![]() |
![]() |
|
|
![]() |
![]() |
ALLBASE/SQL Database Administration Guide: HP 9000 Computer Systems > Chapter 4 DBEnvironment Configuration and Security![]() Creating Audit DBEnvironments |
|
Audit functionality is a group of statements and statement parameters that allows you to generate audit log records. Audit log records contain partition information that allows you to group log records for analysis with the Audit Tool. Some types of database operations you might analyze are INSERT, UPDATE, or DELETE operations, perhaps for security reasons. Audit log records contain identifiers such as table names in contrast to non-audit database log records which contain identifiers such as page references and data. When audit logging is enabled, these audit log records are generated in addition to non-audit database log records. You can use the Audit Tool, described in the section "Using the Audit Tool," to audit these log records. Audit DBEnvironments are defined by specifying audit parameters in the START DBE NEW or START DBE NEWLOG statement. The six parameters used to make a DBEnvironment an audit DBEnvironment are listed below. One of the six, the AUDIT LOG parameter, causes the other five audit parameters to be in effect. None of the five parameters is in effect unless you specify AUDIT LOG.
Audit elements are prioritized in a simple hierarchy where the following assumptions exist:
See the syntax for the START DBE NEW and START DBE NEWLOG statements in the "SQL Statements" chapter of the ALLBASE/SQL Reference Manual for information on how to specify audit DBEnvironment parameters. The following examples show how to create a DBEnvironment, load it, and then enable audit logging. First, create the DBEnvironment with a temporary log named TempLog:
Now you can use START DBE NEWLOG to enable audit logging and audit files:
Now use SQLUtil to create the additional log file that is needed for audit DBEnvironments:
Log files need to be made slightly larger to account for audit log records generated in addition to non-audit log records. Audit log records are generated for all the statement types specified in the AUDIT ELEMENTS parameter, so log files may fill up more quickly with audit logging specified. Audit DBEnvironments require that at least one additional log file be added. This is performed with the SQLUtil ADDLOG command. It is recommended that several additional log files be added because log files will fill up more quickly. When START DBE NEWLOG is executed for an existing audit DBEnvironment, most audit-related parameters not specified remain unchanged. The AUDIT LOG parameter is an exception. If AUDIT LOG is in effect and you execute a START DBE NEWLOG statement to change parameter values without again specifying AUDIT LOG, audit logging is then not in effect. You can disable audit logging for a particular session where you are entering statements that should not generate audit log records. This allows all other sessions to continue to generate audit log records. The following statement is used to disable audit logging for a session:
Audit logging should be enabled again before the session is ended. The following statement is used to enable audit logging:
However, since disabling only lasts for the duration of a session, when the session ends, audit logging is enabled even if you do not explicitly enable it again. |
![]() |
||
![]() |
![]() |
![]() |
|||||||||
|