AuditStoreDatabase Class
Manages AuditStoreDatabase objects.
Syntax
class AuditStoreDatabase
Properties
The AuditStoreDatabase class provides the following properties:
| Property | Description |
|---|---|
| ActiveEndTime property | Gets the end time of a formerly active database. |
| ActiveStartTime property | Gets the start time of an active or formerly active database. |
| AuditServerAccounts property | Gets the list of management database accounts that are allowed to access this audit store. |
| CollectorAccounts property | Gets the list of collector accounts that are allowed to access this audit store. |
| DatabaseName property | Gets the audit store database name. |
| IsActive property | Indicates whether this database is the current active database in the audit store. |
| IsRetired property | Indicates whether this database was formerly the active database and is now retired. |
| Name property (audit store database) | Gets the display name of the audit store database. |
| ServerName property | Gets the Microsoft SQL Server instance name of the audit store database. |
Methods
The AuditStoreDatabase class provides the following methods:
| Method | Description |
|---|---|
| AddAuditServerAccount method | Adds a management database account to the list of accounts allowed to access this audit store database. |
| AddCollectorAccount method | Adds a collector account to the list of accounts allowed to access this audit store database. |
Discussion
An audit store can have multiple databases attached, but only one can be active at a time. This class provides information about any attached database. You can also add an management database or collectors to the list of accounts allowed access to an audit store database. To get information about the audit store, use the AuditStore class.
See also
ActiveEndTime Property
Gets the end time of a formerly active database.
Syntax
DateTime ActiveEndTime {get;}
Return Value
Returns the end time of the database’s active period. If the database was never active or is currently active, the return value is System.DateTime.MinValue (12:00:00 AM).
See also
ActiveStartTime Property
Gets the start time of an active or formerly active database.
Syntax
DateTime ActiveStartTime {get;}
Return Value
Returns the start time of the database’s active period. If the database was never active, the return value is System.DateTime.MinValue (12:00:00 AM).
See also
AuditServerAccounts Property
Gets the list of management database accounts that are allowed to access this audit store.
Syntax
Accounts class AuditServerAccounts {get;}
Return Value
Returns the list of allowed incoming management database accounts.
Discussion
Although most audit installations include only one management database, it’s possible to add more.
See also
CollectorAccounts Property
Gets the list of collector accounts that are allowed to access this audit store.
Syntax
Accounts class CollectorAccounts {get;}
Return Value
Returns the list of allowed incoming collector accounts.
See also
DatabaseName Property
Gets the audit store database name.
Syntax
string DatabaseName {get;}
Return Value
Returns the database name of the audit store database.
Discussion
An audit store can have multiple databases attached, but only one can be active at a time. This property returns the database name of the database.
To get information about the active database attached to the management database, use the AuditServer class.
See also
IsActive Property
Indicates whether this database is the current active database in the audit store.
Syntax
Bool IsActive {get;}
Return Value
Returns true if the database is the current active database in the audit store; otherwise, false.
Discussion
An audit store can have multiple databases attached, but only one can be active at a time.
See also
IsRetired Property
Indicates whether this database was formerly the active database and is now retired.
Syntax
Bool IsRetired {get;}
Return Value
Returns true if the database was formerly the active database for the audit store and is now retired; otherwise, false.
Discussion
An audit store can have multiple databases attached, but only one can be active at a time. Once a database has been retired, it cannot be made active again.
See also
Name Property (Audit Store Database)
Gets the display name of the audit store database.
Syntax
string Name {get;}
Return Value
The display name of the audit store database.
Discussion
The display name of the audit store database is the name used in the Audit Manager console when displaying information about the database.
Example
...
wscript.echo "Changed active database to '" & objAuditStore.ActiveDatabase.Name & "'."
See also
ServerName Property
Gets the Microsoft SQL Server instance name of the audit store database.
