Fortinet black logo

Handbook (HTML)

Home FortiDB 5.1.14 Handbook (HTML)
5.1.14
5.1.14
5.1.13
5.1.12
5.1.11
5.1.10
5.1.9
5.1.8
5.1.7
5.1.6
5.1.5
5.1.2
5.1.1
5.0.0

Configuring a database query policy

Configuring a database query policy

A database query policies is an alert policy that allows you to query the target database with SQL and save the result as an alert. You do not configure them to generate audit records.

For example, for Microsoft SQL Server databases, create a database query policy with the following SQL Query value:

select @@version

which returns the following result in the alerts:

Microsoft SQL Server 2012 - 11.0.2100.60 (Intel X86) Feb 10 2012 19:13:17 Copyright (c) Microsoft Corporation Express Edition on Windows NT 6.0 <X86> (Build 6002: Service Pack 2) (Hypervisor)

FortiDB runs the database query policy according to a schedule you specify.

To configure a database query policy and add it to a target monitoring configuration
  1. Do one of the following:
    • Go to Policy > DAM Alert Policies.
    • Go to DB Activity Monitoring > Monitoring Management, and then click a target name. Then, click the Alert Policies tab.
  2. In the Data Policies list, select Database Query, and then click Add.
  3. Complete the Policy Info settings. For detailed information about the settings, see Managing DAM policies.
  4. Complete the following settings, which are specific to database query policies:
    5. SQL query Enter the query text.
    Return Records Count Limit

    Enter the maximum number of returned records that FortiDB includes in the alert that this policy generates.

    For example, if you enter 5, the database returns the first 5 records of the table that you queried, which FortiDB displays in the details for the corresponding alert.

    Default value is 1.
    Targets Select the target database to query.
  5. If you are creating the policy using the monitoring configuration for a specific target, you can ensure the policy is added to the configuration by selecting Create new policy group for policy.
  6. To test if the SQL query is valid, click Test.

    If it is valid, the message "Success" is displayed.

  7. Click Save.

    The policy you created is displayed in the data policy list.

  8. Go to DB Activity Monitoring > Monitoring Management, and then click a target name.
  9. On the Alert Policy Groups tab, ensure that a group that includes the database query policy that you created is selected.

    For example, the policy is added if the Data Policies policy group is selected.

    For more information on adding policies, see Adding policy groups to target database monitoring.

  10. Click the Query Schedule tab, select Enable Schedule for Database Query Policy, and then use the following settings to specify a schedule:
    11. Schedule type Specify Run Once or Recurring.
    Starts at Specify a start time and date for the policy.
    Recurrence pattern

    Specify at what interval FortiDB runs the policy. For example, select Weekly, and then select a day of the week.

    Displayed only when Recurring is selected.
    Ends by

    Specify No end date or select a date.

    Displayed only when Recurring is selected.
  11. Click Save.
Previous
Next

Configuring a database query policy

A database query policies is an alert policy that allows you to query the target database with SQL and save the result as an alert. You do not configure them to generate audit records.

For example, for Microsoft SQL Server databases, create a database query policy with the following SQL Query value:

select @@version

which returns the following result in the alerts:

Microsoft SQL Server 2012 - 11.0.2100.60 (Intel X86) Feb 10 2012 19:13:17 Copyright (c) Microsoft Corporation Express Edition on Windows NT 6.0 <X86> (Build 6002: Service Pack 2) (Hypervisor)

FortiDB runs the database query policy according to a schedule you specify.

To configure a database query policy and add it to a target monitoring configuration
  1. Do one of the following:
    • Go to Policy > DAM Alert Policies.
    • Go to DB Activity Monitoring > Monitoring Management, and then click a target name. Then, click the Alert Policies tab.
  2. In the Data Policies list, select Database Query, and then click Add.
  3. Complete the Policy Info settings. For detailed information about the settings, see Managing DAM policies.
  4. Complete the following settings, which are specific to database query policies:
    5. SQL query Enter the query text.
    Return Records Count Limit

    Enter the maximum number of returned records that FortiDB includes in the alert that this policy generates.

    For example, if you enter 5, the database returns the first 5 records of the table that you queried, which FortiDB displays in the details for the corresponding alert.

    Default value is 1.
    Targets Select the target database to query.
  5. If you are creating the policy using the monitoring configuration for a specific target, you can ensure the policy is added to the configuration by selecting Create new policy group for policy.
  6. To test if the SQL query is valid, click Test.

    If it is valid, the message "Success" is displayed.

  7. Click Save.

    The policy you created is displayed in the data policy list.

  8. Go to DB Activity Monitoring > Monitoring Management, and then click a target name.
  9. On the Alert Policy Groups tab, ensure that a group that includes the database query policy that you created is selected.

    For example, the policy is added if the Data Policies policy group is selected.

    For more information on adding policies, see Adding policy groups to target database monitoring.

  10. Click the Query Schedule tab, select Enable Schedule for Database Query Policy, and then use the following settings to specify a schedule:
    11. Schedule type Specify Run Once or Recurring.
    Starts at Specify a start time and date for the policy.
    Recurrence pattern

    Specify at what interval FortiDB runs the policy. For example, select Weekly, and then select a day of the week.

    Displayed only when Recurring is selected.
    Ends by

    Specify No end date or select a date.

    Displayed only when Recurring is selected.
  11. Click Save.
Previous
Next