Table of Contents
Advertisement
Section 7.3.2, "Database Users," on page 60
Section 7.3.3, "Database Stored Procedures," on page 60
7.3.1 Database Structure
The database for this security and information event management system created by the installer is
named SIEM, and the default tablespace is named SENDATA1.
The eight largest tables in the database, which store events, events on which actions have taken
place, and aggregated events, are partitioned by day to enable easy management and querying.
7.3.2 Database Users
There are several users created by default:
dbauser: This user is the database owner (database administrator user) and the password is set
during the installation process.
appuser: This user is used by the Identity Audit server process (the ConnectionManager) to log into
the database. The password is randomly generated during the installation process, and it is intended
for internal use only.
admin: This user is the administrator and can be used to log into the Identity Audit Web interface.
The password is set during the installation process.
7.3.3 Database Stored Procedures
At the scheduled maintenance time a job runs to determine whether to add new partitions to the
database. The number of partitions added is governed by the data storage configuration settings,
which are stored in the ESEC_JOB_CONFIG table in the database. The following settings are in
this table:
ADD_MIN: If there are fewer than this number of future (empty) partitions in the database (7, by
default), the stored procedure ESEC_ADD_REQUIRED_PARTITION adds new partitions to the
database.
ADD_MAX: Two hours after the scheduled maintenance time, the stored procedure
ESEC_OFFLINE_PARTITIONS runs to archive or delete all data older than the time period
configured by the administrator. At this time, the following things happen:
1. The archived data is written to flat files in the specified archive directory
2. The archive operation is logged to the ESEC_JOB_STS table in the database
3. The archived data is deleted from the database
4. The search indexes are updated to remove indexes for data that have been removed from the
database
There are two aggregation tables that are used for default reports. The aggregation service is enabled
by default for EventDestSummary (for Target data) and EventSourceSummary (for Initiator data).
60
Identity Audit Guide
Advertisement
Table of Contents
Related Manuals for Novell IDENTITY AUDIT 1.0 - GUIDE
Related Products for Novell IDENTITY AUDIT 1.0 - GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL ACCESS MANAGER 3.1 SP2 - J2EE AGENT GUIDE 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
- NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
- Novell Access Manager 3.1 SP2 Beta 1
- NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
- NOVELL ADMINSTUDIO 9.5
- NOVELL APPARMOR 1.2
Need help?
Do you have a question about the IDENTITY AUDIT 1.0 - GUIDE and is the answer not in the manual?