Program Files Pervasive Software PSQL Audit Bin Does an upgrade retain AuditMaster data and settings Windows only Yes The upgrade installation is designed to preserve the following items in your existing AuditM aster 6 0 or 6 1 system Audit records and archived files AuditM aster users and passwords m Audit configurations a Server settings a Alerts Queries a Reports Statuslog Uninstalling Pervasive AuditM aster Uninstalling Pervasive AuditMaster Uninstalling AuditM aster removes its components under the folder lt installation directory gt Audit Files in other locations are untouched Note If your business prohibits stopping the database during certain hours be aware that on Windows servers AuditM aster removal stops and restarts Pervasive PSQL services gt To remove AuditMaster from Windows Under Windows AuditM aster can be uninstalled from the Add or Remove Programs window in the Control Panel 14 Assess the operating system functionality to add or remove programs 2 Select Pervasive AuditM aster in thelist and remove it 3 When prompted you may restart your system Note Uninstalling AuditM aster leaves existing audit rec
20. Product from which to extract Data Definition information Name Description Version omea Enter a name for the audit configuration You will use this name to identify the audited application in the Audit Configuration window Enter a description for the audit configuration This description will appear in the Product Information area of the Audit Configuration window Enter a version for the audit configuration A version number will help to identify the release of your application and distinguish it from other versions if your network environment supports more than one release Click Next The wizard asks for the folder for the schema to be imported 6 21 Working with Audit Configurations 6 22 10 11 Schema Maintenance Wizard for Pervasive AuditMaster Specify the Source Location of the Data Definition Files Enter or select the directory path containing the product s DDFs Directory ON led Master Password lt Back Ceai This directory is the location for the database tables and schema information in their data dictionary files file ddf field ddf index ddf Enter a directory path nameor usethe browsebutton to navigate to the correct folder If a password is needed to access the database then enter it here otherwise leave it blank Click Next The wizard summarizes the schema import Schema Maintenance Wizard for Pervasive AuditMaster Completing Schema Import
21. You Begin a Installing Pervasive AuditM aster under Windows a Installing AuditM aster Viewer as Client Only Common Questions After Installing Pervasive AuditM aster a Uninstalling Pervasive AuditM aster Installing Pervasive AuditM aster Before You Begin Familiarize yourself with this section to successfully install or upgrade Pervasive AuditM aster Review the following a Preparing to Install Pervasive AuditM aster for needed information including system requirements and platform specific notes relevant to your operation TheReleaseNotes readme_am htm file for important product news that could not beincluded in the product documentation but may be essential to your installation and use of the product release The readme file is located at the root on the installation CD Therest of this section provides additional preinstall information a Installation Notes Upgrade Notes Installation Be aware of the following conditions before installing Pervasive Notes AuditM aster on any platform You must have full administrator level rights on the machine where you install Pervasive AuditM aster a Disable any antivirus and antispyware applications These may bereenabled immediately after installation iscomplete If you do not disable antispyware be prepared when prompted to allow various installation tasks to execute On Windows servers the Pervasive PSQL database engine is stopped and restarted during Audit
22. a command prompt window and run the command The prompt returns the following message Query Data Model Generator Utility for Pervasive AuditMaster Copyright C Pervasive Software Inc 2004 Query Data Model was generated into C lt installation directory gt DemodataV script sql Next create the database in which to run the script Open Pervasive PSQL Control Center Under the name of your server right click the Databases Engine node and select New Database The Create Database Wizard appears QueryingAudit Data Directly through SQL 9 This example uses the database name DemodataV and the directory you created C lt installation directory gt D emodatavV as shown here Fa New Database I xj Database C Create a new database Database Information Database Name Demodatay J Ji Location fea DBName Options Tl Bound IV Create dictionary files IV Relational integrity enforced DSN Options IV Create DSN Open mode Normal ne Note You must place the virtual database on the same volumeas the AuditM aster installation directory 10 Click Finish to complete database creation 11 In Pervasive PSQL Control Center select File Open 12 IntheOpen dialog box navigateto thefilescript sql saved earlier in C lt installation directory gt D emodatavV The Select D atabase dialog box appears 13 Expand the Databases tree select DemodatavV and click O
23. appears as hexadecimal rowsand you cannot set alerts for individual datafields The example Configuring Data M onitoring without Schemas monitored filesin afictional video store database Lacking aschema the application data record for an insert resembled the following Offset 00 01 02 03 04 05 06 07 08 09 OA OB OC OD OK OF 0123456789ABCDEF comer 07 00 00 00 41 75 62 65 72 6f Ge 20 20 20 20 20 ppbpAuberon 1 00000010 20 20 20 20 20 20 20 20 20 20 20 20 52 65 79 20 I Rey 00000020 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 I 1 00000030 20 20 20 20 39 30 32 31 20 53 70 61 6e 73 6f 72 9021 Spansor 00000040 20 52 64 Ze 20 20 20 20 20 20 20 20 20 20 20 20 Ra 1 00000050 20 20 20 20 20 20 20 20 O1 00 00 00 00 00 00 00 I P PPP 00000060 00 00 00 OO 0O 0O 0O OO 0O OO OO OO OO OO OO OO bbbbbbbbbbbbb bpp 00000070 00 00 00 00 OO 00 OO OO OO OO OO OO OO 41 75 73 bbbbbbbbbbbpbAus 00000080 74 69 6e 20 20 20 20 20 20 20 20 20 20 20 20 20 tin 00000090 20 20 20 20 20 54 58 37 38 37 30 37 Z0 20 20 20 I TX78707 000000a0 20 35 31 32 Zd 35 35 35 Zd 32 33 30 32 0l 00 00 512 555 230Zbpp After schema import AuditM aster can better display the next insert Field Name Field Value a 7 LastName Auberon FirstName Rey Addressl 9021 Spansor Rd Addressz City Austin State TX Zip 78707 HomePhone 512 555 2302 Note Schema import has no effect on display of data already captured The rest of this sec
24. can also be used to query at the column level in If you plan to reuse this query later click Save In the save dialog box provide a descriptive name for the query and click OK For details on using a saved query see Runninga Saved Query or Last Query Executed To run the query click Execute The audit record grid displays the query result an audited table if its schema has been imported Thefollowing example shows the creation of a query to search for all inserts into the database on a specific day gt To step through the Advanced Expression Builder 1 example Open the Query Builder window and click the Advanced tab af Current iew File from DB_SER ER P SWAUDIT DATA x Pervasive AuditMaster Query Build Who Did What From Where When How Use the Advanced Expression Builder for complex expressions Use Advanced Expression Builder Type Operation Value Alert Only C No C Ye Output type Screen Execute Save Cancel Current View File from DB_SERVERSPYSWAUDIT 4DATAS Running Queries 2 To customize your query select the Use Advanced Expression Builder checkbox The expression area becomes active af Current iew File from DB_SER ER P SWAUDIT DATA x Pervasive AuditMaster Query Builder Who Did Whet From Where When How Advanced Script Files Use the Advanced Expression Builder for complex expressions V Use Advanced
25. default is C lt installation directory gt Audit D ata This method is especially useful if the viewer isnot responding because of a system problem such as disk full The Status Log Viewer window displays several types of messages Normally these are all status messages to provide information on current system operation a AuditMaster Status Log Yiewer db_server pyswaudit DATA AMStatus log 5 xj File Edit i 17 23 52 btmon c 2003 09 04 17 23 54 ammon c Status 2003 09 04 17 23 55 amconfig c Status 2003 09 04 17 23 55 amconfig c j Status 2003 09 04 17 23 56 amconfig c Status 2003 09 04 17 23 56 amconfig c Status 2003 09 04 17 23 56 amconfig c Status 2003 09 04 17 23 56 amconfig c Status 2003 09 04 17 23 56 amconfig c 10 Status 2003 09 04 17 23 56 amcontig c Status 2003 09 04 17 23 56 amcontig c Status 2003 09 04 17 23 56 amcontfig c Time Source File Source Line Caller Module Level Message a 712 TNBTMON 0 TNBTMON Pervasve AuditMaster is 1063 AMMON 0 Starting Pervasive AuditMaster R ser 1138 AMMON 0 Registering files 1309 AMMON 0 Number of Tables Registered 0 1092 AMMON 0 Pervasive AuditMaster R v6 0 13 C 1093 AMMON 0 Config files path 1094 AMMON 0 Log files path 1095 AMMON 0 View file path 1096 AMMON 0 Arch file path 1097 AMMON 0 Compress file path 1099 AMMON 0 Map threshold 1 minutes 0 1101 AMMON Archive threshold 78643200 re a
26. gt D emodata For the virtual database to link to audit records you must indicate which audit configuration in AuditM aster will be used To check its name do the following a Open AuditM aster Viewer and login as an AuditM aster administrator b Select Admin Audit Configuration and in the window that appears find the product name in the list of configurations on the left The product name is the name you entered when you imported the schema into AuditM aster In this example the product name is Pervasive PSQL Demo which was already imported when AuditM aster was installed In Windows Explorer create a new folder at the same level as the existing Demodata folder B 9 Advanced Operations B 10 In this example we name the folder DemodataV adding the V for virtual but you can choose your own name The script to populate the virtual database will be saved here as well as the database itself Now use qdmg to generate the script based on the following Audited database DDF path name default installation location C lt installation directory gt D emodata No password since Demodata database security is disabled Audit configuration product name Pervasive PSQL Demo Path and filename for output of the generated script Thecommand looks like this qdmg d C lt installation directory gt Demodata p Pervasive PSQL Demo o C lt installation directory gt DemodataV script Open
27. help you troubleshoot network problems Note For AuditM aster use PSA only to troubleshoot network problems PSA is capable of other functions pertaining only to the Pervasive PSQL database engines The additional functions in PSA such as archiving do not apply to AuditM aster How to Start gt To start PSA PSA 1 Access Pervasive System Analyzer from the operating system Start menu or Apps screen Note To troubleshoot your network communications for AuditM aster select Test Active Installation on the System Analyzer Options dialog in PSA Documentation Theuseof PSA is detailed in the Pervasive PSQ L User s Guide Please for PSA see that guide for complete information regarding PSA A 7 Basic Troubleshooting Database Engine A 8 The Pervasive PSQL database engine must be running to perform replication gt To verify Pervasive PSQL Server engine is running 1 Open the Services management console at the operating system Refer to the operating system documentation for services 2 Type P or scroll thelist of services until you reach thefollowing services Pervasive SQL transactional e Pervasive SQL relational Both of these services must be started for the Pervasive PSQL database engine to function correctly The Status column displays whether or not the service is currently running The Startup column indicates whether the service is set to automatically start on system startup o
28. in the folder Demodata For this tutorial the schema for these tables has already been imported into AuditM aster so that you can experiment with audit records for the demonstration database M anaging Schemas shows how to create a new audit configuration that uses your own application and its schema gt To use an audit configuration with a schema 1 Open AuditM aster Viewer from the operating system Start menu or Start screen The Pervasive AuditM aster window appears showing the server available i7 Pervasive AuditMaster lol x File Edit Tools Yiew Server Admin Help OD TAZ A MDB _SERVERSPYSWAUDIT SADATA Active Server None 4 6 9 Working with Audit Configurations 2 Right click the server to select Login You may also double click The AuditM aster Login dialog box appears af AuditMaster Login User Name Password C eea 3 Enter the default user name admin and the password MASTER Note The built in user ID admin has the default password MASTER Passwords are case sensitive user names are not 4 Click OK 5 Select Admin Audit Configuration The Audit Configuration window opens y Audit Configuration Configuration m Product Information Product Name Version Pervasive SOL Demo Product Description Pervasive SOL Demonstration Data Configured Components Date Configured Pervasive SQL Generic Monitored Files
29. lets you print reports from the audit record grid 14 Run aquery and then select a range of columns and rows displayed in the audit record grid 2 Select File Report The Report Builder window appears Figure 7 7 Report Builder after Runninga Query and Selecting Audit Records x Report Title Open Report File Columns to Print o Rows to Print Available Columns Selected Columns AllRows OS Version Record No A Range From 1 To fs View File Dependent Record User Name Date Time Network Address r Report Format Table Border None X Database Name Table Name Operation Operation Context Database Engine Database Version Product Product Version Group Name Component Component Version Process Name Select All Print Report Title On Ever ge C Gh the First Page Only IV Print Page Numbers In the Footer Inthe Header IV Print Date and Time Close 3 Ifyou wantto load and customize a saved report click the O pen Report File button and select the settings file for an existing report Thereport is loaded 4 In the Report Title field enter a name for this report This name will appear at the top of your printout 5 From the Available Columns list select the columns to include in this report You may select up to 30 columns If you already selected a range of columns and rows these are listed under Selected Columns You may double click other column names t
30. of the main window Active Server DB_SERVERSPVSWAUDIT DATAS Active View File AMVIEW Z The status bar displays two messages during AuditM aster Viewer operation The active server to which the viewer is currently a client typically the following string Active Server server_name PV SWAU DIT DATA The active view file typically the following string Active View File AM VIEW Working with Audit E Configurations chapter How to Audit Data Therunning of AuditM aster depends on audit configurations An audit configuration combines three types of information a A Pervasive PSQL database server a A list of files to monitor A schema imported from a Pervasive PSQL database optional Schemas are not required to use AuditM aster but they make audit records human readable and enable more precise alerts Files monitored under an audit configuration may be arranged into groups For example if you have a different group of files for each customer in your application you can give each customer s data files their own AuditM aster group Groups are for organizing your thinking about auditing and have no affect on the operation of the AuditM aster system All groups under a single audit configuration must use the same schema Also only one schema can be used in each audit configuration So if you want to monitor a database using a different schema you will create a separate audit configur
31. r Filter Options Message Type Debug Messages C Error Messages Status Messages Module Name Source File Lines from To K Date dd mm pyyy Clear Fields Close Message Content J Match exact text J7 Match case Select and Apply Filter 8 16 Reviewing System Activity in the Status Log If needed set filter options to display only the status records you want The Clear Fields button allows you to start over on most fields The filtering options are given in the following list To filter the log by the type of message select the type of message from the M essage Type list You may choose to view debug and error messages which can be helpful in troubleshooting any unexpected behavior in AuditM aster To filter by the M odule N ame enter thenameof the module To filter by the source file enter the name of the source file You can look at specific lines of the source file by entering the line numbers in the fields provided To filter by specific dates select dates from the Earliest and Latest lists To filter by searching for message content enter atext string and select checkboxes for matching exact text or case For example the text string archiv will display only status records related to AuditM aster archived files Selecting for exact text requires that the M essage Content field contain the entire text string for the search If you are searching for part
32. sample values have been filled in if Configure Groups x Available Groups Addresses bursar btu edu housing btu edu Group r Email Address Add Edit Delete Edit Delete Close In this window you can manage email groups and addresses as described in thefollowingtable When you arefinished click OK to return to the Configure EmailAlert window Email Task Steps Add New Group Click Add New Group enter a name for the new group and click OK Edit Group Name Select a group name click Edit Group Name enter a new name for this group and click OK Delete Group Select a group name click Delete Group and click Yes to confirm The group is deleted only for this alert and remains in the system for use in other alerts Add New E mail With a group selected click Add New E mail Address Address enter the email address and click OK Edit E mail With a group selected select an address from the list of email addresses for that group then click Edit E mail enter a new email address and click OK Remove E mail Address With a group selected select an email address click Remove E mail Address and click Yes to confirm 7 31 Querying Audit Records The following sample email alert was tripped by an insert in the Demodata database If AuditM aster monitors a database without a schema the application record data in the alert does not dis
33. the following In the audit configurations expand the one that contains the group and file you want to change then click the Select Files button to display the Selection of Files to Be Monitored window and return to step 10 6 7 Working with Audit Configurations 14 15 16 When you are finished with entries in the Audit Configuration window click Close The window closes and the system prompts you to restart the AuditM aster event handler Pervasive AuditMaster x Gi Changes will take effect only after restarting Pervasive AuditMaster Exit this application and all other Pervasive SQL clients before restarting If needed ask an administrator for assistance Click OK Follow the steps given under Restarting the AuditM aster Event Handler After the restart the new AuditM aster configuration becomes active and auditing begins Configuring Data M onitoring with a Schema Configuring Data Monitoring with a Schema The tutorial in this section shows how to set an audit configuration for the following m A Pervasive PSQL database server A demonstration database Demonstration database schema data dictionary files DDFs Schemas are not required to use AuditM aster but they make audit records human readable and enable more precise alerts Only AuditM aster administrative users can set audit configurations Your Pervasive PSQL installation includes a database for demonstration purposes stored
34. topics Query Data Model Generator Utility a Creating a Virtual Database a TheStructureof an Audit Record a RunningaQuery on the Current View File a RunningaQuery on an Archived File Summary of Direct Query Methods B 7 Advanced Operations Query Data Model Generator Utility Query Data M odel Generator utility for Pervasive AuditM aster Description Generates a script consisting of a set of SQL statements to run against an empty database The script populates this virtual database with views that link to audit records stored in the AuditM aster log file Once the views are created you can then run queries against them to return results from audit records within AuditM aster Syntax qdmg a DDF_path m password p name o file 1 logfile a folder Options Option Description a Data directory on remote server where AuditMaster amserver file resides Optional if amserver resides on the same machine as the client d Path name of database schema ddf files to import m Master password if database is secure p Name of application in the Product Name field in Audit Configuration window With spaces use quotation marks O Path and file name of output sql file for generated SQL If no path name is given the file is written to the current directory l The default is amlog h Help Thelog file contains records for the current view filein AuditM aster Viewer You can a
35. want to right click theArchived Files branch of the data tree and select Refresh All to update the display For each AuditM aster server queries are stored in the data tree under Saved Queries and Last Query Executed This section covers the following topics a Tosaveaquery To usea saved query To usethe last query executed gt To save a query 14 After creating a query in the Query Builder window click the Save button The Saved Queries dialog box asks you to name the query a Saved Queries for lt ADMIN gt x Existing Queries New Query Name 2 Enter a name for the query and click Save The query is added to the list of existing queries and will now appear in the data tree 7 21 Querying Audit Records 3 Click Close gt To use a saved query 1 Inthedata tree right click a query under Saved Queries A pop up menu offers you several choices 2 Select one of the options listed in the following table Table 7 4 Saved Query Commands Command Query Current View File Run the query against the current view file Query Multiple View Files Display the Files tab in the Query Builder to select the files against which to run the query Rename Change the name of the query Delete Remove the query permanently from the list If you run a query any result appears in the audit record grid You may simply double click a saved query to run it against the current v
