Sentinel 7 Collector for AGS 6


By: mbluteau

March 6, 2012 4:15 pm

Reads: 334



Here is a quick step-by-step guide on how to use the Sentinel MySQL collector to point to AGS 6 for audit events. I am running Windows and mySQL for AGS server, but the procedure can be easily adapted to Linux, Oracle or MS-SQL.

Click to view.

Figure 1: Using graphical tool to access MySql database. mysql.exe command can also be used.

e.g. : mysql -u root -p password

Click to view.

Figure 2: spt_audit_event table that contains user(administrators, reviewers, etc) events.

Click to view.

Figure 3: We create a view that will be used by Sentinel to collect events. Alternatively, we could have modified the query in Sentinel collector.

Here is the create view statement:

create view identityiq.general_log as
select CONCAT(FROM_UNIXTIME(LEFT(created, LENGTH(created) - 3)), '.', RIGHT(created, 3)) 
as event_time,action,source as user_host,id as thread_id, 'localhost' as server_id, action as command_type, target as argument from identityiq.spt_audit_event;

Note that we have to convert the bigint format for the created column to a format that Sentinel can read.

Click to view.

Figure 4: general_log view.

Click to view.

Figure 5: Sentinel 7 collector for AGS, MySQL.

You may have to grant additional rights to identityiq user for remote access to mySQL objects, for example:

GRANT SELECT ON identityiq.general_log TO 'identityiq'@'%';

Click to view.

Figure 6: AGS 6 events including login, forward, etc.

I hope this quick article proved to be helpful to you.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Tags: ,
Categories: Access Governance Suite, Sentinel, Technical Solutions

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

1 Comment

  1. By:tsherwin

    Interesting, thank you. Is this leveraging the to-be-released AGS 6 (based on Sailpoint) or some other configuration?