Create the audit store database

If you selected the Launch Add Audit Store Database Wizard check box at the end of the Launch Add Audit Store Wizard, the Add Audit Store Database Wizard opens automatically. You can also open the wizard at any time from the Audit Manager console by expanding an audit store, right-clicking the Databases node, and choosing Add Audit Store Database.

To create the first audit store database:

  1. Type a display name for the audit store database, then click Next.

    The default name is based on the name of the audit store and the date the database is created.

  2. Select the option to create a new database and verify that the SQL Server computer name, instance name, and database name are correct.

    The default database name is the same as the display name. You can change the database name to be different from the display name, if you want to use another name.

    If the server does not use the default TCP port, specify the port number as part of the server name. For example, if the port number is 1234, the server name would be similar to ACME\BOSTON,1234.

    When entering the SQL Server host computer name, note that you can enter either the server short name (which is automatically resolved to its fully qualified domain name, or FQDN) or the actual server FQDN or the CNAME alias for the server.

    If the database is an Amazon RDS SQL Server:

    1. Select the This is an Amazon RDS SQL Server option.
    2. In the Server Name field, enter the RDS SQL Server database instance endpoint name used for Kerberos authentication.

      For example, if the database host name is northwest1 and the domain name is sales.acme.com, then the endpoint name would be northwest1.sales.acme.com.

    Click Options to enter additional connection string parameters or to enable data integrity checking.

    • You can enable or disable data integrity checking once, when you create the audit store database. To change the state, you must rotate to a new audit store database.

Connecting to SQL Server on a remote computer

To create an audit store database on a remote computer, there must be a one-way or two-way trust between the domain of the computer on which you are running the Add Audit Database wizard and the domain of the computer hosting SQL Server. The Active Directory user account that you used to log on to the computer where the Audit Manager is installed must be in a domain trusted by the computer running SQL Server. If there is no trust relationship, you must log on using an account in the same domain as the computer running SQL Server. If you are accessing the computer running SQL Server remotely, you can use the Run As command to change your credentials on the computer from which you are running the wizard.

Verify network connectivity

The computer hosting the SQL Server database for the active audit store server be online and accessible from the Audit Manager console and from the clients in the Active Directory site or the subnet segments you have defined for the audit store. You should verify that there are no network connectivity issues between the computers that will host collectors and those hosting the SQL Server databases.

How to create the database without system administrator privileges

If you do not have system administrator privileges, the wizard prompts you to specify another set of credentials or generate SQL scripts to give to a database administrator. If you don’t have database administrator credentials or a database administrator immediately available who can enter the credentials for you, you should generate the scripts, then follow the prompts displayed to exit the wizard.

To add the database to the audit store after you have generated the scripts:

  1. Send the scripts to a database administrator with a service or change control request.

    Note:   You should notify the database administrator that the scripts must be run in the proper sequence and not modified in any way. Changes to the scripts could render the database unusable.

  2. After the database administrator creates the database using the scripts, open the Audit Manager console.

  3. Expand the installation node, then expand Audit Stores and the specific audit store you for which you want a new database.

  4. Select Databases, right-click, then click Add Audit Store Database. For example:

  5. Type a display name for the audit store database, then click Next.

  6. Select Use an existing database and select the database that the database administrator created for you.

    Because this is the first audit store database, you also want to make it the active database. This option is selected by default. If you are creating the database for future use and don’t want to use it immediately, you can deselect the Set as active database option.

    If the server does not use the default TCP port, specify the port number as part of the server name. For example, if the port number is 1234, the server name would be similar to ACME\BOSTON,1234.

The installation, management database, and first audit store database are now ready to start receiving user session activity. Next, you should install the collectors and, finally, the agents to complete the deployment of the audit and monitoring service infrastructure.