Oracle® Healthcare Master Person Index Working With IHE Profiles Release 1.1 Part Number E18591-01 |
|
|
View PDF |
The Audit Record Repository (ARR), which includes an audit server and an audit repository, is part of the Internet Protocol Suite that deals with the transmission of data. Specifically related to OHMPI and the IHE Profiles Application, ARR provides secure transmission and auditing for healthcare application systems. The major components of the Audit Record Repository include:
Audit Trail and Node Authentication (ATNA) Integration Profile
which is built on top of the following:
Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications
The Syslog Protocol
Transmission of Syslog Messages over Transport Layer Security (TLS)
Transmission of Syslog Messages over User Datagram Protocol (UDP)
Note:
The above links open documents that deal with the Internet Protocol Suite, specifically "Internet Official Protocol Standards" (STD1) as related to ARR. They provide critical technical information about secure transmission of data over the internet, including node authentication and an audit trail. It is recommended that you read them.This chapter includes the following sections:
When you install the runtime (GlassFish) using the OHMPI Installer, ARR is installed in a directory named arr at the same directory level as GlassFish. This installation is automatic and requires no user intervention.
You run ARR from the command line using the Audit Record Repository command line script:
For Windows: arr.bat
For any of the UNIX platforms: arr.sh
For help using the command line script, type > arr -help
.
usage: arr -propertyfile
<propertyfile> -command
<command> <...args>
CTRL^C
to stop the server).
create-tables
Creates the required ARR database tables and sequences.
Options
-arr.persistence_unit_name
The name of the javax persistence unit defined in persistence.xml
.
-arr.jdbc_driver
The JDBC database driver type, for example:
- MySQL: com.mysql.jdbc.Driver
- Oracle: oracle.jdbc.OracleDriver
-arr.jdbc_url
The JDBC database url.
-arr.jdbc_username
The JDBC database username.
-arr.jdbc_password
The JDBC database password.
drop-and-create-tables
Drops and recreates the ARR database tables and sequences.
Options
-arr.persistence_unit_name
The name of the javax persistence unit defined in persistence.xml
.
-arr.jdbc_driver
The JDBC database driver type, for example:
- MySQL: com.mysql.jdbc.Driver
- Oracle: oracle.jdbc.OracleDriver
-arr.jdbc_url
The JDBC database url.
-arr.jdbc_username
The JDBC database username.
-arr.jdbc_password
The JDBC database password.
parse-audit-msg
Tests the validity of an audit message.
Options
-arr.input_file
A file containing an audit message.
parse-syslog-msg
Tests the validity of a syslog message.
Options
-arr.input_file
A file containing a syslog message.
send-tls-msg
Sends a syslog message to an ARR supporting TLS.
Options
-arr.input_file
A file containing a syslog message.
-arr.hostname
The hostname of the syslog server.
-arr.port
The port of the syslog server.
-arr.keystore
The client keystore.
-arr.keystore_password
The client keystore password.
-arr.truststore
The client truststore.
-arr.truststore_password
The client truststore password.
-arr.keymanager_keystore_password
The client keymanager keystore password.
send-udp-msg
Sends a syslog message to ARR supporting UDP.
Options
-arr.input_file
A file containing a syslog message.
-arr.hostname
The hostname of the syslog server.
-arr.port
The port of the syslog server.
start-tls-server
Starts a TLS ARR running on a given port.
Options
-arr.port
The port to listen on (6514 is the standard port for syslog over TLS).
-arr.persistence_unit_name
The name of the javax persistence unit defined in persistence.xml
.
-arr.jdbc_driver
The JDBC database driver type, for example:
- MySQL: com.mysql.jdbc.Driver
- Oracle: oracle.jdbc.OracleDriver
-arr.jdbc_url
The JDBC database url.
-arr.jdbc_username
The JDBC database username.
-arr.jdbc_password
The JDBC database password.
-arr.keystore
The server keystore.
-arr.keystore_password
The server keystore password.
-arr.truststore
The server truststore.
-arr.truststore_password
The server truststore password.
-arr.keymanager_keystore_password
The server keymanager keystore password.
start-udp-server
Starts an UDP ARR running on a given port.
Options
-arr.port
The port to listen on (514 is the standard port for syslog over UDP).
-arr.persistence_unit_name
The name of the javax persistence unit defined in persistence.xml
.
-arr.jdbc_driver
The JDBC database driver type, for example:
- MySQL: com.mysql.jdbc.Driver
- Oracle: oracle.jdbc.OracleDriver
-arr.jdbc_url
The JDBC database url.
-arr.jdbc_username
The JDBC database username.
-arr.jdbc_password
The JDBC database password.
create-tables
> arr
-propertyfile arr.properties -command
create-tables
drop-and-create-tables
> arr
-propertyfile arr.properties -command
drop-and-create-tables
parse-audit-msg
> arr
-propertyfile arr.properties -command
parse-audit-msg -arr.input_file test_audit_msg.txt
parse-syslog-msg
> arr
-propertyfile arr.properties -command
parse-syslog-msg -arr.input_file test_syslog_msg.txt
send-tls-msg
> arr
-propertyfile arr.properties -command
send-tls-msg -arr.hostname localhost -arr.input_file test_syslog_msg.tx
t
send-udp-msg
> arr
-propertyfile arr.properties -command
send-udp-msg -arr.hostname localhost -arr.input_file test_syslog_msg.txt
start-tls-server
> arr
-propertyfile arr.properties -command
start-tls-server
start-udp-server
> arr
-propertyfile arr.properties -command
start-udp-server
arr.persistence_unit_name=jpaarr.jdbc_driver=com.mysql.jdbc.Driverarr.jdbc_url=jdbc:mysql://localhost:3306/arrarr.jdbc_username=arruserarr.jdbc_password=arrpassarr.port=514arr.keystore=keystore/arr_keystore.jksarr.keystore_password=changeitarr.truststore=keystore/arr_truststore.jksarr.truststore_password=changeitarr.keymanager_keystore_password=changeit
arr.persistence_unit_name=jpaarr.jdbc_driver=oracle.jdbc.OracleDriverarr.jdbc_url=jdbc:oracle:thin:@localhost:1521:XEarr.jdbc_username=arruserarr.jdbc_password=arrpassarr.port=514arr.keystore=keystore/arr_keystore.jksarr.keystore_password=changeitarr.truststore=keystore/arr_truststore.jksarr.truststore_password=changeitarr.keymanager_keystore_password=changeit
In order for the IHE Profiles Application to send audit records to the Audit Record Repository Server, you have to properly configure an OHMPI audit client. The OHMPI audit client's configuration file is named by ohmpi-audit-client.properties
. Depending on the type of the Application Server, this property file's location is different. For GlassFish, this property file is under <GlassFish>
\lib
; for WebLogic, this file is under domains\
<domain_name>
\lib
.
There are two properties defined in ohmpi-audit-client.properties
: auditHost
and auditPort
. They are the host name and port number of the ARR server, respectively. The default value for auditHost
is localhost, and it needs to match wherever the ARR server is running. The default value for auditPort
is 514, and it needs to match the value of arr.port
defined in arr\bin\arr.properties
.