Syntax
string ServerName {get;}
Return Value
Returns the Microsoft SQL Server instance name of the audit store database.
Discussion
The SQL Server instance name of the audit store database is the fully qualified domain name of the SQL Server to which the audit store database is attached.
See also
AddAuditServerAccount Method
Adds a management database account to the list of accounts allowed to access this audit store database.
Syntax
void AddAuditServerAccount(
string userName,
bool isWindowsAccount
)
Parameters
Errors
The AddAuditServerAccount method may throw one of the following exceptions:
-
Centrify.DirectAudit.Common.Logic.AuthenticationException if you do not have permission to connect to the Microsoft SQL Server instance or the management database.
-
Centrify.DirectAudit.Common.Logic.ConnectDatabaseException if you cannot connect to the Microsoft SQL Server instance either because the Microsoft SQL Server instance is not running and does not allow remote connections.
-
Centrify.DirectAudit.Common.Logic.UnauthorizedException if you do not have the Manage SQL Login permission on the audit store.
Discussion
When you attach a new database to the audit store, you must set the database to allow access by the management database account. If the management database account is a Windows system account, you must explicitly specify the Windows domain account name in the username parameter. For other Windows accounts and for SQL accounts, you can pass the management database’s Account.UserName property to this method as the user name.
Example
The following code sample first checks each account to see if it’s a Windows system account. If the installation does not use a system account, the code passes the Account.UserName property to the AddAuditServerAccount method as the user name. If the installation uses a system account, it passes the Windows domain account name instead.
...
' Grant permission to management database to access the audit store database
SET objAuditServers = objInstallation.AuditServers
FOR EACH objAuditServer IN objAuditServers
SET objAuditServerAccount = objAuditServer.OutgoingAccount
IF NOT objAuditServerAccount.IsSystemAccount THEN
objAuditStoreDatabase.AddAuditServerAccount & _
objAuditServerAccount.UserName, & _
objAuditServerAccount.IsWindowsAccount
wscript.echo "Added management database account '" & objAuditServerAccount.UserName & "'."
ELSE
'Add management database accounts for those management databases running in
' system account; e.g. NT Authority/Network Service
'
DIM strAuditServerAccount
DIM isAuditServerWindowsAccount
isAuditServerWindowsAccount = true
strAuditServerAccount = "DOMAIN\MACHINE$"
objAuditStoreDatabase.AddAuditServerAccount strAuditServerAccount, & _
isAuditServerWindowsAccount
wscript.echo "Added management database account '" & strAuditServerAccount & "'."
END IF
NEXT
See also
AddCollectorAccount Method
Adds a collector account to the list of accounts allowed to access this audit store database.
Syntax
void AddCollectorAccount(
string userName,
)
Parameters
Errors
The AddCollectorAccount method may throw one of the following exceptions:
-
Centrify.DirectAudit.Common.Logic.AuthenticationException if you do not have permission to connect to the Microsoft SQL Server instance or the management database.
-
Centrify.DirectAudit.Common.Logic.ConnectDatabaseException if you cannot connect to the Microsoft SQL Server instance either because the Microsoft SQL Server instance is not running and does not allow remote connections.
-
Centrify.DirectAudit.Common.Logic.UnauthorizedException if you do not have the Manage SQL Login permission on the audit store.
Discussion
When you attach a new database to the audit store, you must set the database to allow access by each collector account that passes data to that audit store. You can pass the collector’s Account.UserName property to this method as the user name.
Example
The following code sample illustrates using AuditStoreDatabase.AddCollectorAccount in a script:
...
' Copy Collector accounts from current active Audit Store database
SET objCollectorAccounts = objActiveDatabase.CollectorAccounts
FOR EACH objCollectorAccount IN objCollectorAccounts
objAuditStoreDatabase.AddCollectorAccount objCollectorAccount.UserName
wscript.echo "Added Collector account '" & objCollectorAccount.UserName & "'."
NEXT