36. 2 0 ee B 23 Setting Delta Alert Email Recipients ooa ee B 24 Delta Alert Example 0 ee B 25 vi Figures 1 1 AuditM aster monitors the database not its front end applications 1 2 4 1 Server Configuration Shortcut M enu aaa aa 4 12 5 1 AuditM aster Viewer main wW INdOW 0 0 es 5 3 5 2 M enu and Toolbar aaa aaa 5 4 5 3 Data TrEE vast da s Toa enced mae E E R E AAAA OA E SE LA 5 7 5 4 Audit R cord Gridi s oare e a e ae ew Pee wea ws Bae BS 5 7 5 5 Audit Record Detail eiea Ace eh ee ao aii Read ai 5 8 7 1 Query Builder e g ne SR GOW Oe PEGA Ed bd Pe Ee ES 7 3 7 2 SampleAuditRecordGrid 0 7 4 7 3 Query Builder Window 1 ee 7 13 7 4 Fils Taba gan tote aca hoe Ea be oo Bete ole a Mav a 4 7 21 7 5 StructureofanEmailAlert 0 ee 7 33 7 6 Edit Alert Window aoaaa aaa ees 7 36 7 7 Report Builder after Running a Query and Selecting Audit Records 7 38 B 1 Structure of a Deta Alert Email Message oaaao B 29 vii Tables viii AuditM aster Components 1 0 2 00 eee 1 4 Pervasive AuditM aster Utilities ee ee 2 2 Summary of AuditM aster Configurations under Pervasive PSQL Security Policies 4 5 Menucommands a e oa a a a e a Oa ea a a 5 4 Visible Column Namesin the Audit Data Grid aaa aa aaa 7 6 Right Click Commands for Archived FilesintheDataTree 0 7 8 Options for Restricting a Query 2 7 14 Saved Query Commands 0 7 23 User and Database N
37. 5 lt p cc daaa na n E rE fate rete Moret oe Saget aE Operations to Audit Globally aa 0 2 00 0 00000000004 A Basic Troubleshooting a aaoo How to Identify and Solve Common Problems General Tips Troubleshooting Strategies o oaoa es Restarting the Status Log aoaaa ee Handling Errors Relating to Paths naaa aaa es No Records Returned by Query Despite Changes to Application Data Network Communications aa a OW LO Stat P SA nes a ecto a a a dearth Soo Red a Documentation for PSA aaa aaa a Database Engine oa aaa aie ea eg ed Aarel ai wa Mla Rah ee ek Howto GetAdditionalHelp 0 Technical Support aaa B Advanced Operations aaao eee ee ees Features for Power Users and Programmers Contents 7 36 7 37 7 38 7 40 7 42 7 43 7 44 7 45 8 1 Contents Sport date eh eats oa RAY rae es Ba ed eed ase ares B 4 FOMOVE ss Bee 2a plete ae A See ee Re aoa ara E EON We B 5 Stes ves daa ania ee AR A od at larly te a ane Dine ig inet d B 6 Querying Audit Data Directly through SQL 2 ee ee ee B 7 Query Data M odel Generator Utility 2 ee B 8 Creating a Virtual Database aoaaa ee B 9 The Structure of an Audit Record aoaaa B 12 Running a Query on the Current View File 0 2 0 eee eee B 15 Running a Query on an Archived File aaau aaa B 17 Summary of DirectQueryMethods 2 eee B 20 Usingthe Deta Alert Utility a B 22 Parameters for the amda Utility
38. 6 Q Queries building advanced 7 16 displaying all audit records query for everything 7 14 restricting 7 14 restricting at the column level in Advanced tab 7 18 Query Builder description 7 13 window 7 13 R Readmefile 2 6 Release notes 2 6 Reports printing 7 38 Resources additional iv xii RunProgram action setting 7 34 S Saved query running 7 22 Schemas configuring without 6 2 importing 6 18 Search tool using 7 40 Security policy effect on names in audit record grid 7 44 Server description editing 8 5 Server keys maintaining 8 22 Server Settings Automated Archiving section 8 23 Servers adding 8 2 and the amserver file 8 2 defined 5 2 removing 8 5 renaming See Server description editing 8 5 Shortcut menus using 4 12 Sort tool using 7 42 SQL querying audit records directly B 7 SQL logins as audited operations 7 6 Status code 94 after changing database security policy 4 10 Status codes Pervasive PSQL auditing 7 6 Status log records filtering 8 16 sorting 8 16 viewing 8 16 T Tab delimited file creating from audit data 7 43 Testing network connectivity A 7 Tips application data A 2 Pervasive PSQL A 2 Toolbar usingiconsfrom 5 4 Troubleshooting network connectivity A 7 strategies A 3 U Undo 7 45 Uninstalling AuditM aster 3 11 User maintenance 8 18 User names effect of security policy on 7 44 User defined 4 3 Users adding or removing 8 18 changing user type 8 18 Utilities Aud
39. A are EEE Depend R AE 7 13 Displaying All Audit Records oaoa 7 14 RestrictingaQuery 7 14 Building an Advanced Query 0 7 16 UsingtheFilesTab 1 ee ee 7 21 Running a Saved Query or Last Query Executed 0 00004 7 22 WorkingwithAlerts 0 es 7 24 Addinga New Aleti cinin ea Sod a ea cist wad Been ee PO 7 25 Seting an Action for an Alert oaa aaa ees 7 28 Editing an Existing Alert 0 0 cee ee es StOPPING aN Al Gites cea ake aes wre ee we DS Bek a E ae ea a Printing REPOS lt lt scene 28a Back od a ag apie ght ot ag gy ee De hth Reale ey BAD SearchingAuditRecords aoaaa es Sorting AUditiRecOrds ss0 lt 208 sor bein getdate oe eia head ol Exporting Audit Records to Other Applications 000 ee eee Displaying Audit Records under Pervasive PSQL Security Using AuditM aster Undo 0 ee 8 Administering AuditMaster 0 2200 e eee eee A Walk through of Administrative T asks Adding and Removing Servers aoaaa aa ees Adding a Seve s a a bevel eee ee E ee ees Editing the Server Description 6 es RemovingaServer 2 es Removing the Network Share 1 1 eee Reviewing System ActivityintheStatusLog 0 cee eee eee Maintaining Users 2 0 ee SettingtheAudit Filter aoaaa Maintaining Server Settings aoaaa ees Automated Archiving 0 ee ee Archives to Keep Archive Disk Limits sa 244 e a n a ea ee e ea da Errors to AUGIE 2 30
40. Expression Builder Operation Value Delete Insert gt f lt Select Type gt i Alert Only No C Yes Output type Screer Execute Save Cancel Current View File from DB_SERVERSPVSWAUDIT DATAS 3 IntheTypecolumn double click Select Type to activate a drop down list for the following query attri butes Select Type Attribute Description Open parenthesis to build expression block Data Field Same as field attribute from Tables under Did What tab except that you can restrict the query at the column level not just at the table level Date Same as Date Range attribute under When tab Group Same as Groups attribute under Did What tab Database Name Pervasive PSQL database where event occurred Table Same as Table attribute under Did What tab Operation Same as Operations attribute under Did What tab 7 17 Querying Audit Records Select Type Attribute Description How Same as Process attribute under How tab Rec ID Record number in audit data grid Time Same as Time Range attribute under When tab Where Same as Network Address attribute under From Where tab Who Same as User attribute under Who tab and Used to build expression or Used to build expression Close parenthesis to build expression block Note All text values entered for Select Type are case sensitive For example using defaultdb as the database nam
41. Inthe Configure Programs window you can select programs to run on the Pervasive PSQL server as alerts as described in the 7 34 following table To Steps Select a program to run 1 Click one of the available programs and click the Select button The program is moved to the Selected Programs list When the condition for this alert is met this program will be executed on the server Addanewprogramto 1 Click the Add button the list of Available Wig ob Programs 2 The Select an Executable File window appears pointing to the C directory on the server Select a program or browse and find another When you have selected the program click OK Remove a program from the list of Available Programs Select the program name Click Remove Click Yes to confirm Set parameters for a program in the Selected Programs list Use this option only if you are very familiar with program parameters 4 When you are finished selecting and configuring a program to Select the program name Click Set Parameters Click the buttons to Add Remove or Change parameters for the program to be run Enter any new or changed parameter in the field provided and click OK run asan alert click OK to return to the Action for Alert window 5 Click Close to exit from the Alerts window Working with Alerts Editing an You can edit thename and description of an alert However you
42. K SQL Editor displays the SQL statements in script sql 14 Select SQL Execute All SQL Statements B 11 Advanced Operations The Structure of an Audit Record B 12 The statements in script sql populate DemodataV with views to audit records The virtual database DemodataV now supports queries on audit record columns as well as on data columns from Demodata You may now do any of the following Find out what you can query See The Structure of an Audit Record Query current audit records See Running a Query on the Current View File Query archived audit records See Running a Query on an Archived File a Create a delta alert See Using the Delta Alert Utility Thecolumns of an audit record are described in this section Its structure is representative of the result returned by a query such as SELECT FROM vstudent The following facts should be noted in the example a Audit columnsin the result have the prefix AM and contain audit data a After the AM audit data columns the rest of therow consists of data fields from the audited table and contain values captured from that table at the time of the audit event Manyaudit columns match query attributes seen in AuditM aster Viewer and in the Query Builder window tabs m All column names are queryable but some contain internally used codes that are not particularly relevant to human auditing Once you have reviewed the audit record str
43. Limit A AMMON SETTINGS MaxStatusLogSize 10000000 AUTOMATED ARCHIVING MSG API Detection List btrv sql StatusLogFile DBSERVERSPYSWAUDIT amstatus log ERRORS TO AUDIT OPERATIONS TO AUDIT TNBTMON PATHS Pe 3 Caution Use of this setting may lead to unintentional loss of archived audit records Be sure to consider the possible situations when it may be undesirable to delete archived files automatically 8 25 Administering AuditM aster Errors to Audit TheErrorsto Audit section sets the Pervasive PSQL status codes to log as audit events Server Settings Section r Btrieve Error Codes to Audit AMMON PATHS AMMON SETTINGS AUTOMATED ARCHIVING O 3 The file is not open COMMON SETTINGS OPERATIONS TO AUDIT 1 The operation parameter is invalid 2 The application encountered an 1 0 error M O 4 The application cannot find the key value 7 The key number has changed 8 The current positioning is invalid 3 The operation encountered the end of file 10 The key field is not modifiable 11 The specified filename is invalid 12 The MicroKerel cannot find the specified file IO JO O 5 The record has a key field containing a duplicate key value TNBTMON PATHS O 6 The key number parameter is invalid 13 The MicroKermel could not open the extension file for an extended file x Check Al Clear All After AuditM aster installation the default sett
44. M aster Pervasive AuditM aster Components Where to Go Next 1 1 Introducing Pervasive AuditM aster What Is Pervasive AuditMaster 1 2 AuditM aster isatransaction intelligenceand monitoring product for organizations that need to track access to and change in their mission critical data AuditM aster provides a detailed audit trail For every transaction affecting your database you can quickly identify the following things m Who accessed a record or performed a change m What change has taken place m When the access or change occurred m Where the access or change originated How the change was made AuditM aster monitors databases not client applications It logs access to the databaseas well as changes madeto data including the reading of records even if no change is made Figure 1 1 AuditM aster monitors the database not its front end applications fa ay Application Application Application Applicati itLog Audit Data Data Metadata AuditM aster creates a comprehensive audit trail Every time a record changes AuditM aster logs it both before and after the change making it possible to recover from posting or data entry errors because the log shows precisely who made what change when Features of Pervasive AuditM aster Features of Pervasive AuditMaster To providea secure audit trail AuditM aster includes the following features A comprehensive logging system Captures
45. M aster installation If your business prohibits stopping the database during certain hours install AuditM aster at an acceptable time a If you areinstalling an AuditM aster Viewer client to access a Pervasive PSQL system in which security is enabled and security policy is set to either M ixed or Database see Running AuditM aster under Pervasive PSQL Security Prepare to set up AuditM aster in a Pervasive Security environment by first familiarizing yourself with the security chapter in Pervasive PSQL Advanced Operations Guide Note that for successful 3 2 Before You Begin installation when database security is enabled the Prompt for Client Credentials setting must be selected in Pervasive PSQL Control Center PCC in the Properties Access window for the Pervasive PSQL engine If the installation fails before the program copies any files to the target installation directory refer to the installation log file manifest txt in the AuditM aster installation directory Installation On Microsoft Windows systems be aware of the following Notes for conditions before installing Pervasive AuditM aster Windows Only When installed on a Pervasive PSQL server the standard AuditM aster installation creates a hidden administrative share When AuditM aster Viewer is installed as a remote client access to that share is required Before installing in either case we recommend registering the share with any firewall system you may berunning
46. Pervasive AuditM aster User s Guide Guide to Using AuditMaster Pervasive Software Inc 12365 Riata T race Parkway Building B Austin TX 78727 USA Telephone 512 231 6000 or 800 287 4383 Fax 512 231 6010 Email info pervasive com Web http www pervasive com PEIVASIVE disclaimer trademarks PERVASIVE SOFTWARE INC LICENSES THE SOFTWARE AND DOCUMENTATION PRODUCT TO YOU OR YOUR COMPANY SOLELY ON AN AS IS BASIS AND SOLELY IN ACCORDANCE WITH THE TERMSAND CONDITIONS OF THE ACCOM PANYING LICENSE AGREEM ENT PERVASIVE SOFTWARE INC MAKESNO OTHER WARRANTIESWHATSOEVER EITHER EXPRESSOR IMPLIED REGARDING THE SOFTWARE OR THE CONTENT OF THE DOCUMENTATION PERVASIVE SOFTWARE INC HEREBY EXPRESSLY STATESAND YOU ORYOUR COMPANY ACKNOWLEDGES THAT PERVASIVE SOFTWARE INC DOES NOT MAKE ANY WARRANTIES INCLUDING FOR EXAM PLE WITH RESPECT TO MERCHANTABILITY TITLE OR FITNESS FOR ANY PARTICULAR PURPOSE OR ARISING FROM COURSE OF DEALING OR USAGE OF TRADE AMONG OTHERS Btrieve Client Server in a Box Pervasive Pervasive Software Pervasive AuditM aster know who s doing what to your data when where and how and the Pervasive Software and the Pervasive AuditM aster logos are trademarks or registered trademarks of Pervasive Software Inc Built on Pervasive Software DataExchange M icroKernel Database Engine M icroKernel Database Architecture Pervasive SQL Solution Network Ultralight and ZDBA are trademarks of Pervasive Softwa
47. QL DefaultDB security for AuditMaster to run under Mixed or Database policy See To configure Pervasive PSQL DefaultDB security for AuditMaster to run under Mixed or Database policy When the Pervasive PSQL DefaultDB security is enabled and security policy is set to M ixed or Database the database engine must be configured in Pervasive PSQL Control Center PCC for AuditM aster to run To do so select Prompt for Client Credentials in the Properties Access window for the Pervasive PSQL engine gt To configure Pervasive PSQL DefaultDB security for AuditMaster to run under Mixed or Database policy 14 Start Pervasive PSQL Control Center from the operating system Start menu or Start screen 2 Use Pervasive PSQL Explorer to expand the Databases branch 3 Right click DefaultD B and select Properties The Properties window appears 4 Intheleft hand list select Security 5 I ntheright hand pane select Btrieve Security The window displays Security settings e g Database Running AuditM aster under Pervasive PSQL Security i Properties for DEFAULTDB oO x Directories Security General Relational Constraints Database Security Btrieve Security Classic OS authentication and authorization Mixed 05 authentication Database DB authentication and authorization DB authorization Note You cannot change Btrieve security with Database s Restore Defaults Apply me
48. RVER PVSWAUDIT data FOMMON SETTINGS Empty Path DB_SERVER PVSWAUDIT empty OPERATIONS TO AUDIT DB_SERVER PVSWAUDITS data TNBTMON PATHS SDB_SERVER PYSWAUDIT SDB_SERVER PVSWAUDIT data Cea Administering AuditM aster 5 For each of thesettingsin the Valuecolumn on theright double click the path name and change server PVSWAUDIT to drive Pervasive PSOL root directory Audit where server is the name of the machine on which Pervasive PSQL server and the AuditM aster event handler areinstalled and driveand PervasivePSQL root directory are respectively thelocal drive letter and path nameto the AuditM aster directory selected at installation time In this example the result would resemble the following af Server Settings x Archive Path AMMON SETTINGS Compress Path AUTOMATED ARCHIVING Config Path COMMON SETTINGS ERRORS TO AUDIT Empty Path OPERATIONS TO AUDIT Log Path TNBTMON PATHS Root Path View Path Removing the N work Share 6 Inthelist of sections on the left select Common Settings The dialog box displays the values on the right I Section Value AMMON PATHS 1 AMMON SETTINGS MaxStatusLogSize 10000000 MSG API Detection List btrv sql StatusLogFile WDBSERVERSPVSWAUDIT amstatus log AUTOMATED ARCHIVING ERRORS TO AUDIT OPERATIONS TO AUDIT TNBTMON PATHS 7 Double click the value for the AuditM aster status log file and change it to drive Perv
49. Record No v Date Time User Name Table Name Oper Z Current View File fe 11 01 12 04 13 03 54 db_user Student Insert Archived Files 16 01 12 04 13 04 02 db_user Student Delete Saved Queries Last Guay Executed E Active Monitors Active Local Monitors gt Field Value 992728725 Cumulative _ GPA 2 955 Tuition_ID 3 Transfer_Credits 0 Major Biology Minor Computer Science Scholarship_Amount 600 00 4 gt Cumulative Hours 15 Active Server DB_SERVER PYSWAUDITS DATAS Active View File AMVIE Using AuditM aster Viewer Title Bar This section explains the title bar of the main window a Pervasive AuditMaster Active Server Pervasive SQL Current Screen Pervasive SQI lol x Thetitle bar lists the name of the application the active server and the current screen In this example the system being monitored isa Pervasive PSQL database Menu and This section describes items in the main window menu and toolbar Toolbar shown in the following figure For details click an area of the image Figure 5 2 Menu and Toolbar File Edit Tools View Server Admin Help k T ai g i c E 2 Visible Columns x AM Server lt varies gt Data Source lt varies gt Table5 1 Menu commands Menu or Toolbar Command Description File Query Displays the Query Builder to search for records A query may be
50. SING lt installation directory gt Audit DATA amlog ALTER TABLE Faculty IN DICTIONARY USING 3p PQP p 3 B 19 Advanced Operations Summary of Direct Query Methods B 20 lt installation directory gt Audit ALTER TABLE Person IN DICTIONARY lt installation directory gt Audit TER TABLE Room IN DICTIONARY USI irectory gt Audit DATA amlog TER TABLE Student IN DICTIONARY lt installation directory gt Audit ALTER TABLE Tuition IN DICTIONARY lt installation directory gt Audit P QP DATA amlog USING DATA amlog NG lt installation USING DATA amlog USING DATA amlog Note Thescript alters thetablelocation p in the virtual database and also for all of tables found in the audited database Wh version of this script be sure you do not roperty for AM amlog its copies of the data en you write your own alter the table location property for the following virtual database tables AM Components AM O pList AM Products AM Tables 4 After the script runs you may want to select File Save As to keep it for reuse perhaps under a name such as currentview sal The delta query you ran under section Running a Query on the Current View File will now return a result for the current view instead of for the archived file This se
51. Setting the Audit Filter gt To delete a name from the Trusted List 1 SelecttheAdmin gt Audit Filter Trusted List command The Trusted List window appears 2 IntheUsers field select one or more names to delete You may use shift click and control click for your selection TheDelete button becomes active x Database activity for these users will not be logged Users User Name SYSTEM Delete Close 3 Click the Delete button Your selections are removed from the trusted list 4 Click Close 5 To activate the new trusted list you must restart the event handler See Restarting the AuditM aster Event Handler 8 21 Administering AuditM aster Maintaining Server Settings The Server Settings window displays AuditM aster system settings It isavailable using the Admin Server Settings command iy Server Settings J Section Key Value DB_SERVER PVSWAUDIT arch AMMON SETTINGS Compress Path DB_SERVER PVSWAUDIT comp AUTOMATED ARCHIVING Config Path DB_SERVER PVSWAUDIT data COMMON SETTINGS ERRORS TO AUDIT Empty Path DB_SERVER PVSWAUDIT empty OPERATIONS TO AUDIT Log Path DB_SERVER PVSWAUDITS data TNBTMON PATHS Root Path WDB_SERVER PVSWAUDIT View Path SDB_SERVER PVSWAUDIT data The window offers the following sections of system settings Ammon Paths Ammon Settings Automated Archiving Common Settings m Errorsto Audit Operations to Au
