How to add an external MySQL Database to CA PAM

Document ID : KB000015538
Last Modified Date : 30/11/2018
Show Technical Document Details
Introduction:

I would like to configure my session logs in PAM to be administered in an external MySQL server.

 

Question:
  • What is required from my side?
  • How does PAM connect to the database?
  • Do I have to manually create the tables?
  • Is the MYSQL Database going to be installed in the external storage? 
  • How do I install  MYSQL Database in the external storage?
Environment:
CA PAM 2.7.x
CA PAM 2.8.x
CA PAM 3.x
Answer:
  • PAM Appliance is a black box. The MYSQL DB is not installed in PAM. It has to be created in your own environment, in a DB server.
  • To prepare it, it is only necessary to create a new database accordingly. No tables need be created. 
  • When PAM accesses the new MySQL Database for the very first time, it will automatically create the tables.

Follow the below steps:

1) Install MySQL in a server.

Note: Ensure port 3306 is open between PAM and the MySQL Server.

2) Connect to MySQL in the external server and create the database. 

mysql> create database <Database Name>;

3) Grant privileges to the db user that is going to connect to the database from PAM:

mysql> GRANT ALL PRIVILEGES ON *.* TO root@'<PAM Hostname>' IDENTIFIED BY '<your password>' WITH GRANT OPTION;

[OR mysql>GRANT ALL PRIVILEGES ON *.* TO root@'%' IDENTIFIED BY '<your password>' WITH GRANT OPTION;]

mysql> FLUSH PRIVILEGES;

4) Login to PAM and go to:

  • 2.x:  Config>>Logs
LogBDMysqlJPG.JPG
  • 3.x: Configuration>>Logs>>External Log Server
User-added image
  • Configure the External Log Server by checking the "Enable logging to the external server" checkbox.
  • Enter the server IP where the DB is connected, port and credentials.

5) Click on Update. You should get the following message:

SuccessfullLogDB.JPG

6) Connect to your database and verify that tables get created:

mysql>use <Database Name>; 

mysql>show tables;

Eg: my <Database Name> is logpam

mysqlDBLogsTable.JPG

Additional Information:
Note: This has to be a MySQL server. SQL Server is not compatible.
  • 2.x: https://docops.ca.com/ca-privileged-access-manager/2-8/EN/reference/web-gui/toolbar/config/logs#Logs-ExternalLogServer
PAM DB Version 2.8.3:
mysql  Ver 14.14 Distrib 5.1.58, for debian-linux-gnu (i486) using readline 5.2
Current pager:          stdout
Using outfile:          ''
Using delimiter:        ;
Server version:         5.1.58-1~dotdeb.0-log (Debian)
Protocol version:       10
Server characterset:    utf8
Db     characterset:    utf8
Client characterset:    utf8
Conn.  characterset:    utf8
 
  • 3.x: https://docops.ca.com/ca-privileged-access-manager/3-0/EN/implementing/configure-your-server/logging-server-activity/configure-an-external-database-for-session-logs-optional/

PAM DB Version 3.x:
mysql Ver 14.14 Distrib 5.7.21, for Linux (x86_64) using EditLine wrapper 
Current pager: stdout 
Using outfile: '' 
Using delimiter: ; 
Server version: 5.7.21-log MySQL Commercial Server (Advanced) 
Protocol version: 10 
Server characterset: utf8mb4 
Db characterset: utf8mb4 
Client characterset: utf8mb4 
Conn. characterset: utf8mb4