cancel
Showing results for 
Search instead for 
Did you mean: 

database activity monitor

Jump to solution

Hey there guys,

I need some help. I read through the Product Guide and followed steps to configure DAM 5.1 on EPO 5.0.1. It is running, extensions checked in but not sure how to view the Database Security events. I logged onto the database to see if it generates event but none generated, screenshots attached. The "My Default" policy is enabled so it should be collecting when logging into database, executing queries etc correct?

1 Solution

Accepted Solutions

Re: database activity monitor

Jump to solution

Manage to get it right. Was testing on SQL express which was obviously not supported. deployed sensor to SQL 2008 R2 server, assigned policies to correct group and the DAM events started to show.

6 Replies

Re: database activity monitor

Jump to solution

Any ideas?

Re: database activity monitor

Jump to solution

Ok so I came across "custom rules" in the policy, created duplicate and assigned policy to group. I logged into the database thats being monitored and still no activity. Anybody with DAM knowledge here that can tell me if I am doing this right?

See screenshot below:

rules.PNG

Re: database activity monitor

Jump to solution

I'm afraid this is probably not the right group as this is more about the DAM product than ePO.

I can't find an appropriate group to move this to either - sorry.

Perhaps it'd be better to open a McAfee support call to discuss it ?

Re: database activity monitor

Jump to solution

I can't find anything on communities for DAM, where would be the best place to discuss this?

dcobes
Level 9
Report Inappropriate Content
Message 6 of 7

Re: database activity monitor

Jump to solution

I was not seeing any events either. I enabled the Audit all activity default rule. The rule text just reads:

user CONTAINS ''



This should give you a bunch of logs to help the initial tuning process and see what users/ips/applicaitons are communicating with the database(s).

-d

Re: database activity monitor

Jump to solution

Manage to get it right. Was testing on SQL express which was obviously not supported. deployed sensor to SQL 2008 R2 server, assigned policies to correct group and the DAM events started to show.