FortiDB5.

1
Release Notes

FortiDB 5.1 Release Notes July 31, 2013 Revision 2 Copyright 2012 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, and FortiGuard are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions, and performance may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinets General Counsel, with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.

Technical Documentation Knowledge Base Forums Customer Service & Support Training Services FortiGuard Document Feedback

docs.fortinet.com kb.fortinet.com support.fortinet.com/forums support.fortinet.com training.fortinet.com fortiguard.com techdocs@fortinet.com

Table of contents
Change log ....................................................................................................... 4 Introduction ...................................................................................................... 5
Enhancements .......................................................................................................... 5

Special Notices ................................................................................................ 6

General ............................................................................................................... 6 Supported Platforms and Internal Repositories................................................... 6 Supported Target Databases .............................................................................. 6 Collection Methods for Monitoring ...................................................................... 7 Existing Auditing Data During Upgrade ............................................................... 8 Activity Profiling and Policy Based Activity Auditing ........................................... 8 Compliance functions removed .......................................................................... 8 Internal Database Repository in Sniffing Mode ................................................... 8 How to Setup FortiDB Agents ............................................................................. 9 How to set up FortiDB TCP/IP Sniffer ................................................................. 9 How to set up encoding for displaying data ........................................................ 9 Software Install - Internal Database Repository ................................................ 10 RAID CLI Status Message ................................................................................. 10 Oracle Monitoring with TCP/IP Sniffing ............................................................. 10

Upgrade instructions ..................................................................................... 11

Upgrade from previous versions ....................................................................... 11

Troubleshooting ............................................................................................. 12
Monitoring and Auditing Log ............................................................................. 12

Resolved issues ............................................................................................. 15 Known issues ................................................................................................. 16 Image checksums .......................................................................................... 17

Fortinet Technologies Inc.

FortiDB 5.1 Release Notes

Change log
Date 7/18/13 7/31/13 Change Description Initial release Update to build number

Fortinet Technologies Inc.

FortiDB 5.1 Release Notes

Introduction
This document provides installation instructions and caveats, resolved issues, and known issues for FortiDB 5.1, build 0004. FortiDB provides a database security platform which encompasses Database and Data Discovery, Vulnerability Management, Database Activity Monitoring and Audit, Intrusion Prevention and Compliance Reporting. For additional documentation, please visit: http://docs.fortinet.com/fdb.html

Enhancements
Support for FortiDB-3000D appliance The new FortiDB-3000D is now available replacing the FortiDB-2000B. The FortiDB-3000D is a stronger, faster platform supporting up to 90 databases.

Fortinet Technologies Inc.

FortiDB 5.1 Release Notes

Special Notices
General
Monitor Settings for Web User Interface Access - Fortinet recommends setting your monitor to a screen resolution of 1280x1024. This allows all objects in the Web UI to be viewed properly The following web browsers are supported to properly display the FortiDB GUI: Application FortiDB 5.0 Supported Web Browser Internet Explorer 7.x, 8.x, 9.x Firefox 4.x/5.0

Supported Platforms and Internal Repositories

FortiDB 5.1 supports the following platforms and internal repositories

Supported Platforms
Windows 2003 32-bit, 64-bit Window XP Linux RH4 64-bit, RH5 64-bit Solaris

Supported Internal Repositories

Derby (Shipped with FortiDB) PostgreSQL 8.3 Oracle 10Gr2, Oracle 11G MS SQL Server 2005, 2008 (Windows only)

Supported Target Databases

FortiDB v5.1 supports the following target databases. Before monitoring your target databases (DAM), some settings are required for your target databases. For details how to configure each target database, please see online help: Target Management > Required Settings for Monitoring Target Databases

Application VA

Oracle

MS SQL Server

Sybase

DB2 UDB

MySQL

Oracle 9.2.x Oracle 10gR1

Microsoft SQL
Server 2000
6

Sybase ASE
12.5

DB2 UDB V8 DB2 UDB V9

MySQL 5.1 MySQL 5.5

Fortinet Technologies Inc.

