DAM QuickStart (Metadata policy)

This guide leads you through the process that monitors your target database and results in generating alerts for a Metadata policy and export an alert list from monitoring your target databases.

Note: All GUI fields marked with an asterisk (*) must be filled in or specified.
The example used in this guide assumes you will monitor an Oracle target database with the audit_trail parameter set to DB_EXTENDED. You will apply a Data-Table policy and generate alerts for the Security Violation rule and Suspicious Databases Users rule. Before starting a target connection, you mustmake sure that your target database is configured properly to be monitored by FortiDB. For details about configuring Oracle target databases, see Configuring the Oracle Target Database

Depending on the setting of the audit_trail parameter in your target database, you must select a different FortiDB collection method as shown below:

Audit_trail setting in your Oracle target database FortiDB Collection Method
XML, EXTENDED XML File Agent: For this option, you mustrun the FortiDB XML file agent. To run the FortiDB XML file agent, see Running the Oracle XML File Agent
DB, EXTENDED (used in this example) DB, EXTENDED
DB DB, EXTENDED: for Oracle 9i only.
  1. Login to FortiDB as the FortiDB admin user using fortidb1!$ for the password .
  2. Create a target database connection.
    1. Go to Target Database Server > Targets.
    2. Select the Add button. The Target page will display. The General tab is selected.
    3. Enter the information in the text boxes marked with an asterisk (*) with settings appropriate to your target database. Assume an Oracle target with these parameters:
      • Name: Enter your target_name
      • Type:Select your database type (Oracle)
      • DB Host Name/IP: Enter IP address or computer name on your system that contains the Oracle target database (ex. test_machie or 172.30.12.112)
      • Port: Enter the port number or leave the default (1521)
      • DB Name: Enter the name of your target database. (ex. orcl).
      • User Name: Enter the name of the your target database.
      • Password: Enter the password of your target database.
      • DB Activity Monitoring: Verify that the 'Allow' check box is selected.
    4. Select the Test Connection button to verify that your target database is reachable and that your connection parameters are correct. You should see a 'Success' message.
    5. Select the Save. target_name and related information should appear on the Targets page.
  3. Configure a Metadata-Tables policy.
    1. Go to DB Activity Monitoring > Monitoring Management. You will see your target database listed in the Target Monitors page.
    2. Click on the name of the target.
    3. In the General tab, confirm the collection method and polling frequency.
      • In the Collection Method field, DB, EXTENDED is selected (for this example).
      • Set the polling frequency (60 seconds by default).
    4. Click the Test button to test the collection method. The "Success" message should be shown at the top of the page.
    5. Go to the Alert Policies tab.
    6. Mark the check box of Tables of Privilege policy .
    7. Click the Enable. The status icon of the Tables policy becomes a green arrow.
  4. Start monitoring your target.
    1. Go to the General tab.
    2. Select the Start Monitoring. Monitor status should show "Running". If you see "NEED_RECONFIGURE" message, go to the Policies tab and click the Reconfigure* button.
  5. Execute actions in your target database to generate alerts.
    Note: To generate alerts for the Metadata-Table policy you configured, execute several SQL statements for your target databases. For example, execute the following statements: 
    create table table1 (column1 int, column2 char);
drop table table1;
  6. Check alerts.
    1. Go to DB Activity Monitoring > Security Alerts. You should see several alerts in the All Alerts page.
    2. To display the alert details, select each alert. To close the alert details, click the triangle icon of Alert Details.
    3. To change the alert status from "Unacknowledged" to "Acknowledged", select the check box(es) of the alerts you want to change the status, and select "Acknowledged" in the Status dropdown list.
    4. Click the Apply. The color of the status icon will change.
  7. Create an alert report.
    1. Select a view from the View dropdown list to display alerts you want to include in the report.
    2. Select one of the formats from the Export as dropdown list.
      Note: The following file formats are supported:
      • PDF
      • Excel
      • Tab-delimited
      • Comma-separated values
    3. Select the Export. The File Download dialog displays. You can open or save the report to a file.
Parent topic: FortiDB Quick Start


FortiDB 5.0.0 Handbook
1st Edition , July 11 2013
© Copyright 2013 Fortinet Inc. All rights reserved.
Latest documentation: http://docs.fortinet.com/fdb.html