I would like to configure my session logs in PAM to be administered in an external MySQL server.
CA PAM 3.x.x -- This is an EOL/EOS Version, still part of this article for reference only.
CA PAM 4.2.x
This is for enabling the Symantec PAM Administrators to configure an external MySQL database to store session logs. A copy of the log files is automatically kept on the local server in an internal database.
Note: These procedures apply only to session logs; not to syslog messages.
Follow the below steps:
1) Install MySQL in a external server.
Note: Ensure port 3306 is open between PAM and the MySQL Server.
2) Connect to MySQL in the external server and create the database.
mysql> create database <db_name> DEFAULT CHARACTER SET utf8mb4 DEFAULT COLLATE utf8mb4_unicode_ci;
3) Create the DB user that PAM uses to access this database:
mysql> create user '<db_username>'@'%' IDENTIFIED WITH mysql_native_password BY '<db_password>';
Where:
4) Grant privileges to the db_username that is going to connect to the database from PAM:
mysql> GRANT ALL PRIVILEGES ON *.* TO db_username@'<PAM Hostname>' IDENTIFIED BY '<your password>' WITH GRANT OPTION;
[OR mysql>GRANT ALL PRIVILEGES ON *.* TO db_username@'%' IDENTIFIED BY '<db_password>' WITH GRANT OPTION;]
[OR mysql>GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, REFERENCES ON <db_name>.* TO <db_username>@'%';
FLUSH PRIVILEGES;]
The last "GRANT" is more specific with respect the privileges that are granted to the user for the Database that is created.
mysql> FLUSH PRIVILEGES;
5) Login to PAM and go to:
5) Click on Update. You should get the following message:
Below is the confirmation message from 3.x.x and 4.x.x version
7) Connect to your database and verify that tables get created:
mysql>use <Database Name>;
mysql>show tables;
Eg: my <Database Name> is logpam
Note: This has to be a MySQL server. SQL Server is not compatible.
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-1-2/configuring-your-server/use-logs-to-monitor-operations-and-user-sessions/configure-an-external-mysql-database-for-session-logs-optional.html