FortiDB 5.1 Release Notes

 Oracle 10gR2 Oracle

11.1.0.x

Microsoft SQL
Server 2005

Sybase ASE
15.0.2

Microsoft SQL
Server 2008

Sybase ASE
15.5

Oracle 11gR2

Microsoft SQL
Server 2008R2

Sybase ASE
15.7

Microsoft SQL
Server 2012 DAM

Oracle 9i Oracle 10gR2 Oracle

11.1.0.x

Microsoft SQL
Server 2000 SP2

Sybase ASE
12.5 (Sniffer only)

DB2 UDB
V9.5

MySQL 5.1
(not supported with sniffer)

DB2 UDB
V9.7

Microsoft SQL
Server 2005 SP2

Sybase ASE
15.0.2

Oracle 11gR2

MySQL 5.5
(not supported with sniffer)

Sybase ASE
15.5

Microsoft SQL
Server 2008 SP2

Sybase ASE
15.7 (MDA only)

Microsoft SQL
Server 2008R2

Microsoft SQL
Server 2012

Collection Methods for Monitoring

FortiDB monitors database activity using collection methods that are customized for each of the target databases supported. Some collection methods require the FortiDB agent to execute on the target database host. This information is listed in the following table. For details about collection methods, please see online help, Choosing a Collection Method.

Target DB Oracle

Target collection methods audit_trail=DB,EXTENDED audit_trail=XML, EXTENDED

FortiDB Collection methods DB, EXTENDED. Agent is not required. XML File Agent. FortiDB agent is required. Please see Running the Oracle XML File Agent (UNIX, Windows) in online help. SGA Agent. FortiDB agent is required. Please see Running the Oracle SGA Agent (Solaris) in online help.
FortiDB 5.1 Release Notes

SGA (for only 10gR2 on Linux 32-bit or Linux 64-bit machines)

Fortinet Technologies Inc.

SPAN/mirror port MS SQL Server Trace file

TCP/IP Sniffer SQL Trace. Agent is not required. For SQL 2000, make sure the following commands are issued before starting monitoring: USE master GO EXEC sp_configure 'show advanced options', 1 GO RECONFIGURE WITH OVERRIDE GO EXEC sp_configure 'xp_cmdshell', 1 GO RECONFIGURE WITH OVERRIDE GO EXEC sp_configure 'show advanced options', 0 GO TCP/IP Sniffer DB2 Agent. FortiDB agent is required. Please see Running the DB2 Agent on Windows and Running the DB2 Agent on UNIX in online help. TCP/IP Sniffer MDA. Agent is not required. TCP/IP Sniffer General Query Log

SPAN/mirror port DB2 DB2 configuration

SPAN/mirror port Sybase MDA SPAN/mirror port MySQL General Query Log

Existing Auditing Data During Upgrade

5.1 Activity Auditing has been replaced with Sniffer Audit Log starting 4.0 MR3. When upgrading to 5.1 the Sniffer Audit Log data is lost. In order to preserve this data run execute backup export old-sniffer-log.

Activity Profiling and Policy Based Activity Auditing

The new features starting MR3 Activity Profiling and Policy Based Activity Auditing can only be used when FortiDB is deployed in Sniffing mode.

Compliance functions removed

The Compliance policies, Compliance audit and Compliance reports were all removed and replaced by SOX and PCI specific items

Internal Database Repository in Sniffing Mode

When deployed in Sniffing mode FortiDB cannot use an external database repository.

Fortinet Technologies Inc.

FortiDB 5.1 Release Notes

How to Setup FortiDB Agents

This section explains how to obtain and set up the Oracle XML File Agent and DB2 Agent. Note: For running the FortiDB agent, Java SE 6 (JDK 6) is required in your target machine.

Downloading the agent file

Please download the latest FortiDB agent in binary mode. Check with Fortinet support for a download location

Setting FortiDB agents

Please refer to the documentation how to setup the agents.

How to set up FortiDB TCP/IP Sniffer

Using the TCP/IP Sniffer method allows collecting database activity without the need to use database native audit or to install agents on the database. Simply configure a SPAN port on the switch and mirror all database traffic to it. Connect one of FortiDBs interfaces to this port and choose this it when configuring the target database in FortiDBs UI. This collection method is only supported in the appliance version.