52. TE Tae AuditMaster 2 Click Next to continue The wizard asks you to specify the location of the amserver file Schema Maintenance Wizard for Pervasive AuditMaster Specify the location of the Audit Server Enter the full path to the amserver table in the AuditMaster data folder Server m 3 Accept the default path to thefile or enter a custom path and click Next You may also use the ellipsis button to browse to a folder or network location The wizard asks you to choose to import or remove a schema M anaging Schemas Schema Maintenance Wizard for Pervasive AuditMaster E Choose the task to perform What would you like to do 9 4 Select Remove Schema and click Next The wizard asks for the schema to remove Remove Data Definitions Wizard for Pervasive AuditMaster E Specify the AuditMaster Data Definitions Select a Product and Version whose definitions are to be removed Pvideo 1 0 5 Select the schema from the drop down list and click Next The wizard summarizes the schema removal 6 25 Working with Audit Configurations 6 26 Schema Maintenance Wizard for Pervasive AuditMaster Completing Schema Removal PERASIVE apf UTeeL AuditMaster Click Finish to remove the following schema definition Product Version Pyideo 1 0 Note Removing the schema definition will make it unavailable for viewing audited data 6 Cli
53. Top row down the Next row down and the Previous row down In the Position drop down list select a search position Select Anywhere or Beginning of cell as appropriate To match upper and lower case spellings select the Match Case checkbox To match theentiresearch string instead of just part of a cell select the Match Entire String checkbox If needed use the Grid Area to narrow your search Select Entire Grid to search all columns Select Current Column to search only the column selected which is indicated as a blue field in the yellow highlighted field that you have clicked If this column is not the one you want to set asthe current column to search close the Search window click the desired column and search again Select Specific Column and select a column name from the drop down list When you are ready click Find Next Found items if any appear highlighted in the audit record grid Otherwise the status bar at the bottom of the Search window displays the message The text was not found Sorting Audit Records Sorting Audit Records Audit records can be sorted on up to three visible data fields If needed reset Visible Columns to add columns for sorting gt To sort audit records 1 Select and display a current or archived view file Run aquery if needed In the audit record grid select a range of rows and columns Select Tools Sort The Sort window appears Ss r Sort By Ascendi
54. Using the Data Tree to Archive Audit Records Show AM Sets whether debug messages are displayed in query results during Debug certain integration development activities The default for this setting is Messages off and is left off under normal use Show AM Sets whether internal messages are displayed in query results during Monitor certain integration development activities The default for this setting is Messages off and is left off under normal use 5 5 Using AuditM aster Viewer Table5 1 Menu commands logins Configuration Menu or Toolbar Command Description Server Add Creates a connection from an AuditMaster Viewer client to an AuditMaster server Remove Removes an AuditMaster server connection The server continues to capture new audit records but the client cannot currently access them although it still can query and display records already in its current view and archived files Update Refreshes the current view file from the audit log so that queries display Current View the most up to date audit records File or p Archive Archives all audit records in the current view file including any captured Current View in the log file but not yet updated to the view File Archive and Archives and compresses all audit records in the current view file Compress including any captured in the log file but not yet updated to the view View File Change Changes the password for the u
55. VASIVE SQL BTRIEVE 7 25 Querying Audit Records 8 When you are finished click OK TheAction for Alert window appears iF Action for Alert New Students x Available Actions Selected Actions D Action Name lin Action Name 1 Emaildlert RunProgram Select gt lt Remove etone 9 Atthis point you may select and configure an alert action to set for this alert but for now simply click OK and continue with the tutorial steps TheAlerts window shows the alert that was just added Trigger ID Trigger Name New Students Inserts of new students in demodata Edit Script Action Delete Close 10 You can now choose from one of the following tasks Setting an Action for an Alert Editing an Existing Alert Stopping an Alert 7 26 Setting an Action for an Alert Working with Alerts Once you have added an alert you need to set an action to be performed each time AuditM aster finds a match for the alert condition You can set oneor both of two actions for each alert a Setting an EmailAlert Action a Setting a RunProgram Action Note From a viewer client on the server machine where AuditM aster is running you can set actions both to send email or run a program on the server however from a remote viewer client you are unable to set an action to run a program on the server and can set only email alerts gt To set an action for an ale
56. a od e ek Soha ad ee 5 2 VIEW RES 4c aad E Said ws Settee sak he ed ek aoe ciara Bae beh 5 2 AIS e od etapa eee ae Bee Souci ae Se se eons eee E 5 2 REDUS ota sed WA stride Wi Wek Bi tna Shieh eae ANE 5 2 AuditM aster Viewer GUI Visual Reference 0 000 eee eee 5 3 Title Bab esda S n a aE ates E sea Nee Cpa rn RAE sag 0 i Ge 5 4 M enu and Toolbar 1 ee 5 4 Data eer it Awe pete a E he aa ee a A EE A AES 5 7 Audit Record Grid 2 ee 5 7 Audit Record Detail aaa eee 5 7 Status Bar 2 4 iai E i ae athe aaae MM a a e S 5 8 6 Working with Audit Configurations a a oaaao aeaa 6 1 How to Audit Data Configuring Data M onitoring without Schemas aaa eae 6 2 Configuring Data M onitoring with a Schema saaa a 6 9 Operations to Audit by File a aaua aaa a 6 16 Managing Schemas e ssa kas o ee ea a ed a R eb a 6 18 Importing a Schema from Pervasive PSQL aaa aa 6 19 Removing a Schema from AuditM aster l aaa ee 6 23 Resolving Configuration Conflicts oaa a 6 27 7 Querying Audit RecordS aaa aaa 7 1 How to Work with Audit Records Displaying Audit Records a aaa a 7 2 Working with the Audit Record Grid aaa a 7 5 Audit Record COlUmMNS saai a a an a a a E E EE 7 6 Viewing Audit Record Details a a aaa a 7 7 Working with Archived Audit Records aoaaa es 7 8 Usingthe DataTreeto ArchiveAuditRecords 00 00s 7 9 Using Archive M anager 0 0 ee 7 11 RUAMING QUETI ES ea a a a e we E E Gab
57. aintenance The User Maintenance window appears M aintaining U sers a User Maintenance x r Create User User Name Password pooo Confirm Password m Delete User Admin db_user Delete User 2 Select auser in the Delete User list 3 Click Delete User 4 You are asked to confirm the deletion Click OK The user is removed from the list 8 19 Administering AuditM aster Setting the Audit Filter Thetrusted list restricts auditing by stopping capture of audit recordsof low value such as monitoring of system or batch processes that represent no direct access by human users Onceanameis listed as trusted the system ignores it globally and logs no activity for that name for any audit configuration gt To add a name to the trusted list 1 SelecttheAdmin Audit Filter Trusted List command The Trusted List window appears i Trusted List xj Database activity for these users will not be logged Users User Name 2 IntheUser Namefield enter atext string as it would appear in the User Name column of the audit record grid The string you enter isnot case sensitive i e SYSTEM System and system are the same The Add button becomes active 3 Click the Add button Thename you entered moves to the Users list 4 Click Close 5 To activate the new trusted list you must restart the event handler See Restarting the AuditM aster Event H andler 8 20
58. al database tables AM Components AM O pList AM Products AM Tables 7 After thescript runs you may want to select File Save SQL Query Asto keep it for reuse perhaps under aname such as 20050602 00V sa The delta query you ran under section Running a Query on the Current View File should now return the same result as when you ran it against the current view sincethose audit records have been moved into the archived file to which the virtual database now points gt To reset the virtual database for a current view query These steps let you run direct queries on the current view file again 1 InPervasivePSQL Control Center select File SQL Document 2 When asked to select a database click DemodatavV 3 Inthenew SQL document run all of the following SQL statements You may copy and pastethem in SQL Editor This script resets the virtual database to the current view file For AuditMaster 6 0 or 6 1 use amview instead of amlog ALTER TABLE AMSamlog IN DICTIONARY USING lt installation directory gt Audit DATA amlog TER TABLE Billing IN DICTIONARY USING lt installation directory gt Audit DATA amlog TER TABLE Class IN DICTIONARY USING lt installation irectory gt Audit DATA amlog TER TABLE Course IN DICTIONARY USING lt installation directory gt Audit DATA amlog TER TABLE Department IN DICTIONARY USING lt installation directory gt Audit DATA amlog TER TABLE Enrolls IN DICTIONARY U
59. al syntax for adelta query is as follows SE Ect field field2 F W RO VieW after V EW before HE RE after AM rec_id before AM dep rec_id AND after amsfield3 lt gt before amsfield3 This type of query will display audit records for every instance of an update to field 3 For alarge set of audit records however such a query may return too large a result In this example wewill limit the delta query to a specific student ID 1 Return to SQL Editor for the DemodataV database used in the last example Run the following delta query against the Before and After fields in the audit records for the ID of the student whose GPA you changed You may copy this statement and paste it into SQL Editor SELECT after AM rec_id after AMSopdate after AMSoptime after AMS net_user_id before Cumulative GPA AS GPA Before after Cumulative GPA AS GPA After FROM VStudent after VStudent before WHERE after ID 190907350 AND after AM rec_ id before AMS dep rec _id AND after Cumulative GPA lt gt before Cumulative_ GPA The query should return a result like the following AMSoptime AMSnet_user_id GPA Before GPA After 6 23 49 PM db user 4 000 3 000 Note Onceyou reableto run a delta query against a virtual database you can configure a delta alert The AuditM aster delta alert feature can use changesin selected columns of an audit record as the alert condition
60. ames Audited under DefaultDB DatabaseSecurity 7 44 Results of Undo Command 1 0 ee ees 7 45 Default Errors to Audit after AuditM aster Installation 05 8 26 UNC Path Settings for Remote AuditM aster Viewer Clients A 5 Pervasive Software Resources ees A 9 Audit Record Columnsin a Virtual Database versus AuditM aster Viewer B 13 About This M anual This manual introduces you to Pervasive AuditM aster a security application for Pervasive PSQL Server The book first leads you through preparation for installation or upgrade and installation and configuration steps The guide then explains how to work with the application Topics include end user and administrator tasks in Pervasive PSQL database environments both with and without Pervasive PSQL security enabled Who Should Read This Manual Thismanual providesinformation for both administrators and users who install and run the Pervasive AuditM aster system It also includes a chapter on advanced operations for power users and developers of systems that use the audit data generated by AuditM aster Manual Organization This manual is divided into the following parts Chapter 1 Introducing Pervasive AuditM aster provides background information on Pervasive AuditM aster and an overview of its data monitoring capabilities Chapter 2 Preparing to Install Pervasive AuditM aster helps you prepare to install or upgrade your
61. and click the Select button TheEmailAlert action moves to the Selected Actions column Action for Alert New Students x Available Actions Selected Actions Action Name lin Action Name 2 RunProgram Email amp lert 2 With the EmailAlert item selected click the Configure button The Configure EmailAlert window appears a Configure EmailAlert x Available Groups Selected Groups Configure Groups Set Mail Server Set Domain 7 29 Querying Audit Records 7 30 If an email group to which you want to send alerts exists in the list simply select it click the right arrow gt to move it to Selected Groups You may also double click the group name When the alert condition is met addresses in this group will receive email To set the SM TP server used to send out going mail click Set Global SMTP Server x Enter SMTP Server Cancel m Add the server name for the SM TP server and click OK For example if your out going mail server is named smtp server companyname com then enter smtp server in thisfield To set theglobal domain used by your company click Set Global Domain x Enter Domain Cancel Add the domain name such as pervasive com and click OK Continuing with the example from the last step here you would enter companyname com Working with Alerts To configurea group click Configure Groups TheConfigureGroups window appears For thisdemonstration
62. appears in the Files to Be M onitored list m Files to Be Monitored Operations to Audit Remove All You can also click Select All to select every file in the current list If you decide not to monitor a file select it and click Remove to delete it from the group Remove All deletes all files from the group Configuring Data M onitoring without Schemas Note The Operations to Audit button enables you to override the global auditing settings applied to each selected file by default See details under Operations to Audit by File 12 When you are finished click Close In the Audit Configuration window the Configured Components area identifies the new configuration for the product definition Expanding the newly added group in the Monitored Files area lists the file that was added to the group Audit Configuration x Configuration m Product Information Pervasive SQL Generic Fiets Name Version lt default version A DB_SERVEF Pervasive SOL Generic default version gt Product Description Generic Product for Pervasive SQL Tables Configured Components i Date Configured Cache siMs lt default version gt 25 Feb 04 Pervasive SQL Demo Monitored Files oe AuditM aster is now set to monitor the Pervasive PSQL file The file and its group are associated only with this particular audit configuration 13 If you wish to change the audit configuration do
63. application Chapter 3 Installing Pervasive AuditM aster provides the steps for first time installation or upgrade of an existing installation Chapter 4 AuditM aster Basics describes routinetasks you need to know how to do before using the application Chapter 5 Using AuditM aster Viewer explains the user interface Chapter 6 Working with Audit Configurations shows how to set up data monitoring Chapter 7 Querying Audit Records offers anumber of features for viewing and working with audit records Chapter 8 Administering AuditM aster explains how to manage the auditing system Chapter A Basic Troubleshooting provides information for handling obstacles that may arise Chapter B Advanced O perations is for developers of applications that work with AuditM aster or that need direct access to audit records xi For More The following table lists resources for Pervasive AuditM aster and Information related software products Product Information Resources Pervasive AuditMaster http Awww pervasive com e Pervasive AuditMaster User s Guide e Pervasive AuditMaster online help Pervasive PSQL http www pervasive com Getting Started with Pervasive PSQL Pervasive PSQL User s Guide Pervasive PSQL SQL Language Reference e Pervasive PSQL online help xii Conventions Unless otherwise noted command syntax code and examples use the following conventions CASE Commands a
64. asive PSQ L server reside You may also manually install the viewer by itself on other machinesin your network which it will connect to the AuditM aster server as a remote client gt To perform a client only installation 1 Check for a Pervasive PSQL client on the machine where you wish to install the AuditM aster Viewer client 2 Logon to the machine as a Windows administrator 3 To access the client setup program do one of the following If using CD ROM Do In the client machine insert the AuditMaster CD ROM If the Pervasive AuditMaster installation automatically starts exit from the program then open the file drive Client setup exe where drive is the drive letter of your CD ROM Files copied from an AuditMaster server Downloaded files Copy the client installation folder e g default location C lt installation directory gt Audit Client from the server to the client machine and open the file Client setup exe Copy the client installation folder from the download directory to the client machine and open the file Client setup exe The Welcome dialog box appears Read the Welcome text and click Next The Software License Agreement dialog box appears 5 Read the license agreement To accept the agreement click Yes No license key is required for client only installation The Choose Destination Location dialog box appears 6 If needed change the default installation
65. asive PSQL root directory Audit amstatus log The result might resemble the following I Section Key Value AMMON PATHS Archive Disk Limit A AMMON SETTINGS MaxStatusLogSize 10000000 AUTOMATED ARCHIVING MSG AFI Detection List btrv sql StatusLogFile ERRORS TO AUDIT OPERATIONS TO AUDIT TNBTMON PATHS Administering AuditM aster 8 In thelist of sections on the left select TNBTMON Paths The dialog box displays the values on the right iF Server Settings x D Seion Value AMMON PATHS ADB_SERVER PVSWAUDITS data AMMON SETTINGS MDB_SERVERSPYSWAUDIT datas AUTOMATED ARCHIVING COMMON SETTINGS ERRORS TO AUDIT OPERATIONS TO AUDIT 9 Doubleclick the value for each path name and change server PV SWAudit to drive Pervasive PSOL root directory Audit The result might resemble the following iF Server Settings x Config Path Debug Log Path OPERATIONS TO AUDIT 3 10 Removing the N work Share 10 After you have finished changing the values click OK Thesystem displays a prompt to restart the event handler 11 Click OK Do not restart the event handler yet You will do that later in this task If needed see Restarting the AuditM aster Event H andler 12 Select Server gt Add The Locate amserver on Your AuditM aster Server dialog box appears Locate amserver on your AuditMaster Server a2 x Look in a amserver on db_server x Dae Aj amserver History
66. aster configuration prompt you to restart the AuditM aster event handler before they take effect Under Windows viewer clients must not berunning during this operation or after the restart network and database access errors will occur Depending on your platform use one of the following methods To restart the event handler under Windows gt To restart the event handler under Windows 14 Exit from all open instances of AuditM aster Viewer 2 If Pervasive PSQL Control Center PCC isnot running start it from the operating system Start menu or Start screen 3 In Pervasive PSQL Explorer right click the Services node and select Restart All Services 4 Once services have restarted you may reopen AuditM aster Viewer and continue data monitoring tasks 4 11 AuditM aster Basics Using Shortcut Menus Shortcut menus are an easy way to perform common tasks gt To access a shortcut menu 14 Click an object in the viewer with your cursor The object is selected 2 On your mouse click the right most button A shortcut menu appears with a list of commands The commands vary depending on the context The following shortcut menu appears when you right click a server in the data tree Figure 4 1 Server Configuration Shortcut M enu Logout View Monitor Status Log Shortcut menu options Appear after right clicking a server Configuration Information gt Edit Server Description E3 Cu T Archived Fi
67. ate and Time the system still uses a 2 GB size threshold If the date and time you select has not occurred and the log file size reaches 2 GB the system will automatically archive then when the date and time arrive it will archive again 8 23 Administering AuditM aster Archives to TheAmmon Settings section offers one settable value Archives to Keep Keep By default the value is 1 which means that the system does not monitor the number of archived files If the value is greater than zero then the system retains only that number of the most recent files and deletes the older ones a Server Settings x Debugv erbosityLimit Mapper Threshold AUTOMATED ARCHIVING COMMON SETTINGS ERRORS TO AUDIT OPERATIONS TO AUDIT TNBTMON PATHS s4 Caution Use of this setting may lead to unintentional loss of archived audit records Be sure to consider the possible situations when it may be undesirable to delete archived files automatically 8 24 Maintaining Server Settings Archive Disk TheCommon Settings section offers onesettable value ArchiveD isk Limit Limit By default the value is 1 which means that the system does not monitor the total size of all archived files If the value is greater than zero bytes then thesystem retains only the most recent files for which the total size is less than or equal to this number of bytes and deletes the older files J Section Key Value AMMON PATHS Archive Disk
68. ation ectory gt Audit Arch 20050602 00V FR TABLE Course IN DICTIONARY USING installation ectory gt Audit Arch 20050602 00V ER TABLE Department IN DICTIONARY USING installation ectory gt Audit Arch 20050602 00V ER TABLE Enrolls IN DICTIONARY USING installation ectory gt Audit Arch 20050602 00V ER TABLE Faculty IN DICTIONARY USING installation ectory gt Audit Arch 20050602 00V FR TABLE Person IN DICTIONARY USING installation ectory gt Audit Arch 20050602 00V ER TABLE Room IN DICTIONARY USING lt installation ectory gt Audit Arch 20050602 00V ER TABLE Student IN DICTIONARY USING installation directory gt Audit Arch 20050602 00V TER TABLE Tuition IN DICTIONARY USING lt installation directory gt Audit Arch 20050602 00V a K PQ a KA a 3 d 3 d Para HO K E 5 a ae A E K PQ P ae A a a K PQ ae E a A Hi K PQ a gee Er A 4 a K PQ a we A H Hi K 3 3 3 PAPA K E i a E A D B 18 QueryingAudit Data Directly through SQL Note The script alters the tablelocation property for AM amlog in the virtual database and also for all of its copies of the data tables found in the audited database When you write your own version of this script be sure you do not alter the table location property for the following virtu
