I would like to configure my session logs in PAM to be administered in an external MySQL server.
CA PAM 2.7.x -- This is an EOL/EOS Version, still part of this article for reference only.
CA PAM 2.8.x -- This is an EOL/EOS Version, still part of this article for reference only.
CA PAM 3.x -- This is an EOL/EOS Version, still part of this article for reference only.
CA PAM 4.x.x
This is for enabling the Symentec PAM Administrators to configure an external MySQL database to store session logs. A copy of the log files is automatically kept on the local server in an internal database.
Note: These procedures apply only to session logs; not to syslog messages.
Follow the below steps:
1) Install MySQL in a server.
Note: Ensure port 3306 is open between PAM and the MySQL Server.
2) Connect to MySQL in the external server and create the database.
mysql> create database <Database Name>;
3) Grant privileges to the db user that is going to connect to the database from PAM:
mysql> GRANT ALL PRIVILEGES ON *.* TO root@'<PAM Hostname>' IDENTIFIED BY '<your password>' WITH GRANT OPTION;
[OR mysql>GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY '<your password>' WITH GRANT OPTION;][OR mysql>GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES ON <db_name>.* TO <db_username>@'%';
mysql> FLUSH PRIVILEGES;
4) Login to PAM and go to:
5) Click on Update. You should get the following message:
6) Connect to your database and verify that tables get created:
mysql>use <Database Name>;
Eg: my <Database Name> is logpam
Note: This has to be a MySQL server. SQL Server is not compatible.