How to set up encoding for displaying data

Some databases may contain information encoded in a non-English character set. To set up FortiDB to display non-English data, you must perform the following steps: If you are collecting from an agent-based collector, you must set the auditFileEncoding property in the agent.properties file to the encoding that the database is using. In order to generate reports that contain non-English encoded characters, you must set the DAM Report Encoding system property to the encoding you want to use. This property can be accessed by navigating to Administration Global Configuration Reporting in the FortiDB client.

By default, the encoding that is used is UTF-8. In general, any encoding supported by the Java VM is supported by FortiDB, but for exporting PDF reports, the specified encoding (entered in step 2 previously) must map to a supported PDF font. The following encodings are supported by FortiDB for exporting PDF data: Locale Japanese Supported Encodings Shift_JIS SJIS EUC-JP EUC_JP x-EUC-JP-LINUX EUC_JP_LINUX ISO-2022-JP ISO2022JP windows-31j MS932 Cp930 Cp939 Cp942 Cp943 Cp33722
9 FortiDB 5.1 Release Notes

Fortinet Technologies Inc.

Chinese

Korean

Others

x-mswin-936, MS936 GB18030 x-EUC-CN EUC_CN GBK x-windows-950 MS950 x-MS950-HKSCS MS950_HKSCS x-EUC-TW EUC_TW Big5 Big5-HKSCS Cp935 Cp937 Cp948 Cp950 Cp964 ISO2022_CN_CNS ISO2022_CN_GB x-windows-949 MS949 EUC-KR ISO-2022-KR ISO2022KR UTF-8

Please visit http://java.sun.com/javase/6/docs/technotes/guides/intl/encoding.doc.html for additional information about encodings supported by the Java virtual machine.

Software Install - Internal Database Repository

When using the FortiDB software version and choosing Oracle as the internal repository only Oracle 10gR2 or Oracle 11g are supported

RAID CLI Status Message

When running the command get system raid on the FortiDB appliance the following status message is returned- "Raid State: Degraded". This message is harmless and can be safely ignored.

Oracle Monitoring with TCP/IP Sniffing

When deploying FortiDB TCP/IP Sniffing for the first time and monitoring Oracle databases configured in Dedicated mode already existing connections will not be monitored. New connections will need to be initialized.

Fortinet Technologies Inc.

10

FortiDB 5.1 Release Notes

Upgrade instructions
Upgrade from previous versions
Upgrade supported from previous official 4.x releases. Upgrade from 3.x versions is not supported

Fortinet Technologies Inc.

11

FortiDB 5.1 Release Notes

Troubleshooting
Monitoring and Auditing Log
During the Monitoring and Auditing life-cycle, FortiDB may encounter issues in the target database system which alter the way in which that target is monitored (in Native Audit collection method only), or even prevent that target from being monitored. The table below lists the problems that FortiDB may encounter and the log message that will be generated.

Severities
INFORMATIONAL used to describe the general monitoring state (started, reconfigured, stopped). All descriptions notify users of a successfully executed task. CAUTIONARY used to describe issues that users should be aware of, but do not impact the monitoring operation MINOR used to describe configuration issues that impact how monitoring is done, but does not impact the overall monitoring action on a target. Typically, minor errors describe configuration issues, such as the specification of non-existing objects or users in policies, which FortiDB can skip over. MAJOR used to describe changes in the target database that is being monitored. Users should be aware of these changes, and they may need to act on them to adjust how monitoring is done, or they may need to address this issue on the target database. Usually, these errors describe objects being modified or users being deleted from the target database that impact certain policies that are being used for monitoring CRITICAL used to describe errors that prevent FortiDB from monitoring the target database.

Error Types
CONFIGURATION Any issue that occurs when configuring a target with the associated policies. These log entries occur with specific policies (in which case a policy-name is logged), or it may be a general error (in which case n/a is logged for the Policy Name field). PERMISSION Issues having to do with insufficient permissions of the target user. OBJECT_CHANGE When objects are changed on the target database after monitoring has started USER_CHANGE When users are changed on the target database after monitoring has started.

Fortinet Technologies Inc.