69. ation for monitored file Group Name Group for monitored file in audit configuration Component As listed in audit configuration for monitored file Component Version As listed in audit configuration for monitored file Process Name Process that was source of operation OS Version Name and version of operating system of machine where AuditMaster server is running View File Location of audit record either amview current view file or archived file name Viewing Audit To examinethe details of an audit record click therecord in theaudit Record Details grid to display it in the lower part of the viewer window If the audit record captures before and after changes to an application data record the detail view shows both versions of the data record asin the following Demodata example The Before column shows the original record and the After column shows the change which is highlighted in red Values Before Changes Values After Changes Field Name Before After 130907350 jel 2 000 Tuition_ID 7 Transfer Credits 0 0 Major Economics Economics Minor Computer Science Computer Science Scholarship Amount 0 00 1000 00 Cumulative _Hours 104 104 Querying Audit Records Working with Archived Audit Records 7 8 Auditing can generate large numbers of audit records To manage them AuditM aster periodically empties the audit log to an archived file The default archive file size is 75 M B To reset the def
70. ation for that combination Each fileto bemonitored can belongto only onegroup in one audit configuration We recommend you work through the following tutorials before attempting to create an audit configuration 14 Configuring Data M onitoring without Schemas 2 Configuring Data M onitoring with a Schema 3 Operations to Audit by File 4 Managing Schemas 5 Resolving Configuration Conflicts Working with Audit Configurations Configuring Data Monitoring without Schemas 6 2 Thetutorial in this section shows how to use an audit configuration consisting of the following m A Pervasive PSQL database server A group of database files for a fictional video store No schema data dictionary files or DDFs Only AuditM aster administrative users can set audit configurations The database used in this example is fictional Simply read through the steps to become familiar with the audit configuration procedure In the next tutorial Configuring Data M onitoring with a Schema you will have sample files for hands on practice gt To use an audit configuration without schemas 1 Open AuditM aster Viewer from the operating system Start menu or Start screen ThePervasiveAuditM aster window appears For PervasivePSQL under Windows an entry for the AuditM aster server was added by default during installation i7 Pervasive AuditMaster iol x File Edit Tools Yiew Server Admin Help DT a S lle SDB_SERVER PYSWAUDITS DATA
71. ault size or choose archiving by date see Automated Archiving Archived files for each server appear in the data tree The filename uses creation timein the format yyyymmdd nn where yyyy is the year mm is the month dd is the day and nn is the number of the archive file created that day starting with zero Compressing archived files saves as much as 90 percent disk space AuditM aster encrypts compressed archived files to restrict access to users within the AuditM aster system M oving an archived file out of itsfolder i e Arch or Comp in theinstallation directory grays out its entry in the data tree M oving it back restores the entry and enables queries again Permanently deleted files cannot be restored The data tree provides several archived file commands As shown in the following table right clicking an archived file offers commands depending on whether the file is compressed Queries may be run only on uncompressed files Table 7 2 Right Click Commands for Archived Files in the Data Tree Command Uncompressed Compressed Query Run a query against the file Yes No Execute Saved Query Run a saved query Yes No Compress Compress the file Yes No Decompress Decompress the file No Yes Delete Remove the file permanently Yes Yes Get File Information Expand the data tree Yes Yes to show compression status number of records file size last record in archive and date range of included records
72. based or on user date action and other criteria For details see Chapter 7 ry Querying Audit Records Alert Builds an alert based on a query e g a certain user has made a or change or when a check is cashed for over 100 000 A tripped alert flags the monitored record with an icon ET and performs an action T either sending email or starting a program See details under Working with Alerts Report Prints the selected audit records See details under Printing Reports or Exit Select Exit to log out and close the viewer Edit Copy Copies selected fields to the clipboard as tab delimited text strings Select All Highlights all records Table5 1 Menu commands AuditM aster Viewer GUI Visual Reference Menu or Toolbar Command Description Tools Search Searches for specific text in audit records For details see Searching or Audit Records Sort Sorts audit records based on the currently selected column For details or see Sorting Audit Records zZ Export Exports a current or archived view file to a text file For details see or Exporting Audit Records to Other Applications View Show Active Displays an icon in the data tree to provide information about the Local currently installed event handler The default for this setting is off and is Monitors left off under normal use Set Archives Sets how many items are displayed under Archived Files in the data to Show tree For details see
73. bed in Chapter 5 Using AuditM aster Viewer This chapter covers the following topics a Displaying Audit Records a Working with Archived Audit Records Running Queries a Working with Alerts a Printing Reports Searching Audit Records m Sorting Audit Records Exporting Audit Records to Other Applications a Displaying Audit Records under Pervasive PSQL Security a Using AuditM aster Undo Querying Audit Records Displaying Audit Records 7 2 AuditM aster monitors application data records for various changes and operations As it audits these events it writes audit records to a log file To access the new records they are moved to a view file Audit records are displayed by queries A query can includethe current view file one or more archived files or both current view and archived files Before querying the current view file you first should update it to retrieve any new audit records from the log file This section covers the following tasks Toupdatethe current view file To display audit records gt To update the current view file 1 Inthe data tree right click the current view file and select Update Current View File or in the toolbar select the update current view file icon An icon amp shows that the current view file update isin progress 2 Right click the current view fileand select Get File Information Thetree expands to show information like the following urrent View File S
74. bs for restricting a query to who did what from where when how and in which audit record files to look gt To restrict a query 1 Select options from the tabs to make a query more selective Table 7 3 Options for Restricting a Query To find Click tab Perform these steps Users All records that contain a specific user or users Who 1 To find a specific user or users clear the All Users option The list of database users is now available Select a user or multiple users by checking the box beside their name If needed you can add a user by clicking Add and typing in the specific user Running Queries Table 7 3 Options for Restricting a Query Programs The program or process identified by AuditMaster in the Process Name column of the audit record grid To find Click tab Perform these steps Operations Did What 1 To find a specific type of operation Groups and clear the All Operations option You Tables can also clear the All Groups or All Specific operations Tables option The list is now such as an insert or available a delete ina specific type of 2 Select the operations and any table in a specific objects affected by them Expand group lists as needed to select the appropriate options Use the SHIFT or CTRL keys to extend the selection Network From 1 To find a specific network address Addresses Where clear t
75. ck Finish The wizard reports the result of the schema removal Schema Maintenance Wizard for Pervasive AuditMaster Completed Schema Removal PERVASIVE You have successfully removed Data Definitions for Pvideo 1 0 Cancel 7 Click Close Note Audit records captured using the removed schema now display as hexadecimal rather than in human readable format Resolving Configuration Conflicts Resolving Configuration Conflicts Each fileselected for monitoring can belongto only onegroup in one audit configuration If you attempt to select it for any other group the following window appears if Configuration Conflicts x m Files Already Being Monitored Failure wrting to Audit aster Database isting customer mkd Another Group Select All Clear All m Conflicts Across Components Versions and Products Table Name Existing Product Name You have two options for resolving the conflict Click theClose button to cancel theselection and leavethefilein its original group Movethe file to the new group by selecting it and clicking the Convert button 6 27 Working with Audit Configurations 6 28 chapter Querying Audit Records _ H ow to Work with Audit Records This chapter describes tasks that involve running queries against the audit records Before undertaking these tasks be familiar with the AuditM aster interface as descri
76. ct amda exe which is found in a default installation in C lt installation directory gt Audit bin The Configure Programs dialog box will look like the following B 26 Using the Data Alert Utility if Configure Programs 8 To store the amda command parameters click Set Parameters and make entries based on the following amda d DemodataV t Billing r RecID c Amount _Owed Amount _Paid For information on this step see Setting a RunProgram Action and Parameters for the amda Utility The entries will look like the following F C P SW Audit Bin amda exe Parameters my xi Sls as oe chance d Demodatal t Billing 1 2 3 ReciD 4 c Amount_Owed Amount_Paid 9 Set email recipients in amdaemail cfg For information on this step see Setting Delta Alert Email Recipients B 27 Advanced Operations B 28 10 Close AuditM aster Viewer and restart Pervasive services to activate the delta alert 11 In Pervasive PSQL Control Center open the Billing tablein Demodata and change a valuein the Amount_Paid column A command prompt window announces that column values have changed and email is being sent to recipients Recipients receive a message with a header like the following From Auditmaster Sent Wednesday June 08 2005 3 14 PM To DeltaAlertRecipients Subject Delta Alert Fired on Record ID 11392 Record ID isthe number of the audit record that trigg
77. ction summarizes the direct query method for audit records 1 A virtual database can enable direct quer independently of AuditM aster Viewer ies of audit records 2 A special script populates the database Use the Query D ata Model Generator utility qdmg to automate the writing of this script 3 Create a database on the same volume as the AuditM aster installation root eg default C lt installation directory gt Audit A Run the qdmg script in the database a records from the current view file You may now run queries in the virtual database to return audit 6 To enable queries of audit records in an archived file use an ALTER script to reset the virtual database to do so QueryingAudit Data Directly through SQL 7 Useasecond ALTER script to set the virtual database back to its original state to query the current view file again 8 Create and save a reset script for the current view file and for each archived file against which you want to run direct queries In the virtual database run the script you need before running your direct queries 9 Remember that archived files must be uncompressed for queries to succeed B 21 Advanced Operations Using the Delta Alert Utility The AuditM aster delta alerts feature provides a means of setting an email alert based on a change to a selected audit record column or columns as the monitored event Delta alert configuration has the following steps B 22 1
78. d 8 2 Archived files grayed out in data tree 7 8 setting number to show in data tree 7 10 Archiving automated in server settings 8 23 Audit configuration making changes to an existing 6 7 Audit record numbering limit A 2 Audit record grid 7 4 effect of security policy on names 7 44 audit record grid customizing 7 5 Audit records displaying 7 2 exporting to another application 7 43 querying through SQL B 7 searching 7 40 sorting 7 42 viewing details 7 7 Audited operations Pervasive PSQL status codes 7 6 SQL logins 7 6 AuditM aster administrator defined 4 3 description 1 2 documentation 2 3 features 1 3 installing 3 1 checklists 2 4 client only 3 6 common questions after 3 10 hardware requirements 2 5 how to uninstall 3 11 permission required 2 5 under Windows 3 4 product components 2 2 readme file 2 6 uninstalling 3 11 utilities 2 2 Authorization License 2 5 Before and After columns defined 7 7 Checklists for installing AuditM aster 2 4 Columns Before and After 7 7 changing order in audit record grid 7 5 changing which are visiblein audit record grid 7 5 Index 1 Comma ddimited file creating from audit data 7 43 Common settings changing 8 22 Components log event handler 1 4 viewer 1 4 Configuration conflicts resolving 6 27 D Data definitions configuring with 6 9 Data tree defined 5 2 Database names effect of security policy on 7 44 Delta alerts amda parameters B 23 email mes
79. dit TNBTMON Paths Some of the settings in these sections can be changed however in most cases it is best to leave the defaults with the possible exception of the following options a Automated Archiving Archives to Keep a Archive Disk Limit m Errorsto Audit Operations to Audit Globally After a change is made except for automated archiving the event handler must restart to activate the new setting If needed see Restarting the AuditM aster Event H andler 8 22 Maintaining Server Settings Automated TheAutomated Archiving section offers options for configuring the Archiving audit record archiving xi Section AMMON PATHS r Creation of Archive Files J By Date and Time IV By Size Threshold Archive every Enter Size in Megabytes TNBTM ATH orien FR BTMON PATHS Month onthe 1st fe C wekan sunday E Range 40 1024 C Day At 1200 00AM By default AuditM aster automatically moves audit records to an archived filewhen audit recordsin thelogfilereach 75 M B H owever in the Automated Archiving section of Server Settings you can change this default size choose to archive by date or a combination of the two If you select the checkboxs for both By Date and Time and By Size Threshold then whichever condition occurs first will prompt the system to create an archived file and reset the log file to empty If you clear the By Size Threshold setting and choose only By D
80. e gt To set up a delta alert 1 In AuditM aster be sure the table or tables to be monitored have been added to an audit configuration In this example thetable is Billing in Demodata Follow the instructions under Creating a Virtual Database You must use the qdmg utility on the monitored database to enable the delta alert feature to run This example uses Demodata If you ve already created DemodatavV go to the next step In AuditM aster using the steps given under Working with Alerts create the following alert x Alert Name Biling Changes Description When Amount Owed or Amount Paid changes JV Enabled mea In the query for Operations under Pervasive PSQL Btrieve select M odify After For Tables under User Tables select Billing Query Builder should now look like the following B 25 Advanced Operations i7 Pervasive AuditMaster Query Builder x Pervasive AuditMaster Query Builder B E From Where When How Advanced Script Select the operations and the objects affected by them Al Operations IV Al Groups Abort Transaction broadcast ops gt Reset lt default group gt Login lt file protection gt lt internal ops gt Demodata Logout Mend I Al Tables Pervasive SQL Demo 9 fF lt System Tables gt Class Course Dept Enralls Faculty 6 IntheAction for Alert dialog box select RunProgram 7 ToconfigureRunProgram add and sele
81. e provides options for working with and customizing the audit record grid display Option Steps Setting visible columns in Click the Visible Columns drop down arrow to the audit record grid open or close the list e Select or clear checkboxes to show or hide particular columns e Use the ordering buttons to set column order See Audit Record Columns for more information about individual columns Changing column order Drag and drop each column to the desired position in the audit record grid Searching audit records See To search audit records Sorting audit records See To sort audit records Exporting audit records See To export audit records Querying Audit Records Audit Record Thefollowingtablelists all possiblecolumnsfor an audit record The Columns Visible Columns setting determines which ones are displayed in the audit record grid Column order can be rearranged in Visible Columns or you can drag and drop columns with the mouse Table 7 1 VisibleColumn Namesin the Audit Data Grid Column Name Contents Record No Incremental number for audit record Dependent Record Record number for earlier related record Modify before record for modify after record Begin transaction record for end abort transaction record Date Capture date for audit record Time Capture time for audit record Network Address One of the following MAC ID if event in audited file originated on same syste
82. e returns no result since it does not match case with the name DefaultD B 4 Inthelist of query attributes select Date A calendar dialog box appears with the current date selected x Select Date Sun Mon Tue Wed Thu Fri Sat 5 2 I 3 1 12 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 hi 2 3 4 Current View File Date Range Jan 01 1753 Dec 31 9999 Cancel 5 Click OK to accept the default date The date appears in the Value column 7 18 10 Running Queries In the Operation column select a logical operator or leave the default equal sign as is The expression should resemble the following _ Tye Operation Value Delete Insert __ Date Feb 29 2004 Del Ins b kSelect Type gt El _Del Ins You may usethe Del and Ins buttons to remove an item from the expression or add a new item After building your expression decide whether to set it for Alert Only This option will select for records meeting the defined conditions but display only those for which alerts have tripped For more details see Working with Alerts If you plan to run this query often click Save The Saved Queries window appears to enable you to give the query a name and saveit for future use Seealso Running a Saved Query or Last Query Executed To run this query click Execute The Query Builder executes the query and displays the results in the audit rec
83. ed neces ied a Documentation oaa a Installation Checklists 2 aa a Ouick Checklisticis t sick tithe ae iai a a hl BA odd oe bd dtl pao PRECAUTIONS 4 csv Apacs A fee a Oa ek od ee Se ee Permissions and Privileges 1 ees Authorization License aoaaa a THERE ease NOLES i au Tinea a eR aa a a a ia 3 Installing Pervasive AuditMaster sasasaaasaananan 04s Instructions for First Time or Upgrade Installation Before You Begin 2 eee Installation Notes 0 es Installation Notes for Windows Only 0 eee eee eens WipOradeNiOtes x2 ae ee oie Beek odes She 8 as Ona E hd Ge Se en ee Installing Pervasive AuditM aster under Windows 2 0 0 0 eees Installing AuditM aster Viewer as Client Only 2 0002 Common Questions After Installing Pervasive AuditM aster aoaaa aaa Uninstalling Pervasive AuditM aster 0 ee ee 4 AuditMaster Basics 0 00 ee ee ee ee ee An Overview of AuditM aster Basics Starting theAuditM aster Client 2 Logging in from an AuditM aster Client a aaa ee es Changing Your User Password aoaaa eee Running AuditM aster under Pervasive PSQL Security ooa Restarting the AuditM aster Event Handler aoaaa ee ee Using Shortcut M enus aaa a Contents 5 Using AuditMaster Viewer 2 ee ee ee 5 1 A Tour of the M ain Window and a Reference List of Tasks AuditM aster Viewer Concepts aoaaa ee 5 2 AuditM aster Server 5 2 DataT ree xi ence va e
84. er the group name Demodata and click OK 10 IntheAvailable Files area navigate through the folder hierarchy to locate files to monitor Only files in Btrieve format are listed You may also use the Show Files in Subdirectories button after double clicking a folder to display a list of all Btrieve files from the double clicked directory downward i Note Listing many folders and files may take several minutes For this example select the Pervasive PSQL demonstration directory C lt installation directory gt D emodata m Available Files Drive C x I Show Files in Subdirectories Select All 6 12 Configuring Data M onitoring with a Schema 11 Click the file name student mkd and click Select You may also double click it m Available Files Drive C bs Show Files in Subdirectories Select Select All Thefile path name appears in the Files to Be M onitored list m Files to Be Monitored Remove All You can also click Select All to add every file in the current list Each file can be a member of only one group in one audit configuration If you select a file that is already listed in another group AuditM aster informs you of a configuration conflict Should this occur see Resolving Configuration Conflicts If you decide not to monitor a file select it and click Remove to delete it from the group Remove All deletes all files from the group
85. ered the alert The body of this sample mail message looks like this Using the Data Alert Utility FigureB 1 Structure of a Delta Alert Email M essage Delta Alert Fired Alert Header e Column Name s AMOUNT_OWED AMOUNT_PAI Information e Operator OR Record Rec Date Time RY VE SC Op Context Operation Dep Rec Id Product Ver Product Audit Record Component Ver Component Table Group Net Address p I Net User ID f Process Database OS Ver Retum Code po STUDENT ID TRANSACTION NUMBER LOG AMOUNT_OWED AMOUNT PAID REGISTRAR_ID COMMENTS Application Record Data saci View Path a Server Net ID 000874F3BIES 7 Additional Information B 29 Advanced Operations B 30 Index Numerics 108 error message 8 3 A Actions setting EmailAlert 7 30 setting for an alert 7 28 setting RunProgram 7 34 stopping by deleting alert 7 37 stopping by disabling 7 37 Administrator AuditM aster defined 4 3 Advanced query tab Select Type attribute case sensitive 7 19 Advanced tab 7 16 restricting queries at the column level 7 18 Alerts 7 25 adding anew alert 7 25 deleting to stop 7 37 editing 7 36 setting an action for 7 28 working with 7 24 amda parameters B 23 amdaemail cfg file B 24 AMMON paths changing 8 22 AMMON settings changing 8 22 amserver file describe
