Here is a quick step-by-step guide on how to use the Sentinel MySQL collector to point to AGS 6 for audit events. I am running Windows and mySQL for AGS server, but the procedure can be easily adapted to Linux, Oracle or MS-SQL.

Click to view.

Figure 1: Using graphical tool to access MySql database. mysql.exe command can also be used.

e.g. : mysql -u root -p password

Click to view.

Figure 2: spt_audit_event table that contains user(administrators, reviewers, etc) events.

Click to view.

Figure 3: We create a view that will be used by Sentinel to collect events. Alternatively, we could have modified the query in Sentinel collector.

Here is the create view statement:

create view identityiq.general_log as
select CONCAT(FROM_UNIXTIME(LEFT(created, LENGTH(created) - 3)), '.', RIGHT(created, 3)) 
as event_time,action,source as user_host,id as thread_id, 'localhost' as server_id, action as command_type, target as argument from identityiq.spt_audit_event;

Note that we have to convert the bigint format for the created column to a format that Sentinel can read.

Click to view.

Figure 4: general_log view.

Click to view.

Figure 5: Sentinel 7 collector for AGS, MySQL.

You may have to grant additional rights to identityiq user for remote access to mySQL objects, for example:

GRANT SELECT ON identityiq.general_log TO 'identityiq'@'%';

Click to view.

Figure 6: AGS 6 events including login, forward, etc.

I hope this quick article proved to be helpful to you.

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply

Leave a Comment

By: mbluteau
Mar 6, 2012
4:15 pm