Audit instructions
An audit administrator sets the audit instructions that the database server performs. The administrator must set an amount of auditing that is comprehensive enough to prove useful but not so exhaustive that it adversely affects system resources. When role separation exists, the DBSSO creates audit masks and the AAO configures mandatory auditing for the DBSA and the DBSSO. You can find advice on how to set the audit instructions in A Guide to Understanding Audit in Trusted Systems (published by the National Computer Security Center, NCSC-TG-001, June 1988).
This section suggests how to choose events to audit, how to set the audit instructions, and how the choices affect performance. For details of how to create and modify audit masks, see Audit administration.
All the audit masks that the database server uses are stored in the system-monitoring interface (SMI) sysaudit table in the sysmaster database. The masks are updated automatically when the database server is upgraded to a newer version. Although information stored in the sysmaster database is available through SQL, you must use the onaudit utility for all audit-mask creation and maintenance. (See The onaudit utility: Configure audit masks.) Also, see the description of the sysmaster database in the Informix® Administrator's Reference.