12

FortiDB 5.1 Release Notes

Configuration Messages
Message 1 The user <USER> does not exist on <TARGET> Type CONFIGURATION Severity MINOR Description This is a policy-specific error, which signals that a certain user that was specified in the policy does not exist on the target database. This user entry will be skipped when configuring the policy. If all the user entries are skipped, then the policy itself will not be used to monitor the target. This is a policy-specific error, which signals that a certain table that was specified in the policy does not exist on the target database. This object entry will be skipped when configuring the target. . If all the table entries are skipped, then the policy itself will not be used to monitor the target. An unexpected exception was thrown when attempting to configure a target with a specific policy. The error message is the actual exception message. When initializing the Sybase collector, there were insufficient permissions with the FortiDB target user which prevented FortiDB from doing JDBC queries against the target database. No policies were enabled for the target, or if enabled, no objects or users in the policies were configurable for that target.
FortiDB 5.1 Release Notes

The object <DB.SCHEMA.TABLE> does not exist on <TARGET> and will not be monitored on this target.

CONFIGURATION

MINOR

<AgentConfigurationExcept ion Message>

CONFIGURATION

CRITICAL

SQL Exception Message (Sybase Only)

PERMISSION

CRITICAL

No valid policies configured. Monitoring did not start.

CONFIGURATION

CRITICAL

Fortinet Technologies Inc.

13

Monitoring on <Target> successfully Started.

CONFIGURATION

INFORMATIONAL

The Start Monitoring operation was successfully executed on the target. The Stop Monitoring operation was successfully executed on the target. The Reconfigure operation was successfully executed on the target, and the collection state is now consistent with changes made in the UI. A configured object has been removed from the target. Note that this error is only logged when FortiDB is doing target checks at the scheduled times (which can be configured in the Log view). A configured user has been removed from the target. Note that this error is only logged when FortiDB is doing target checks at the scheduled times (which can be configured in the Error Log view). Valid for Oracle DB, EXTENDED. Reports that the queryto get the audit data from the target is taking more than 10 seconds. This typically occurs when sys.aud$ table.has more than 2 million records. It can be a result of an intermittent network delay.

Stopped monitoring on <Target>.

CONFIGURATION

INFORMATIONAL

Reconfigured monitoring settings on <Target>

CONFIGURATION

INFORMATIONAL

The object <DB.SCHEMA.TABLE> has been removed from <Target>.

OBJECT_CHANGE

MAJOR

10

The user <USER> has been removed from <Target>.

USER_CHANGE

MAJOR

11

Excessive Time :<time> seconds to execute audit data query. The audit table for: <targetname> should be truncated.

COLLECTION

MAJOR

Fortinet Technologies Inc.

14

FortiDB 5.1 Release Notes

Resolved issues
The resolved issues listed below do not list every bug that has been corrected with this release. For inquires about a particular bug, please contact Fortinet Customer Service & Support. Table 1: Resolved issues Bug ID Description

Fortinet Technologies Inc.

15

FortiDB 5.1 Release Notes

Known issues
This section lists the known issues of this release, but is not a complete list. For inquires about a particular bug, please contact Fortinet Customer Service & Support. Table 2: Known issues Bug ID 0205469 0192079 0205312 0204071 0205309 0205307 0204375 Description Generate Policy: can't support MSSQL using sniffer based data collection There is an error when importing DAM policies Cannot enable or disable specific policies SOX Report: Wrong filters after exact steps Internal error when importing a policy with an invalid attribute SOX report Verification of Audit Settings has no data in sniffer mode Generate Policy: the value is incorrect in the generated user policy for MSSQL PCI Policy: cant use db user for MSSQL Generate Policy: Does not work for DB2 The return code is incorrect in the details of the alerts

0204211 0204192 0204070

Fortinet Technologies Inc.

16

FortiDB 5.1 Release Notes

Image checksums
To verify the integrity of the firmware file, use a checksum tool and compute the firmware files MD5 checksum. Compare it with the checksum indicated by Fortinet. If the checksums match, the file is intact. MD5 checksums for Fortinet software and firmware releases are available from Fortinet Customer Service & Support. After logging in to the web site, go to Download > Firmware Image Checksums. In the File Name field, enter the firmware image file name including its extension, then click Get Checksum Code.

Figure 1: Customer Service & Support image checksum tool

Fortinet Technologies Inc.

17

FortiDB 5.1 Release Notes