86. for individual files As with other new settings you must restart the event handler Operations to Audit by File Default Insert On Delete On Modify Before After On Login Logout On Reset N A Begin End Transaction N A Abort Transaction N A Read Off See also Operations to Audit Globally 6 16 Operations to Audit by File Note In a Pervasive PSQL database when the client side cache engine is turned on the cache engine reads an entire database page after 8 consecutivereadsin anticipation of more reads The recordsin the database page read by the cache engine are not audited by the event handler on the server If auditing requires that every read be captured verify the setting is off However lack of engine caching can reduce database performance The behavior occurs only when the threshold of 8 consecutive reads is reached If 7 reads and then an update occurs no caching occurs and all 7 reads are captured In Pervasive PSQL Control Center expand Local Client right click MicroKernel Router and select Properties then click Performance tuning to seethe setting Use Cache Engine By default the setting is off 6 17 Working with Audit Configurations Managing Schemas AuditM aster can import Pervasive PSQL schemas for two purposes TO make data records more readable To enable alerts based on changes to a specific record field Without its schema application data in audit records
87. g Audit Records Report Builder Create run and save audit record reports See Printing Reports Alerts Create save and manage audit alerts Windows only See Working with Alerts Archive Manager Manage audit record archives See Maintaining Server Settings Schema Management Wizard Import data definitions from database systems See Managing Schemas Query Data Model Generator QDMG Query audit record data through SQL See Querying Audit Data Directly through SQL AuditMaster Delta Alerts AMDA Configure alerts based on delta queries against audit data See Using the Delta Alert Utility Installation Overview Documentation Pervasive AuditM aster includes the Pervasive AuditM aster User s Guide as online help The guide covers installation and use of the product Access theonlineversion or print themanual from the PDF filefound on the CD ROM or installed under the Docs folder 2 3 Preparing to Install Pervasive AuditM aster Installation Checklists Quick Checklist Precautions 2 4 This section provides you with checklists and other information to prepare you for installation or upgrade The following overview is intended to accompany the software and hardware requirements listed on the Pervasive Software web site for Pervasive AuditM aster Each checklist item is described in detail in the topics that follow LI You have taken the appropriate precautions before ins
88. handles Check Pervasive documentation for information on configuration and optimization AuditM aster numbers audit records automatically up to a 32 bit upper limit of 2 147 483 647 After that numbering wraps and thenext audit record starts again at 1 If you noticethat the audit record number has suddenly dropped check to see whether this has occurred Troubleshooting Strategies Troubleshooting Strategies You must first diagnose a problem before you can fix it The following checklist contains items to help you diagnose problems with AuditM aster L Does the AuditM aster status log contain errors See Reviewing System Activity in the Status Log LI Does the network function correctly See N etwork Communications LJ Is thedatabase engine running See Database Engine LJ Are other sources of help available See H ow to Get Additional Help A 3 Basic Troubleshooting Restarting the Status Log A 4 AuditM aster writes status records in thefile amstatus log located in a default installation under C lt installation directory gt Audit Data Under certain conditions such as disk full AuditM aster may be unable to continue adding status records into this file even after the error condition is corrected To restart the status log you can export its contents and then delete the log AuditM aster then starts anew log file automatically gt To restart the status log 1 Intheviewer window select Admin V
89. he All Network Addresses Any information option The list of network addresses originating from a is now available specific network address 2 Select one or more network addresses by checking the box beside the address If needed you can add an address by clicking Add and typing in the specific network address Specific Dates When 1 To find a specific start and end date Any activity on a clear the All Date Range option The specific date and Start Date and End Date calendars within a time range are now available 2 Select a day month and year from the calendars Use the arrows to click back and forth through the months 3 To find a specific time range for each day in the date range clear the Time Range option Select a time from the Start Time and End Time fields Note The time range applies to each individual day in the date range e g 8 00 a m to 5 00 p m on each day Processes or How 1 To find a specific program or process clear the All Processes option The processes are now available 2 Select a program or process by clicking the box beside the option If the process name does not appear use the Add field at the bottom of the pane to include it in the list 7 15 Querying Audit Records Building an Advanced Query 7 16 2 The Advanced tab is used to build complex queries that cannot be built using the other tabs This tab can set expressions to evaluate for specific events and
90. he Schema folder in the install image root m Pervasive SQL_Demo_V9 add m Pervasive SQL_Generic add In third party applications amschemamaint exe can be used in scripts to export aschemato afilein the Schema folder on a custom CD ROM to automate its importing at installation time The sequence of usage would be as follows 4 Install your application 2 Install AuditM aster 3 Run amschemamaint exe to import from the Schema folder Note If you use amschemamaint exe to customize an installation CD ROM and wish to delete Pervasive SQL_Demo_V9 add so that it does not appear in the Audit Configuration window you may do so However do not remove Pervasive SQL_Generic add since it is needed for successful operation of AuditM aster The amschemamaint exe utility has four forms import export remove a list Each of these is explained in the rest of this section B 2 import M anaging Schemas from the Command Line AuditM aster Schema M aintenance import utility Description Imports a schema from a Pervasive PSQL databaseor from afile See export for steps to create add files for importing Syntax Database amschemamaint import d database path m password p product name v version s description a folder File amschemamaint import i file path_name a folder Options Option Description a Data directory on remote server where AuditMaster amserver file resides Optional if amserver re
91. he following entry as aRunProgram alert action tests audit records for events marking changes in either the column for amount owed or the column for amount paid in the Billing table in Demodata amda d DemodataV t Billing r RecID c Amount _Owed Amount_ Paid This same delta alert is used under Delta Alert Example B 23 Advanced Operations Setting Delta Alert Email Recipients B 24 The file amdaemail cfg is used to set the mail server domain and recipients of email alerts sent by AuditM aster when delta query conditions are true In a default installation the fileis found in C lt installation directory gt Audit D ata It contains the following text KKEKKKKKKKKKKKKKKKKKKKKKKKKK KK KKKK KK KK Delta Alert Email Configuration KKK KK KK KKK KKK KKK KKK KKK KK KKKKKKK KK KK KK This is a comment SMTP INFO 7 lt SMTP Server gt lt Domain gt EMAIL INFO lt email addressl1 gt lt email address2 gt Thecommented variables enclosed in angle brackets are replaced with the values needed for the delta alert to notify mail recipients The valuesin a configured amdaemail cfg file will look like the following SMTP INFO smtp server company com EMAIL INFO user name company com Delta Alert Example Using the Data Alert Utility This section provides steps to create and configure a delta query to alert recipients by email when billing amounts are changed in the Demodata databas
92. ial text strings leave this checkbox cleared When you are finished setting filter options click Refresh The viewer refreshes with only records you wish to see You also may sort status log records by selecting column headers on which to sort For example usethe SH IFT key to select both theDateand Time columns to order the records chronologically After selecting columns on which to sort click Refresh The viewer refreshes by sorting the records displayed 8 17 Administering AuditM aster Maintaining Users 8 18 As part of AuditM aster security only trusted personnel are allowed access to the AuditM aster system As administrator you must define user names and provide a password for each user You must also decide whether each user shall also have your same administrator privileges This section covers tasks donein the User M aintenance window To add auser o remove a user gt To add a user 1 SelectAdmin User Maintenance The User Maintenance window appears x p Create User _ Delete User User Name Admin I db_user Password Confirm Password 2 Enter a user name and password Passwords are case sensitive user names are not 3 Click Create User 4 You areasked whether this user is to have AuditM aster administrator privileges Click Yes or No as appropriate The new user appears in the list of current users gt To remove a user 1 SelectAdmin User M
93. iew Status Log to open AuditM aster Status Log Viewer 2 Select File SaveAsand give the status record text file a descriptive name Thestatus records are exported to afile with the suffix txt and can be opened by applications that read text Exit from AuditM aster 4 Stop the event handler 5 Deletetheoriginal amstatus logfile from the Data folder in the AuditM aster installation directory 6 Restart the event handler 7 AuditM aster status logging is now active again Handling Errors Relating to Paths Handling Errors Relating to Paths gt To verify correct path settings 1 SelectAdmin Server Settings 2 Select AMMON PATHS 3 Ensure that path points to directory where AuditM aster was installed 4 In order for AuditM aster Viewer clients from remote machines to access the configuration UNC paths must be specified The default subdirectories are as follows TableA 1 UNC Path Settings for Remote AuditM aster Viewer Clients AMMON Path UNC Path Root serveriamdir Config serveriamdir data Log serveriamdir data View serverliamdir data Archive serverlamdir arch Compress server amdir comp Empty serveriamdir empty 5 Verify the following information Server isthe computer name where the AuditM aster event handler is installed Amdir isthe path name that represents the directory where AuditM aster was installed Config Path Log Path and View Path sh
94. iew file Only uncompressed files can be queried If a file used in aquery has been compressed you must decompress to run the query Note The larger the file the longer it takes to decompress and become ready to query For large files to be sure that all records are ready usethe Admin View Status Log command to check the status log for the finished decompressing message even if thefileicon shows as uncompressed You may also want to right click theArchived Files branch of the data tree and select Refresh All to update the display gt To use the last query executed In the data tree double click the Last Query Executed Any result appears in the audit record grid 7 22 Working with Alerts Working with Alerts Under Microsoft Windows AuditM aster provides an alert capability TheAlerts window enables you to create an alert to a specific event in a Pervasive PSQL database Once an alert is set AuditM aster checks each new audit record for the alert condition When found AuditM aster executes an alert action For example when a data record is deleted the system can send an alert to notify you by email In the audit record grid tripped alerts are flagged with an icon 7 Caution Dramatic and undesirable consequences may arise from an alert with abroad query likely to match a large number of audit records especially when the alert action sends email This section covers the following topics
95. ing the needed information or removing old definitions PERVASIVE AuditMaster Cancel 6 19 Working with Audit Configurations 2 Click Next to continue The wizard asks you to specify the location of the amserver file Schema Maintenance Wizard for Pervasive AuditMaster Specify the location of the Audit Server Enter the full path to the amserver table in the AuditMaster data folder Server E Cancel 3 Accept the default path to thefile or enter a custom path and click Next You may also use the ellipsis button to browse to a folder or network location The wizard asks you to choose to import or remove a schema Schema Maintenance Wizard for Pervasive AuditMaster k Choose the task to perform What would you like to do want to import a schema into AuditMaster After importing audit records for monitored tables that use the schema will display field names and other formatting information C Remove Schema want to remove a schema from the AuditMaster system After removal captured audit records that used the schema will display only in hexadecimal format lt Back Cancel 4 Select Import Schema and click Next The wizard asks you to enter information about the database application to be audited 6 20 M anaging Schemas Schema Maintenance Wizard for Pervasive AuditMaster Specify the Product Information Enter the Name Description and Version of the
96. ings are as follows Table8 1 Default Errorsto Audit after AuditM aster Installation Error Description 2 The application encountered an I O error 8 The current positioning is invalid 18 The disk is full 19 The application encountered an unrecoverable error 32 The file cannot be extended 37 Another transaction is active 43 The specified record address is invalid 46 Access to the specified file is denied 51 54 The owner name is invalid The variable length portion of the record is corrupt 67 The MicroKernel cannot open the SQL data dictionary files 69 The Delete operation specified a file that is damaged 73 The RI definition is out of sync 101 3 26 Insufficient operating system memory is available Maintaining Server Settings Table8 1 Default Errorsto Audit after AuditM aster Installation Error Description 138 The MicroKernel has detected an invalid null indicator 141 The user name is invalid for the database login 142 The database specified on login is invalid 143 The MicroKernel cannot allow unauthorized access to files in a secure database 147 The log segment is missing 148 A roll forward error occurred Operations to The Operations to Audit window offers the same type of settings as Audit Globally the Operations to Audit button in the Aud
97. ion and name you provided Note You can also extract audit data directly by copyingfrom the AuditM aster audit record grid and pasting therowsand columns into another application such as a spreadsheet Displaying Audit Records under Pervasive PSQL Security Displaying Audit Records under Pervasive PSQL Security If you run AuditM aster with Pervasive PSQL security enabled field values in the User Name and Database Name columns vary with the DefaultDB database security policy and the type of database operation as shown in the following table Table 7 5 User and Database Names Audited under D efaultDB Database Security Btrieve Operations SQL Engine Operations Security User Name Database Name User Name Database Name Policy Displayed Displayed Displayed Displayed Database Database login One of the following Database login n a Database name from Btrieve Mixed Database login Login API or connection string Database login n a Classic OS login Database name bound to e OS login n a Database executed if any Database user name 7 ae user name if database ae if other two if database security naval aoe security enabled enabled Btrieve file on which operation Audited Btrieve operations include Select Read Insert U pdate Delete Login and Logout For Begin Transaction End Transaction Abort Transaction and Reset operations which are not associated with a specific database the database name is n
98. it Configuration window x Section AMMON PATHS Default Audit Records AMMON SETTINGS IV Insert IV Reset IV Delete IV Begin End Transaction IV Modify Before After IV Abort Transaction IV Login Logout I Read AuditMaster will apply these settings to each new file to be monitored Settings for currently monitored files are unchanged Click Apply to All Files to reset all monitored files to these default settings Apply to All Files Cancel Thedifferenceisthatin Server Settings the options are global for any file selected in an audit configuration and in the Audit Configuration window the button allows you to set operations to audit for individual files At installation time theAuditM aster defaults in this window include all operations except Read If you select different options they become the new defaults for any file you add to an audit configuration group Operations to audit set for earlier added files are not affected unless you click the Apply to All Files button 8 27 Administering AuditM aster 8 28 Finally if any file is removed from a group and then added again its Operations to audit settings default to the current selections in this window For information on individual file settings see O perations to Audit by File Note In a Pervasive PSQL database when the client side cache engine is turned on the cache engine reads an entire database page after 8 consecutive reads in anticipatio
99. itM aster 2 2 overview 6 1 7 1 Index 3 V View file defined 5 2 Viewer description 1 4 W Web sites Pervasive Software A 9 When query tab using 7 14 Where query tab using 7 14 Who query tab using 7 14 4 Index
100. ived files Thedatatreedisplaysan AuditM aster server Branches of thetreecan be expanded by clicking the plus signs for more detail You can also right click treeicons for various command options Queries may be run against the current view or archived files Figure5 3 Data Tree DB_SERVERSPYSWAUDITS A DATAS E Current View File E Gy Archived Files H 1 Saved Queries When a query is run against the current view or an archived file the audit record grid shows the result Figure5 4 Audit Record Grid Date Time User Name Table Name Operation 11 01 12 04 13 03 54 db_user Student Insert 16 01 12 04 13 04 02 db_user Student Delete Audit records capture both AuditM aster operations and database activity For database activity the audit record detail areain the lower Using AuditM aster Viewer Status Bar 5 8 part of the AuditM aster Viewer window shows the fields of the data record where activity occurred Figure5 5 Audit Record Detail Field Name Field Value Cumulative GPA 2 955 Tuition_ID 3 Transfer Credits 0 Major Biology Minor Computer Science Scholarship Amount 600 00 Cumulative Hours 15 Note Data record detail may bein human language or in hexadecimal depending on whether the database schema has been imported for AuditM aster to usein displaying data For more information see Working with Audit Configurations This section explains the text in the status bar at the bottom
101. le and do one of two things Select Server ArchiveCurrent View File or right click thefile and select Archive Select Server Archive amp Compress Current View File or right click the file and select Archive amp Compress Large numbers of records can take time so you may want to use Admin View Status Log command to check for the finished compressing message 7 9 Querying Audit Records 7 10 You cannot run a query against a compressed archive file You must first decompress it by right clicking and selecting Decompress gt To set the number of archived files to show You can control thenumber of archived files listed in the data tree which displays both uncompressed and compressed archived files E ADB_SERVER PYSWAUDIT DATA 222 Current View File chived Files 6 totall 20030909 02 20030909 01 030909 00 20030908 02 2 20030908 01 20030908 00 Ej T Saved Queries E 3 Active Monitors The default setting for the number of archived files displayed in the list is 15 Displaying a shorter list does not delete archived files but only removes them from the display They remain in the Arch and Comp folders in the AuditM aster root directory e g default C lt installation directory gt Audit Raising thenumber in the setting displays them again 1 Select View Set Archives to Show TheArchives to Show dialog box appears af Archives to Show x Enter the maximum number
102. les TA Saved Queries FE Active Monitors 3 To perform atask from theshortcut menu select an option from the menu The window for that task appears 4 12 chapter Using AuditM aster Viewer 5 A Tour of the M ain Window and a Reference List of Tasks Thetopics in this chapter include AuditM aster Viewer Concepts a AuditM aster Viewer GUI Visual Reference 5 1 Using AuditM aster Viewer AuditMaster Viewer Concepts The viewer is a Microsoft Windows client user interface to the Pervasive AuditM aster system From this main window you may work with the following features AuditM aster Server a DataTree a View File a Alerts a Reports AuditMaster An AuditM aster server is a Pervasive PSQL database server on which Server the Pervasive AuditM aster event handler and configuration files are installed and running The event handler monitors the database and logs audit records which can then be queried for display in the AuditM aster Viewer client Each AuditM aster server is a top branch in the AuditM aster data tree Data Tree The data tree presents your auditing system in graphical form Each branch of the tree holds an AuditM aster server and its current view file archived files and saved queries For more information see AuditM aster Viewer GUI Visual Reference View File Audit records in an AuditM aster event handler log are moved to a view file for query and display The records reside i
