Secure-auditing facility
Auditing creates a record of selected activities that users perform. An audit administrator who analyzes the audit trail can use these records for the following purposes:
In
- To detect unusual or suspicious user actions and identify the specific users who performed those actions
- To detect unauthorized access attempts
- To assess potential security damage
- To provide evidence in investigations, if necessary
- To provide a passive deterrent against unwanted activities, as long as users know that their actions might be audited
You cannot use auditing to track transactions to reconstruct a database. The database server has archive and backup facilities for that purpose. The HCL OneDB™ Backup and Restore Guide explains these facilities.
Audit to Syslog facility (ASL)
In the classic auditing of OneDB, audit log records are written to numbered files on the local file system. While the classic auditing continues to be supported, the audit subsystem for OneDB on Unix-based systems has been modified to allow audit records to be sent to the syslog daemon, which can be configured to handle the messages in many different ways. Different systems have different syslog daemons with different capabilities and different ways of configuring them. To use ASL auditing, new options have been provided in onaudit and onshowaudit and new audit configuration parameters are introduced in the audit configuration file.
POSIX Syslog
The basic functionality used by OneDB is defined by the POSIX standard. POSIX defines four functions — openlog(), syslog(), closelog(), and setlogmask() and one header <syslog.h>. POSIX does not define the behaviour or configuration of the syslog daemon itself; it only requires the functions (primarily syslog()) to report messages.
For more information, see onaudit utility, onshowaudit utility , and the audit configuration file.