Audit trail
Review the audit trail regularly. The database server offers a data-extraction utility, onshowaudit, that you can use to select audit data for specific users or database servers.
After you extract data, you can specify that it be formatted to load into a database for subsequent manipulation with SQL. Audit analysis overview explains this process.
When the database server stops writing to one audit file and begins writing to a different audit file, an event alarm is generated. If you use an alarm program, you can modify it to watch for the new audit event to archive audit records, monitor records, or remove them. See the event alarms documentation in Informix® Administrator's Reference for more information about how to make use of the audit event notification.
Details about the Audit Trail Switch Event Alarm:
- Class ID: 72
- Severity: 2
- Class Message: Audit trail is switched to a new file
- Message: This message is displayed when the database server switches to a new audit trail file.