103. ll be able to audit data for an evaluation trial period At the end of that time if you do not enter alicense key AuditM aster will ceaseto monitor data but will otherwise not interfere with your Pervasive PSQL system After thetrial period ends you still will beableto query audit records captured during thetrial although certain features may no longer be available To apply alicensekey you may open Pervasive PSQL Control Center and use select Tools License Administrator or open a command prompt and run clilcadm For moreinformation on license keys see Pervasive PSQL User s Guide No license key is required for the AuditM aster Viewer remote client installation 2 5 Preparing to Install Pervasive AuditM aster The Release Notes 2 6 Pervasive Software urges you to read the release notes in the readme_am htm file for product news that could not beincluded in the user documentation but may be essential to your successful installation and use of this product Thereadme_am htm file is located under the root directory on the Pervasive AuditM aster CD ROM as well asin the installation directory on theserver after installation chapter Installing Pervasive E AuditM aster Instructions for First Time or Upgrade Installation This chapter explains how to install Pervasive AuditM aster either as an upgrade of an existing release or for thefirst time Thefollowing sections installation procedures Before
104. location C lt installation directory gt Audit to suit your local environment and click Next Installing AuditM aster Viewer as Client Only The setup completes the installation of the AuditM aster Viewer client 7 Check the server machine you wish to add to make sure that Pervasive PSQL services are running You may use Pervasive PSQL Control Center for this verification 8 To connect the new client to an AuditM aster server open AuditM aster Viewer from the operating system Start menu or Start screen The Pervasive AuditM aster main window appears a Pervasive AuditMaster eee i sare Casa CTes seeal Eior 9 Select Server Add The Locate amserver on Your AuditM aster Server dialog box appears 3 7 Installing Pervasive AuditM aster Locate amserver on your AuditMaster Server 2 x Look in a amserver on db_server ct EE a amserver esktop My Documents My C omputer TAGI E My N etwork P 10 Enter the path to the file amserver to read the settings for the AuditM aster server to which you want to aclient connection Windows default server P V SWAU DIT DATA amserver where server isthe name of the Pervasive PSQL machine with the database to be audited Note that a sharename other than PVSWAU DIT may have been chosen 11 Click Open Theserver you selected is added to the list af Pervasive AuditMaster File Edit Tools View Server Admin Help DTAS Ai lal
105. lso access audit recordsin archived files but queries on the current view file must be enabled first Follow these short procedures in the order given 14 Creating a Virtual Database 2 Runninga Query on the Current View File 3 RunningaQuery on an Archived File Creating a Virtual Database QueryingAudit Data Directly through SQL This section gives the steps for using the qdmg utility to create a virtual database for direct queries of audit data Theexampleusesthe Demodata database installed with Pervasive PSQ L 1 4 Before setting up a virtual database import the schema for your audited databaseinto AuditM aster If this already has been done go to the next step In this example importing has already been donefor Demodata as part of the AuditM aster installation If you need instructions to import the schema from your own database see the section M anaging Schemas in Chapter 4 Working with Audit Configurations of Pervasive AuditM aster User s Guide Creation of the virtual database will require access to the DDFs of the database for which you want to query audit records To find this path do the following a Open Pervasive PSQL Control Center and expand the branch for the database being audited Demodata b Open the Tables branch for Demodata right click on a table and select Properties c Note the Dictionary Path where the DDFs are located In this example it s C lt installation directory
106. m as AuditMaster server IP address for local client applications using UNC address instead of simple path name IP address if event originated from remote client Note MAC addresses are not available from remote clients in the current release User Name Login ID under which event occurred See Displaying Audit Records under Pervasive PSQL Security Database Name Database in which event occurred See Displaying Audit Records under Pervasive PSQL Security Table Name File in which event occurred The file must be selected for monitoring in an audit configuration All configured files appear in the Tables list of the Did What tab in Query Builder Operation Database event Events can include any item in the Operations list of the Did What tab in Query Builder SQL logins display in this column Selected Pervasive PSQL status codes also appear here when first selected in the Errors to Audit section of the Server Settings window See details under Maintaining Server Settings Operation Context Normal operation or error Database Engine Either AM Message API internal use within AuditMaster or Pervasive PSQL 7 6 Displaying Audit Records Table 7 1 VisibleColumn Namesin the Audit Data Grid Column Name Contents Database Version Version of Pervasive PSQL running on server Product As listed in audit configuration for monitored file Product Version As listed in audit configur
107. n Pervasive AuditMaster User s Guide AM process_name Process Name Process that was source of audit event Same as Process attribute under How tab AM sess_num Internal use AM lic_num Internal use AM mapstate Internal use AM database_name Database Name Database in which audit event occurred Depending on the implementation of the database concept at the level of the event this value may be n a not available AM osverkey OS Version Name and version of operating system of machine where AuditMaster server is running e g W2K 5 1 2600 SP3 0 AM retcode Internal use AM reserved Internal use AM databufsize Internal use AM len Internal use lt Data Column 1 gt First data column from table where audit event occurred lt Data Column 2 gt Second data column from table where audit event occurred lt Data Column n gt B 14 Additional data columns Running a Query on the Current View File QueryingAudit Data Directly through SQL Before querying for audit records described under The Structure of an Audit Record be sure to have done the following Run qdmgto generate a script to populate a virtual database with views linked to audit records Create an empty database Execute the script in the database If you ve completed these tasks you re ready to run direct queries for audit records as shown in the contin
108. n of morereads The records in the database page read by the cache engine are not audited by the event handler on the server If auditing requires that every read be captured verify the setting is off However lack of engine caching can reduce database performance The behavior occurs only when the threshold of 8 consecutive reads is reached If 7 reads and then an update occurs no caching occurs and all 7 reads are captured In Pervasive PSQL Control Center expand Local Client right click MicroKernel Router and select Properties then click Performance tuning to seethe setting Use Cache Engine By default the setting is off appendix Basic Troubleshooting E How to Identify and Solve Common Problems Thetopics in this chapter help you resolve common problems that you may encounter using AuditM aster General Tips m Troubleshooting Strategies a Restarting the Status Log a Handling Errors Relating to Paths No Records Returned by Query Despite Changes to Application Data Network Communications Database Engine a Howto Get Additional Help Basic Troubleshooting General Tips A 2 This section lists general tips for using AuditM aster When configuring your application data for monitoring besure that the files you select reside on the same server as the AuditM aster server Be sure that the Pervasive settings are optimized Common settings are communication protocols files and file
109. n the view file until they are moved to an archived file Each server in the data tree has its own view file and archived files For more information see AuditM aster Viewer GUI Visual Reference Alerts An alert is an automated notification that a set of conditions has matched a newly captured audit record A tripped alert can send email to a selected group of recipients It also starts an application on the server See Working with Alerts Reports Reports for viewing on screen and printing are loaded with queries for selecting audit records See Printing Reports 5 2 AuditM aster Viewer GU I Visual Reference AuditMaster Viewer GUI Visual Reference Thissection provides areferenceto main window of theAuditM aster Viewer graphical user interface GUI This window displays when the client application first starts Once you have logged in as a user and run a query to display audit records the GUI should resemble the following figure The window includes the following objects a TitleBar a Menu and Toolbar a DataTree Audit Record Grid a Audit Record Detail a Status Bar For details click any item in the list or click an area of the image Figure5 1 AuditM aster Viewer main window asive AuditMaster Active Server Pervasive SO een Pervasive SQL ojx File Edit Tools View Server Admin Help D Fm SG HB G amp S Visible Columns w AM Server DB_SERVER PVSWAUDITS DATA ADB_SERVERSPYSWAUDIT
110. nd reserved words typically appear in uppercase letters Unless you are working with Linux or the manual states otherwise you can enter these items using uppercase lowercase or both For example you can type MYPROG myprog or MYprog Bold Words appearing in bold include the following menu names dialog box names commands options buttons statements etc Monospaced Monospaced font is reserved for words you enter such as font command syntax Square brackets enclose optional information as in log_name If information is not enclosed in square brackets it is required A vertical bar indicates a choice of information to enter as in file name file name lt gt Angle brackets enclose multiple choices for a required item as in D lt 5 6 7 gt variable Words appearing in italics are variables that you must replace with appropriate values as in file name An ellipsis following information indicates you can repeat the information more than one time as in parameter n The symbol means one item is defined in terms of another For example a b means the item a is defined in terms of b xiii Xiv chapter Introducing Pervasive E i AuditM aster Understanding Pervasive AuditM aster and Its Capabilities This chapter provides an overview of Pervasive AuditM aster and its features It is divided into the following sections What Is Pervasive AuditM aster Features of Pervasive Audit
111. nd view audit records and manage audit record archives Administrator In addition to the above user privileges an AuditM aster administrator can view the status log set audit configurations manage users adjust system settings and set the audit filter Note The built in user ID admin has the default password MASTER Passwords are case sensitive user names are not To change this password see Changing Your User Password For information on the relation of AuditM aster logins to database and OS logins read Displaying Audit Records under Pervasive PSQL Security gt To log in to the viewer 1 In the data tree right click a server name to select Login or double click the server icon To log in to the currently selected server simply press Enter Thelogin dialog box appears AuditMaster Login xj User Name I Password Oo a 2 Enter a valid user name and password and click OK You now have access to the server you selected Note For the AuditM aster server to recognizeyour login request you need first to establish a regular network client login 4 3 AuditM aster Basics Changing Your User Password AuditM aster server access is password protected Whilelogged in to a server you can change your password for that server only On other AuditM aster servers your password may differ gt To change your password 14 Login to a server in the data tree 2 Select Server Change Passw
112. ng Descending Ascending Component f Then By zl C Descending r Then By n Ascending C Descending oe In the Sort By drop down list select a column name For example User Name to order records alphabetically by user Select Ascending or Descending order for sorting For example if you are sorting by Time to start the list with the most recent records choose Descending To sort again using asecond and third column select from each Then By drop down list including Ascending or Descending Click OK The audit record grid displays the sorted records 7 41 Querying Audit Records Exporting Audit Records to Other Applications AuditM aster can export any query result to a comma or tab delimited text file for importing into other applications 7 Note Only records and fields visible in the query result are exported gt To export audit records 1 2 3 4 5 7 42 Select and display a current view or archived file Run aquery if needed Select Tools Export The Export window appears Ci 8 File Name Browse Field Separator gt Headings Tab Column Names C Comma None Select tab or comma delimited fields for the exported columns To include column names in the text file leave the default selected otherwise select None Click OK to export the file to filename txt The export file is saved to the locat
113. nge the default installation location to suit your local environment We recommend a location with at least 200 M B of storage space to allow for growth of audit records Click Next The setup installs needed files then asks for a share name Accept the default share name PV SWAU DIT or enter an alternate share name and click Next Thesetup summarizes the installation and asks you to confirm Do one of the following Click Back to change the installation folder Click Next to continue installing When you continue setup installs needed files then displays the AuditM aster Setup Complete window Select one of the following To restart the machine on which you are installing AuditM aster select Yes want to restart my computer now AuditM aster will beunableto monitor data until you restart the machine To restart your computer at a later time select No I will restart my computer later Click Finish The AuditM aster setup program restarts the machine if you chose to do so You have now successfully installed Pervasive AuditM aster Thenext task is to set up data monitoring as described in Chapter 6 Working with Audit Configurations 3 5 Installing Pervasive AuditM aster Installing AuditMaster Viewer as Client Only For Microsoft Windows servers the Pervasive AuditM aster installation automatically places a viewer client on thesame machine where the AuditM aster event handler and the Perv
114. ngs Select Print to print the report Select Exit to return to Report Builder Searching Audit Records Searching Audit Records You can use the search command to find particular users operation types or values for the current audit records grid view AuditM aster uses a sophisticated search engine so it is easy to use different search options and directions Searches can also be made case sensitive Note Depending on the number of records and the complexity of the search criteria it may take some time to complete your search Whenever possible try to narrow your criteria gt To search audit records 1 2 3 Select and display a view file Run aquery if needed Select Tools Search TheSearch window appears Also if you have clicked in the audit record grid the field you clicked is highlighted in blue as the current column and its row is highlighted in yellow x Search for hd Search Options __ r Grid Area Direction From Top x Entire Grid Position Anywhere x Current Column C Specific Column I Match Case Pecado A I Match Entire String In the Search field enter a text string to find Your search entries are saved in the drop down list for the current session 7 39 Querying Audit Records 7 40 If needed use the Search O ptions to narrow your search In the Direction drop down list select a direction to start the search These include From
115. nitored You must install Pervasive AuditM aster at the Pervasive PSQL server itself you cannot install it remotely from a client machine A Pervasive AuditM aster license authorizes one server installation but you may install as many viewer clients as needed across your network environment For details see nstalling AuditM aster Viewer as Client Only gt To run the Windows AuditMaster setup program 1 Logon to the machine as a Windows administrator Be sure that the machine meets the system requirements 2 Launch the setup program from a Windows machinein one of the following ways If using Do CD ROM release Insert the AuditMaster CD ROM and allow it to start If it does not do so automatically open the file drive setup exe where drive is the drive letter of your CD ROM Downloaded files Open the file setup exe in the download directory The Welcome dialog box appears 3 At the Welcome screen click Next 4 On the License Agreement page read and accept the Software License Agreement and then click Yes If upgrading setup completes and skips to step 9 5 Enter the license key provided with Pervasive AuditM aster and click Next 10 Installing Pervasive AuditM aster under Windows Note Without alicense you can audit for the trial evaluation period After that auditing ends but any logged audit records can be queried For moreinformation see Authorization License If needed cha
116. nitored files AM comp_id Database Engine Either AM Message API internal use within AuditMaster or Pervasive PSQL AM compverkey Component Version Component version as listed in audit configuration for monitored files AM comp_name Component As listed in audit configuration for monitored files AM tab_id Internal use AM tabverkey Same as AM compverkey AM table_name Table Name File in which event occurred Same as Tables attribute under Did What tab The file must be selected for monitoring in an audit configuration All configured files appear in the Tables list of the Did What tab in Query Builder AM tabdef_id Internal use B 13 Advanced Operations TableB 1 Audit Record Columnsin a Virtual Database versus AuditM aster Viewer Virtual Database AuditMaster Viewer Description AM group_name Group Name Group for monitored files in audit configuration Same as Groups attribute under Did What tab AM6 net_id Network Address Same as Network Address attribute under From Where tab One of the following MAC ID if event in audited file originated on same system as AuditMaster server IP address for local client applications using UNC address instead of simple path name IP address if event originated from remote client AM net_user_id User Name Login ID under which event occurred Same as user name under Who tab See Displaying Audit Records under Pervasive PSQL Security i
117. nt to connect to an AuditM aster server either on the local machineor elsewhereon thenetwork You can add any AuditM aster server to which you have network access and file permissions gt To add a server 1 Check the server machine you wish to add to make sure that Pervasive PSQL services are running You may use Pervasive PSQL Control Center for this verification 2 From AuditM aster Viewer select Server Add The Locate amserver on Your AuditM aster Server dialog box appears Locate amserver on your AuditMaster Server 2 x Look in ja amserver on db_server ex Ee Ej aj amserver History amp Desktop My Documents NES My Computer iam Za we Files of type Jamserver x Cancel My Network P I Open as read only 8 2 Adding and Removing Servers 3 Enter the path to the file amserver to read the settings for the AuditM aster server to which you want to aclient connection This path is server PVSWAU DIT DATA amserver in a default installation where server is the name of the Pervasive PSQL machine with the database to be monitored N ote that a share name other than PVSWAU DIT may have been chosen 4 Click Open Theserver you selected is added to the list 101 x File Edit Tools Yiew Server Admin Help DOTAS A l Mdb_serverpvyswaudit DATAS Active Server None Note If your client is unable to connect successfully to the AuditM aster
118. o Next Where to Go Next The following topics may be of interest To install the application see Chapter 2 Preparing to Install Pervasive AuditM aster To learn about basic operations see Chapter 4 AuditM aster Basics m To find troubleshooting information see Appendix A Basic Troubleshooting 1 5 Introducing Pervasive AuditM aster chapter Preparing to Install E 2 Pervasive AuditM aster Preparation N eeded for Installation or U pgrade This chapter contains the following topics a Installation Overview a Installation Checklists 2 1 Preparing to Install Pervasive AuditM aster Installation Overview Product Components Utilities This section provides an quick summary of Pervasive AuditM aster product components utilities and documentation AuditM aster consists of the following product components a Event handler 32 bit and 64 bit versions available a Viewer client and utilities Data definition files Documentation See What Is Pervasive AuditM aster for an overview The AuditM aster Viewer client provides several utilities to control and manage audit activities These are listed in the following table Table2 1 Pervasive AuditM aster Utilities Utility Use Audit Configuration Set up and manage data monitoring See Chapter 6 Working with Audit Configurations Query Builder Create run and save queries of audit records See Chapter 7 Queryin
