Properties of audit files
As Audit process describes, with database server-managed auditing , the database server writes audit records to audit files in an audit trail. This section describes the audit files in more detail.
Location of audit files (UNIX™)
The audit files are located in a directory that you specify with the onaudit utility or the ADTPATH configuration parameter in the $INFORMIXDIR/aaodir/adtcfg UNIX™ file.
If you change the audit path, the change takes effect immediately for all existing sessions. You can use this feature to change the directory when the database server is in online mode, which is useful if the file system that contains the existing audit files becomes full.
Keep the file system that holds the audit trail cleaned out so that ample storage space is always available.
Location of audit files (Windows™)
Windows™ systems provide an event-logging facility as a common repository for logging events and other useful information. The event-logging facility also provides a user interface to filter, view, and back up the information that is stored there.
Applications cannot write to the Windows™ Security Event log, so auditing messages from the database server are now sent to a log file, whose directory path can be specified by using the onaudit utility. The default path name is %INFORMIXDIR%\aaodir.
Any messages that the database server writes to its log file are also written to the Windows™ Application Event log.
Keep the file system that holds the audit trail cleaned out so that ample storage space is always available.
New audit files
The database server creates a new audit file under the following conditions:
- When you initialize the database server
- When you restart the database server after being offline
- When the file reaches a specified size
- When you manually direct the database server to start a new audit file
- When you start database server-managed auditing
When the database server writes an audit record, the database server appends the record to the current audit file. If the database server goes offline and is restarted, it starts a new audit file. The ADTLOG file,$INFORMIXDIR/aaodir/adtlog.server, maintains the number of the audit log currently being used. The number in the ADTLOG file increases by one each time the server restarts, and is used as a starting point when the server checks for and numbers new log files. The server still checks if the file with the name dbservername.number already exists in the directory. If the database server detects an existing file, the audit facility does not modify it. The number is increased and the process is repeated until an unused number is found, and the skipped files are reported in the online log file. Informix® creates the ADTLOG file if it does not exist.
Audit file names
No matter how you start a new audit file, it follows the same naming convention.
The naming convention is dbservername.integer, where dbservername is the database server name as defined in the onconfig file, and integer is the next available integer after the number defined in the ADTLOG file. Each server's audit file series starts with 0.
For example, if a new audit
file is started for a database server maple
, and
the last audit record was saved in the file maple.123,
then the next audit file is named maple.124.
If maple.124 already exists, the next available
number is used. The names are unique to a specific audit directory,
so both auditdir1/maple.123 and auditdir2/maple.123 are
acceptable, but writing to a new directory does not change the file
checking and naming that begins with the number in the ADTLOG.
Audit file numbers do not repeat unless you remove audit log files and delete the ADTLOG file.