Adding one or more masks using an input file
About this task
To add one or more masks by using an input file:
Procedure
onaudit -o
.
onaudit -f /work/audit_up
kickt _secure1
jacks - +ADCK,SRDRW,GRDB,OPDB
pat _secure2 +ALTB -CRTB,CRIX,STSN
jaym -
johns akee -SALIX
The preceding example input file provides the following information:
- In the first line, the instructions specify auditing for user
kickt
in the new template_secure1
. - The second line creates a new mask called
jacks
, which contains the events Add Chunk (ADCK
), successful attempts at Read Row (SRDRW
), and all attempts at Grant Database Access (GRDB
) and Open Database (OPDB
). - In the third line, the user
pat
is audited for all events that are specified in the template_secure2
, and also for all attempts at Alter Table (ALTB
), but not for attempts at Create Table (CRTB
), Create Index (CRIX
), and Start New Session (STSN
). - No template is specified for the target mask
jaym
in the fourth line, and no events are indicated; the mask is empty. (This prevents the _default mask from being applied tojaym
.) - In the fifth line, the target mask
johns
audits the same events as the maskakee
, minus all successful attempts at Alter Index (SALIX
).
An example of an audit mask input file, adtmasks.std, is provided in the $ONEDB_HOME/aaodir UNIX™ directory or in the %ONEDB_HOME%\aaodir Windows™ directory. The adtmasks.std file is intended only to serve as a guide to the DBSSO for how to set up an audit mask.
Audit masks do not work the same way as audit configuration parameters during initialization of the database server. (See The ADTCFG file.) Specifically, audit masks are not automatically read from a file and initialized.