How to add an external MySQL Database to CA PAM

Document ID : KB000015538
Last Modified Date : 21/06/2018
Show Technical Document Details
Introduction:

I would like to configure my session logs in PAM to be administered in an external MySQL server.

 

Question:
  • What is required from my side?
  • How does PAM connect to the database?
  • Do I have to manually create the tables?
  • Is the MYSQL Database going to be installed in the external storage? 
  • How do I install  MYSQL Database in the external storage?
Environment:
CA PAM 2.7.x
CA PAM 2.8.x
CA PAM 3.x
Answer:
  • PAM Appliance is a black box. The MYSQL DB is not installed in PAM. It has to be created in your own environment, in a DB server.
  • To prepare it, it is only necessary to create a new database accordingly. No tables need be created. 
  • When PAM accesses the new MySQL Database for the very first time, it will automatically create the tables.

Follow the below steps:

1) Install MySQL in a server.

Note: Ensure port 3306 is open between PAM and the MySQL Server.

2) Connect to MySQL in the external server and create the database. 

mysql> create database <Database Name>;

3) Grant privileges to the db user that is going to connect to the database from PAM:

mysql> GRANT ALL PRIVILEGES ON *.* TO root@'<PAM Hostname>' IDENTIFIED BY '<your password>' WITH GRANT OPTION;

[OR mysql>GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY '<your password>' WITH GRANT OPTION;]

mysql> FLUSH PRIVILEGES;

4) Login to PAM and go to:

  • 2.x:  Config>>Logs
LogBDMysqlJPG.JPG
  • 3.x: Configuration>>Logs>>External Log Server
User-added image
  • Configure the External Log Server by checking the "Enable logging to the external server" checkbox.
  • Enter the server IP where the DB is connected, port and credentials.

5) Click on Update. You should get the following message:

SuccessfullLogDB.JPG

6) Connect to your database and verify that tables get created:

mysql>use <Database Name>; 

mysql>show tables;

Eg: my <Database Name> is logpam

mysqlDBLogsTable.JPG

Additional Information:
Note: This has to be a MySQL server. SQL Server is not compatible.
  • 2.x: https://docops.ca.com/ca-privileged-access-manager/2-8/EN/reference/web-gui/toolbar/config/logs#Logs-ExternalLogServer
  • 3.x: https://docops.ca.com/ca-privileged-access-manager/3-0/EN/implementing/configure-your-server/logging-server-activity/configure-an-external-database-for-session-logs-optional/