119. o move them to Selected Columns Clicking Select All moves over all columns 7 37 Querying Audit Records 7 38 Select the Rows to Print All Rows Click to select all rows of thecolumns you selected A Rangeof Rows Click to define arangeof rows and change the row numbers shown which by default indicate the rows you highlighted in the audit record grid before you opened Report Builder Under Report Format set the appearance of the report Table Border If you want the tables to have borders select the border type from the drop down list Print Page Numbers Check the box beside the option to include the page number Select whether to print the page number in the Left Footer or Left H eader of the printout as well as whether to include Date and Time Print Report Title Select whether you want the report title to appear On Every Page or On the First Page Only Print Dateand Time Select if you want the date and timeto appear in the footer of each printed report page When you are finished click Print Preview The Report Print Preview window displays the report on screen as it will be printed From the File menu in the Report Print Preview window you may do the following Select Save Report As to save the current report settings for future reuse Select O pen Report to use the settings in a saved report Select Page Setup to adjust standard page settings Select Print Setup to adjust standard printer setti
120. of Archive Files to show in the Data Tree 2 999 z Cancel 2 Set the maximum number of archives to show and click OK Note In the data tree you may need to right click the Archived Files icon and select Refresh All to update the display Working with Archived Audit Records Using Archive Archive M anager isa tool for handling audit archives Before using Manager it first read Working with Archived Audit Records In the data tree you handle one archived file at a time but Archive M anager allows you to work with several archived files as a group TheTools Archive Manager command displays its window if Archive Manager x Uncompressed Compressed FileName Stat Date EndDate Records Size Compress Decompress Delete SA Clears This example corresponds to Archived Files in the data tree E Archived Files 0 total dee m None After auditing has occurred the data tree might appear like this 5 Archived Files 5 total occ EE 20040220 04 E 20040220 03 E 2004022002 3 20040220 01 20040220 00 7 11 Querying Audit Records And the Uncompressed tab would show this Uncompressed Compressed FileName StartDate End Date Records Size 20040220 04 2 20 2004 2 20 2004 195 172 032 20040220 03 2 20 2004 2 20 2004 181 155 648 20040220 02 2 20 2004 2 20 2004 181 155 648 While the Compressed tab would show this Uncompre
121. ord TheChange Password dialog box appears if Change Password x Current Password New Password Confirm New Password Enter your current password in the field provided 4 Enter the new password in both fields provided The password is case sensitive can be up to 10 characters long and may use any numbers or letters 5 Click OK Your password is changed and must be used the next time you login to AuditM aster Note The built in user ID admin has the default password MASTER Passwords are case sensitive user names are not For information on the relation of AuditM aster logins to database and OS logins read Displaying Audit Records under Pervasive PSQL Security Running AuditM aster under Pervasive PSQL Security Running AuditMaster under Pervasive PSQL Security You can run AuditM aster under the Pervasive PSQL database security features We recommend you first familiarize yourself with the security chapter in the Pervasive PSQL Advanced Operations Guide AuditM aster installation under Pervasive PSQL security varies Under Classic security policy it does not differ from a standard installation Under Mixed or Database policy however login authorization rights and storing of security credentials vary After installation AuditM aster may require security configuration The following table summarizes default configurations under the three Pervasive PSQL security policy settings N A means no
122. ord grid 7 19 Querying Audit Records Using the Files TheFiles tab allows you to select which current view and Tab uncompressed archived files to include in a query gt To select which files to include in a query 1 From the Query Builder window click the Files tab Figure 7 4 FilesTab Current iew File from DB_SER VER P SWAUDIT DATA Pervasive AuditMaster Query Builder Who Did What From Where When How Advanced Script Files Select the files to be queried _ FieName StartDate End Date No Records M Current View File 2 17 2004 I 20040216 00 2 10 2004 2 16 2004 Refresh List Clear Selections UGE Isees Sa Selected Records 108 Output type Screen Execute Save Cancel Current View File from DB_SERVERSPVSWAUDIT DATAS 2 Click checkboxes to make or clear file selections for the query then continue with query settings in other tabs as needed Only uncompressed files can be queried If a file you want to query is not listed you will need to decompress it 7 20 Running a Saved Query or Last Query Executed Running Queries Note The larger the file the longer it takes to decompress and become ready to query For large files to be sure that all records are ready usetheAdmin View Status Log command to check the status log for the finished decompressing message even if thefileicon shows as uncompressed You may also
123. ords intact but you can no longer use them unless you configure another application to access AuditM aster archived files gt To remove AuditMaster Viewer from a Windows client Removing AuditM aster from a Windows client is the same as for a Windows server except that you select Pervasive AuditM aster Viewer for removal 3 11 Installing Pervasive AuditM aster 3 12 chapter AuditM aster Basics E An Overview of AuditM aster Basics This chapter explains the basics of AuditM aster use covering the following topics Starting the AuditM aster Client Loggingin from an AuditM aster Client Changing Your User Password a Running AuditM aster under Pervasive PSQ L Security Restarting the AuditM aster Event Handler Using Shortcut M enus AuditM aster Basics Starting the AuditMaster Client AuditM aster Viewer isaclient interfacefor querying displaying and reporting database transactions logged by the AuditM aster event handler gt To start AuditMaster Viewer Access AuditM aster Viewer from the operating system Start menu or Start screen Before you can use AuditM aster you must login See Logging in from an AuditM aster Client Logging in from an AuditM aster Client Logging in from an AuditMaster Client AuditM aster requires a user account with name and password The type of account determines access to AuditM aster menu commands User A regular user is able to query a
124. ory on remote server where AuditMaster amserver file resides Optional if amserver resides on the same machine as the client h Help Example C gt amschemamaint list Current schema configurations Pervasive PSQL Generic lt default version gt Pervasive PSQL Demo 10 0 Pervasive PSQL Demo 10 Pvideo 1 0 C gt amschemamaint list a server_name volume_name audit data Current schema configurations Pervasive PSQL Generic lt default version gt Pervasive PSQL Demo 10 0 Pervasive PSQL Demo 10 Pvideo 1 0 QueryingAudit Data Directly through SQL Querying Audit Data Directly through SQL TheAuditM aster Viewer client and its query builder arenot the only means of access to audit records You also can run direct SQL queries against audit records To do so you must first use the Query Data Model Generator QDMG utility provided with AuditM aster The utility generates a script to create a virtual database of views linked to audit records in the AuditM aster system Both current view and archived audit records can be queried directly using the query data model method Direct queries can support applications to create reports or otherwise display audit records as well as serve development and debugging purposes Use cases are provided to demonstrate how to apply the direct query method to the Demodata database included in the Pervasive PSQL installation This section covers the following
125. ot available Login errors are listed with the invalid user name and or database name For SQL logins the host nameis not known at login time but afterward the host name becomes available and is displayed for SQL Operations Under M ixed security database logins match OS or network logins Note For moreinformation on database operationsin a Pervasive security environment see the security chapter in Pervasive PSQ L Advanced Operations Guide 7 43 Querying Audit Records Using AuditMaster Undo On Windows platforms the AuditM aster Undo command makes it possible to reverse certain database events Successful results depend on the operation to be undone and the current state of the record involved which may have changed again since the event occurred e g unique indexing In the case of updates to application data fields the Before and After columns in the detail view identify what data value AuditM aster can attempt to restore to the Before state Table 7 6 Results of Undo Command Operation Results of Undo Insert Deletes record if it still exists and no other conditions stop insertion Delete Reinserts record if it does not exist or if it does so long as duplicates are allowed and no other conditions prohibit the insertion Update Restores Before state of record if it still exists and no other conditions stop the update lt 3 Caution Before attempting an undo consider the following
126. ould all be set to server amdir data If thepaths werenot initialized properly during install they should be set to server amdir A 5 Basic Troubleshooting No Records Returned by Query Despite Changes to Application Data A 6 1 Be sure the AuditM aster event handler is enabled Theevent handler can be enabled from the viewer by right clicking on the monitor name under the Active M onitors node in the data tree ThePervasive PSQL database engine must be running in order for amonitor to be enabled or disabled Oncetheevent handler has been enabled the database engine must be restarted for auditing to start Check that the application files have been set for monitoring in an audit configuration Ifthe event handler is enabled and thefileshavebeen configured be sure to update the view file before querying Review the query to check that it is not so narrow that the result is no record Check the audit filter to make sure the trusted list is not preventing audit records from being captured Check that archiving hasnot just occurred meaning that records of interest are no longer in the empty log file Check both AuditM aster and Pervasive licenses for activation or expiration N amp work Communications Network Communications Pervasive System Analyzer PSA is a diagnostic utility included with the Pervasive PSQL database engines PSA can be used as a stand alone diagnostic tool to
127. play the hexadecimal content If the schema has been imported then column names are displayed Figure 7 5 Structure of an Email Alert AuditMaster Alert Fired e Alert ID 1 i Name Student Deletes Desc Removal of records from the Student table ecord Net Address Net User ID Process Monitor Ver OS Ver Retum Code ID Cumulative GPA Tuition_ID Transfer_Credits Major Minor Scholarship_Amount Cumulative_Hours Application Record poun Op Contest BRIE Operation Delete Dere e A Product ervasive SQL Den Audit Record PreuctVer pO Component oOo e e omponent Ver po Student Demodata Additional nnn Information ViewPan DB SERUERIEUSWAUDINGE Server NetID OOBDEBTECIG 7 32 Working with Alerts Setting a RunProgram Action gt To set a program to run as an alert action 1 If the Alerts window is not open select File Alerts select the alert to configure click the Action button click RunProgram and click the Select button TheRunProgram action moves to the Selected Actions column iy Action for Alert New Students x Available Actions Selected Actions D Action Name D Action Name 1 EmailAlert RunProgram 2 With theRunProgram item selected click the Configure button TheConfigure Programs window appears a Configure Programs x Available Programs Selected Programs 7 33 Querying Audit Records 3
128. r start manually 3 If aserviceis not started select it in the list and click Start How to Ge Additional H elp How to Get Additional Help Pervasive Software strives to ensure that your product installation is easy and successful If you encounter problems during or after the installation that are not covered in the user documentation please contact Pervasive Software and we will address your problem promptly Thefollowing table lists a variety of resources to help you get answers to your questions troubleshoot problems and interact with the Pervasive team as well as with other customers TableA 2 Pervasive Software Resources Resource Description Contact Information Pervasive PSQL Web site The site is a great source for everything http www pervasivedb com Pervasive PSQL such as the following e Product downloads for Pervasive PSQL Pervasive AuditMaster Pervasive Backup Agent and Pervasive DataExchange e Technical support and Knowledge Base e Discussion forums Software development kit SDK downloads Product documentation white papers and technical papers Component downloads such as tools solutions and code samples Company contacts and more Pervasive PSQL FTP Site An FTP site is available to upload files that ftp ftpsupport pervasive com you want to provide Technical Support Pervasive PSQL Newsgroup The Pervasive PSQL newsgroup is news comp databases bt
129. re Inc Microsoft MS DOS Windows Windows 95 Windows 98 Windows NT Windows Millennium Windows 2000 Windows XP Win32 Win32s Windows 7 Windows 8 Windows Server 2008 Windows Server 2012 and Visual Basic are registered trademarks of M icrosoft Corporation N etW are and Novell are registered trademarks of Novell Inc N etW are Loadable M odule NLM Novell DOS Transaction Tracking System and TTS are trademarks of Novell Inc All other company and product names are the trademarks or registered trademarks of their respective companies Copyright 2013 Pervasive Software Inc All rights reserved Reproduction photocopying or transmittal of this publication or portions of this publication is prohibited without theexpress prior written consent of the publisher This product includes software developed by KeyWorks Software Copyright 2002 K eyW orks Software All rights reserved Pervasive AuditMaster User s Guide March 2013 100 004179 009 Contents 1 Introducing Pervasive AuditMaster 05065 Understanding Pervasive AuditM aster and Its Capabilities Features of Pervasive AuditM aster ooa a Pervasive AuditM aster Components aoaaa ee WheretoGoNext c eraasi u inr kei a a einh oE nea 2 Preparing to Install Pervasive AuditMaster Preparation Needed for Installation or Upgrade Installation Overview aoaaa a aa Product Components aaa a HUNTE aen a ak Senta cdi Seek ee Saks a eh a
130. remove it gt To replace the default network share with a local path name 1 On the machine where AuditM aster server is installed open AuditM aster Viewer from the operating system Start menu or Start screen The Pervasive AuditM aster window appears listing servers available for monitoring if Pervasive AuditMaster loj xj File Edit Tools View Server Admin Help D TAS Ela MDB _SERVERSPYSWAUDIT SADATA Active Server None 2 Right click a server configuration to select Login You may also doubleclick Removing the N work Share The AuditM aster Login dialog box appears a AuditMaster Login User Name I Password Cancel 3 Enter an AuditM aster administrative login name and password and click OK Note The built in user ID admin has the default password MASTER Passwords are case sensitive user names are not To changethis password see Changing Your User Password For information on the relation of AuditM aster logins to database and OS logins read under Displaying Audit Records under Pervasive PSQL Security 4 SelectAdmin Server Settings The Server Settings dialog box appears On the left the AMMON path settings are at the top of the list and are already highlighted a Server Settings x I Section A 1 DB_SERVER PVSWAUDITS arch AMMON SETTINGS Compress Path DB_SERVER PVSWALDIT comp AUTOMATED ARCHIVING Config Path DB_SE
131. rieve managed by the end user community posting and answering questions as they wish Note that the discussion forums on the Pervasive PSQL Web site have largely replaced activity on the newsgroup Pervasive PSQL Printed Documentation Printed versions of each manual are E mail database pervasive com available for purchase separately or you may purchase the entire documentation set or telephone 1 800 287 4383 Basic Troubleshooting Technical If you still have questions or problems relating to your Pervasive Support AuditM aster installation you can obtain help from the Pervasive Software Customer Support department A 10 appendix Advanced Operations E R Features for Power U sers and Programmers This advanced operations chapter is for power users and programmers who need utilities and methods for accessing audit system beyond what is offered in AuditM aster Viewer Managing Schemas from the Command Line Querying Audit Data Directly through SQL a Usingthe Delta Alert Utility Advanced Operations Managing Schemas from the Command Line AuditM aster Schema M aintenance Wizard has a command line version amschemamaint exe located under lt installation directory gt Audit Bin in a default installation The AuditM aster installation calls this utility to create the Pervasive PSQL Demo and Pervasive PSQL Generic audit configurations by importing the following two files from t
132. rt 1 Select File Alerts if the Alerts window is not open and select an alert to configure New Students Inserts of new students in demodata O Sai Action Delete Close 7 27 Querying Audit Records 7 28 2 Click Edit TheAction for Alert window appears iF Action for Alert New Students x Available Actions Selected Actions in Action Name D Action Name Emaildlert Select gt RunProgram Remove Configure 3 Select at least one of the built in alerts and click the Select button EmailAlert TheEmailAlert action sends an email to aspecified group of addresses when an alert condition is met To configure the email alert action proceed to Setting an EmailAlert Action RunProgram TheRunProgram action runsa specified program on the server when an alert condition is met To configure the program proceed to Setting a RunProgram Action 4 Click OK Selected actions are now set for the alert and will be performed if the alert condition is met Note After creating or changing an alert close AuditM aster Viewer and restart the AuditM aster event handler so that the alert takes effect See Restarting the AuditM aster Event Handler Working with Alerts Setting an EmailAlert Action gt To set email groups and addresses for an alert 1 If the Alerts window is not open select File Alerts select the alert to configure click the Action button click EmailAlert
133. s db_server pyswaudit DATA D Active Server None a A 12 Right click aserver configuration and select Login You may also double click the configuration 3 8 Installing AuditM aster Viewer as Client Only The AuditM aster Login dialog box appears AuditMaster Login x User Name I Password Cancel 13 Enter a valid user name and password and click OK to activate the command menus The Viewer client is now ready to use Note AuditM aster has a built in user ID admin for which the installation sets the default password MASTER Passwords are case sensitive but user names are not For security reasons you will want to consider changing this password Note that AuditM aster user accounts are unrelated to network local or database user logins For remote client access to a Pervasive PSQL system with security policy is set to either M ixed or Database follow the instructions under Running AuditM aster under Pervasive PSQL Security 3 9 Installing Pervasive AuditM aster Common Questions After Installing Pervasive AuditMaster 3 10 This section contains information that you may have after running the installation program Where are the AuditMaster release notes Thereadme_am htm file is located under the root directory on the Pervasive AuditM aster CD ROM as well asin the installation directory on the server after installation Do I have to configure anything in Pervasive
134. s on a particular date events from a selected table or changes that were made by only one particular user Figure 7 3 Query Builder Window Current iew File from DBSERVER P YSWAUDIT DATA x Pervasive AuditMaster Query Builder Query Tabs Who Did What From Where When How Advanced Script Files Restrictions for selected criteria Select the users whose activities you would like to view M All Users Execute Performs the query Save Saves the current query for reuse Cancel Closes Query Builder Refresh List Output type Screen Current View File from DBSERVER PVSWAUDITS DATAS This section covers the following topics Displaying All Audit Records a Restricting a Query a Building an Advanced Query a Using the Files Tab a Running a Saved Query or Last Query Executed 7 13 Querying Audit Records Displaying All Audit Records Restricting a Query 7 14 Thesimplest query in the Query Builder window is to display all audit records gt To display all available audit records 1 Selecta current or archived view file 2 Select File Query or right click and select Query The Query Builder window appears 3 By default all options in each tab are selected To display all AuditM aster data for this file simply select Execute Audit records are displayed in the grid in the upper right hand pane of the viewer Query Builder providesta
135. sage example B 29 example B 25 overview B 22 setting mail recipients B 24 Detail view audit records description 7 7 Did What query tab using 7 14 Disk full opening the status log viewer when 8 16 restarting the status log after A 4 Documentation for AuditM aster 2 3 E EmailAlert action setting 7 30 Error message 108 8 3 Export tool using 7 43 F Features 1 3 Files tab using in queries 7 21 G General tips audit record numbering A 2 configuring audited files on the same machine as AuditM aster server A 2 2 Index Pervasive PSQL optimization A 2 H Hardware required to install AuditM aster 2 5 How query tab using 7 14 l Importing schemas 6 18 Installation of AuditM aster See AuditM aster installing K Keys changing 8 22 L Last query executed running 7 22 License authorization 2 5 Log event handler description 1 4 MAC or IP address displayed in audit record 7 6 M enus shortcut 4 12 Monitoring Pervasive PSQL status codes 7 6 SQL logins 7 6 N Network communications testing A 7 Network share removing 8 6 Numbering audit record limit A 2 P Permissions required to install AuditM aster 2 5 Pervasive PSQL status codes as audited operations 7 6 Pervasive PSQL utilities See Utilities Pervasive Software Website A 9 Printing reports 7 38 Product components of AuditM aster 2 2 Prompt for Client Credentials setting to run AuditM aster in a secure database 3 3 4
136. se scripts using the virtual database D emodataV created earlier The examples are intended to illustrate how you can write your own versions of these scripts gt To reset the virtual database for an archived file query 1 Tousethesesteps you need an archived file Open AuditM aster right click the Current View File and select Archive AuditM aster moves current audit records to an archived file 2 Doubleclick theArchived Files node to open it then right click the node and select Refresh All Thenewly created archived file appears in the list B 17 Advanced Operations Current View File FA Archived Files FJ 20050602 00 3 Notethenameofthefile which in thisexampleis 20050602 00V If you wish to seethat the V isin the filename suffix look in the archive folder e g C lt installation directory gt Audit Arch 4 InPervasivePSQL Control Center select File SQL Document 5 When asked to select a database click DemodataV 6 Inthenew SQL document run all of the following SQL statements You may copy and pastethem in SQL Editor Usethe name of your own archived file instead of 20050602 00V This script resets the virtual database to the uncompressed archived file 20050602 00V ALTER TABLE AMSamlog IN DICTIONARY USING lt installation irectory gt Audit Arch 20050602 00V TER TABLE Billing IN DICTIONARY USING installation ectory gt Audit Arch 20050602 00V ER TABLE Class IN DICTIONARY USING lt install
137. ser currently logged into an Password AuditMaster server Admin View Status Displays the status log of Pervasive AuditMaster activity Log Available only to administrative Audit Sets the files for an AuditMaster server to monitor including any operations to be monitored for individual files User Maintenance or Allows you to add or remove users 5 6 Server Maintains paths and other system settings for an AuditMaster server Settings Help Contents Provides an online version of the user s guide Trouble Provides steps for troubleshooting common problems For additional shooting support visit www pervasive com Index Displays the index of the user s guide About Displays Pervasive AuditMaster version information AuditM aster Viewer GUI Visual Reference Table5 1 Menu commands Menu or Toolbar Command Description Visible Columns A drop down list to set which columns display in the audit record grid For steps see Setting visible columns in the audit record grid Data Source Data Tree Audit Record Grid Audit Record Detail AM Server and The toolbar lists the current AuditMaster server login and the audit files selected for the last query as shown in the following examples AM Server DB_SERVER PVSWAUDITS DATA Data Source Current View File DB_SERVER PVSWAUDIT data amview Data Source Multiple View Files i e both current view and arch
138. server you may receive a 108 error message The cause may bea faulty network mapping or other network problem It may also involve a license key with too low a user count See Authorization License 5 Right click a server configuration to select Login You may also double click 8 3 Administering AuditM aster The AuditM aster Login dialog box appears iF AuditMaster Login 6 Enter a valid user name and password and click OK Note The built in user ID admin has the default password MASTER Passwords are case sensitive user names are not To change this password see Changing Your User Password For information on the relation of AuditM aster logins to database and OS logins read under Displaying Audit Records under Pervasive PSQL Security The new server is now ready for monitoring Editing the Server Description Removing a Server Adding and Removing Servers When a server is added for monitoring its default namein the data tree uses the path nameto the Data folder in the AuditM aster home directory If needed you can assign a more meaningful name Note Data tree names have no effect on network names gt To edit a server description 1 Inthedatatree right click the server icon and select Edit Server Description The Edit Server Description dialog box appears xl Server Description db_server PVSWAUDIT data Cancel 2 Replacethe string with new text You may
139. sides on the same machine as the client d Path name of database schema ddf files to import m Master password if database is secure p Name of application to which the data belongs for Product Name field in Audit Configuration window With spaces use quotation marks S Further description of product for Product Description field of Audit Configuration window V Version number of the application to which the data belongs for Version field in Audit Configuration window i Path and file name from which to import h Help Example C gt amschemamaint import d d lt installation directory gt demodata p Pervasive PSQL Demo v 10 0 s Pervasive PSQL Demonstration Data a server name volume_name data Advanced Operations export AuditM aster Schema M aintenance export utility Description Exports a schema from a Pervasive PSQL database to a file for later importing into AuditM aster Syntax amschemamaint export d database path m password p product name v version s description e file path_name Options Option Description d Path name of database schema ddf files to import m Master password if database is secure p Name of application to which the data belongs for Product Name field in Audit Configuration window With spaces use quotation marks S Further description of product for Product Description field of Audit Configuration window
140. sive PSQL services must not be running 18 If Pervasive PSQL Control Center PCC isnot running start it from the operating system Start menu or Start screen 19 In Pervasive PSQL Explorer right click the Services node and select Stop All Services 20 InWindowsExplorer open the folder drive Pervasive PSQL root directory The shared folder Audit appears in the list of files 8 13 Administering AuditM aster 8 14 21 22 23 24 25 26 Right click the shared folder icon and select Properties The Properties window appears Select the Sharing tab The Sharing pane comes to the front Select Do not share this folder and click OK The share is deleted and the Properties window closes In Pervasive PSQL Explorer right click the Services node and select Start All Services After the services have restarted verify that AuditM aster is working properly without a network share by openingtheviewer to login Open AuditM aster Viewer from the operating systen Start menu or Start screen The Pervasive AuditM aster window appears showing the available server i7 Pervasive AuditMaster Active Server Pervasive SOL oj xj File Edit Tools Yiew Server Admin Help OTS a S Active Server ee Right click the configuration to select Login You may also double click Removing the N work Share The AuditM aster Login dialog box appears y AuditMaster Login x User Name I Password
141. ssed ji i FileName Start Date End Date Records Size 20040220 01 2 20 2004 2 20 2004 176 33 693 20040220 00 2 19 2004 2 20 2004 62 14 912 In each case the appropriate buttons are available at the bottom of the Archive M anager window Command Compress Compress the file Decompress Decompress the file Delete Remove the file permanently Select All Highlight all files in the list Clear All Clear highlighting on selected files Close Close Archive Manager To use Archive M anager click a button command after clicking afile to highlight it Use the SHIFT key to select a range of files or the CTRL key to add asinglefileto the currently highlighted selection Win The larger the file the longer it takes to decompress and become ready to query For large files to be sure all records are ready select Admin View Status Log to check the log for the finished decompressing message even if the file icon shows as uncompressed You may also want to right click Archived Files in the data tree and select Refresh All to update the display 7 12 Running Queries Running Queries To display audit records from acurrent view or archived file you must first run a query using AuditM aster Query Builder You may query for all available audit recordsin thefiles you select or you may restrict the query to Who Did What From Where When or How For example you can search for audited event
142. t applicable Table 4 1 Summary of AuditM aster Configurations under Pervasive PSQL Security Policies Security Policy for Classic Mixed Database DefaultDB Security Enabled N A Yes Yes Paths Entered in Data Locations for C lt installation directory gt Samples C lt installation directory gt Samples C lt installation directory gt Samples DefaultDB C lt installation C lt installation C lt installation directory gt Audit default directory gt Audit default directory gt Audit default Entered but not used Data and ddf files Data and ddf files OS Authentication OS or network login OS or network login N A DB Authorization N A Database login Database login AuditM aster Basics Table 4 1 Summary of AuditM aster Configurations under Pervasive PSQL Security Policies to DefaultDB with all database rights granted then create AuditMaster users as members of the AuditMaster group Database user names and passwords must match OS or network logins exactly Security Policy for Classic Mixed Database DefaultDB Database Users N A Add AUDITUSERS group Add AUDITUSERS group to DefaultDB with all rights granted then create AuditMaster users as members of the AuditMaster group Database user names and passwords can differ from OS or network logins if they exist Pervasive PSQL Security Configuration None required See To configure Pervasive PS
143. talling L Your system meets minimum hardware and software requirements LI You have full administrator level permissions and privileges on the machine where you plan to install AuditM aster LI You havea license unless you want a trial version LJ Attheend of theinstallation you have access to the latest release notes On Windows servers the Pervasive PSQL database engine must be stopped and restarted during AuditM aster installation If your business prohibits stopping thedatabase during certain hours install AuditM aster at an acceptable time Back up any important files on the target hard drive including data files before you proceed Before starting installation disable any antivirus and antispyware applications These may be reenabled immediately after installation is complete If you do not disable antispyware be prepared when prompted to allow various installation tasks to execute Permissions and Privileges Authorization License Installation Checklists To install Pervasive AuditM aster you need the following Full administrator level rights on the machine where you are installing either AuditM aster or its viewer client m Under Windows 2003 2000 or XP the File and Printer Sharing for Microsoft N etworks component must be enabled in the Local Area Connection properties on the Pervasive PSQ L server where AuditM aster is to monitor data If you enter no license key during installation you wi
144. tatus Viewable Records in file 48 Size in kb 200 Description Last Record 02 17 2004 15 44 55 First Record 02 16 2004 Last Record 02 17 2004 You may now query for the audit records you want to display Note The Update Status step is optional H owever since the time to finish the update depends on the size of the log file it may be helpful to verify that the update has finished For large updates to be sure that all records are ready for query update status and then check the status log for the end of current view file update message Displaying Audit Records To display audit records Click the current view fileor an archived filein the data tree Do one of the following Right click the file and select Query Select the File Query command In thetoolbar select the new query icon LJ The Query Builder window appears Figure 7 1 Query Builder a Current iew File from DBSER ER P SWAUDIT DATA a ea eo ee Current View Fie from DBSERVER PVSWAUDITDATAN o 7 3 Querying Audit Records 3 Click the Files tab to check the range for the query The Files tab shows the files available for audit record query af Current iew File from DB_SER ER P SWAUDIT DATA x Pervasive AuditMaster Query Builder Who Did What From Where When How Advanced Script Files Select the files to be queried _ FileName Start Date End Date No Records Curent View
145. the full range of events in your database and also stores database records before and after changes occur whether from transactions by third party applications or from direct changes to data A query builder A graphical interface for customizing queries and tracking errors Alerts Sends email to selected people or launches a selected application when defined events occur Reports Details the who what when where and how behind every transaction in areport either displayed on screen or for hardcopy printing Archive manager Includes compression capability for storage and retrieval of your historical information 1 3 Introducing Pervasive AuditM aster Pervasive AuditMaster Components The following table shows the three main software components that work together in AuditM aster Table1 1 AuditM aster Components Component Description Log event handler Back end component for monitoring and logging information about all database activity The event handler runs on the database server at all times The Log event handler is avaiable for both 32 and 64 bit platforms Data definition files Schema information required by the AuditMaster Viewer client to interpret readable data fields in monitored database records and to enable alerts set to specific fields within a record Viewer Front end user interface for querying presenting and reporting database events logged by AuditMaster 1 4 W hereto G
146. tion covers the following topics Importing a Schema from Pervasive PSQL m Removing a Schema from AuditM aster 6 18 Importing a Schema from Pervasive PSQL M anaging Schemas The following example steps you through using the AuditM aster Schema M aintenance Wizard to import a schema from a Pervasive PSQL database It uses the same fictional video store asin the previous example and while no files are provided for hands on practice after reviewing the steps you should be ready to export a schema from your own application A command line version of the wizard is described under M anaging Schemas from the Command Line Note If you have set Pervasive PSQL security policy on the DefaultDB database to M ixed or Database then before working with anew schema for an audit configuration you must first add its path to the list of data locations for D efaultDB See details under Running AuditM aster under Pervasive PSQL Security gt To import a schema from a Pervasive PSQL database 1 Access Schema Maintenance Wizard from the operating system Start menu or Apps screen The Schema M aintenance Wizard appears Schema Maintenance Wizard for Pervasive AuditMaster Welcome to the Pervasive AuditMaster Schema Import Wizard Before AuditMaster can display records in proper field format or define field based triggers it must know the schema data definition of your database PEER PL This wizard will guide you through import
147. ucture see Running a Query on the Current View File for steps to run a query on the DemodataV example The following table compares the columns of an audit record with those displayed in the AuditM aster Viewer grid QueryingAudit Data Directly through SQL TableB 1 Audit Record Columnsin a Virtual Database versus AuditM aster Viewer Virtual Database AuditMaster Viewer Description AMS rec_id Record No Incremental number for audit record AM opdate Date Capture date for audit record e g 2005 06 07 AM optime Time Capture time for audit record e g 17 04 30 AM dbms_id Internal use AM dbmsverkey Version of Pervasive PSQL system AM opcontextkey Operation Context Normal operation e g BTRIEVE or error AM opcode Internal use AM optext Operation Database event Events can include any item in Operations list of the Did What tab in Query Builder SQL logins display in this column Selected Pervasive PSQL status codes also appear here when first selected in the Errors to Audit section of the Server Settings window AM dep_rec_id Dependent Record Record number for an earlier related record e Modify before record for modify after record e Begin transaction record for end abort transaction record AM prod_id Internal use AM prodverkey Product Version As listed in audit configuration for monitored files AM product_name Product As listed in audit configuration for mo
148. uing example in this section Steps for asimple query are given as well as those for a more complex delta query to compare Before and After field values gt To run a simple query for DemodataV audit records 1 In AuditM aster set the built in Pervasive PSQL Demo audit configuration to monitor the Student table in Demodata then restart the event handler to activate the configuration 2 Open Pervasive PSQL Control Center open the Demodata database then open the Student table In SQL Editor the default query SELECT FROM Student returns all rows 3 Thefirst row should contain thestudent D 190907350 Click the GPA field for this student change 4 000 to 3 000 and press Enter 4 In Pervasive PSQL Control Center select File New SQL Document 5 When asked to select a database click DemodataV 6 Inthenew SQL document run the following query You may copy this statement and paste it in SQL Editor SELECT AMSrec_id AMSopdate AMSoptext ID Cumulative GPA FROM VStudent Thequery should return a result like the following AMSrec_id AMSopdate AMSoptext ID Cumulative GPA 637 6 2 2005 Modify Before 190907350 4 000 638 6 2 2005 Modify After 190907350 3 000 B 15 Advanced Operations AMS rec_id AMSopdate 637 6 2 2005 B 16 gt To run a delta query to compare Before and After fields For amore complex example you may run a delta query to compare Before and After values The gener
149. ultD B appear 13 Select checkboxes for all database rights including Create Table and click Close No specific tables need be added to the list AuditM aster Basics 14 In Pervasive PSQL Explorer under DefaultDB right click Users gt New gt User The New User window appears x User Create a user amp Name MOOS O Password Poo Confirm Password PO Group Poo 15 Enter auser nameand password for an AuditM aster user and select auditusers from the drop down list Note the following Under Mixed security a user name and password must match an OS login Under Database security a user name and password are unrelated to any OS login 16 Click Finish 17 Return to step 14 for to add other AuditM aster users as needed Once AuditM aster users are added those with administrative rights within the AuditM aster application may begin to create audit configurations as described in Chapter 6 Working with Audit Configurations See also information under Displaying Audit Records under Pervasive PSQL Security 4 Caution After enabling and configuring AuditM aster under Pervasive PSQL if you need to change database security policy first closeall AuditM aster Viewer clients Neglecting to do so will produce permission errors in the form of status code 94 4 10 Restarting the AuditM aster Event H andler Restarting the AuditMaster Event Handler M ost changes to AuditM
150. use spaces 3 Click OK The server icon in the data tree has a new name When you remove a server connection from an AuditM aster viewer client data tree the client no longer has access to that server However auditing continues on the server and existing audit records users and settings remain because the server is where they are stored If you add the server connection again everything that was present before is redisplayed in the data tree gt To remove a server 14 Click aserver in the AuditM aster data tree and select Server gt Remove A dialog box prompts you to confirm the removal 2 Select Yes to remove the server The server is removed from the data tree 8 5 Administering AuditM aster Removing the Network Share 8 6 AuditM aster under M icrosoft Windows installs a hidden network share to enable remote client access for AuditM aster Viewer from other machines If you would like to disable the network share for security reasons you can replace it with an explicit local path name after AuditM aster installation This replacement can bedoneonly on the server where AuditM aster is installed not from a remote client No existing audit records are affected but auditing must stop momentarily when you restart the event handler to complete the share removal process Note Removing the network share will prevent remote access by all AuditM aster Viewer clients to the AuditM aster system Be sure that you want to
151. you change your mind If you selected multiple records to undo you may select Yes to All to attempt to undo all of them without further interaction or use the Skip and Yes buttons to work through them one at a time Note An undo operation is itself captured as an audit record and can be reversed by an additional undo 7 45 Querying Audit Records 7 46 chapter Administering AuditM aster _ A Walk through of Administrative Tasks Asan administrator you will perform certain tasks to define how AuditM aster operates As for adding audit configurations the menu commands for these tasks are available only to users with administrative rights a Adding and Removing Servers a Removing the Network Share Reviewing System Activity in the Status Log a Maintaining Users a Setting the Audit Filter a Maintaining Server Settings Administering AuditM aster Adding and Removing Servers In AuditM aster a server is a Pervasive PSQL server on which an AuditM aster event handler is running The file amserver contains the server connection settings used by AuditM aster This file is typically located on the server in the data folder of the AuditM aster installation directory This section provides instructions for the following topics a Adding a Server a Editing the Server Description m Removing a Server Adding a When you add an AuditM aster server you enable the AuditM aster Server Viewer clie
Download Pdf Manuals
Related Search