Adding one or more masks using an input file
About this task
To add one or more masks by using an input file:
Procedure
Use the onaudit utility to add one or
more masks to the mask table with instructions from a file that has
the same format as the output of
onaudit -o
.
The following command reads a file in /work/audit_up and
adds audit masks to the mask table according to the instructions in
that file:
onaudit -f /work/audit_up
The
following code block shows an example of an input file. The syntax
for the input file is explained in The onaudit utility: Configure audit masks.
kickt _secure1
jacks - +ADCK,SRDRW,GRDB,OPDB
pat _secure2 +ALTB -CRTB,CRIX,STSN
jaym -
johns akee -SALIX
The preceding example input file provides the following information:
- In the first line, the instructions specify auditing for user
kickt
in the new template_secure1
. - The second line creates a new mask called
jacks
, which contains the events Add Chunk (ADCK
), successful attempts at Read Row (SRDRW
), and all attempts at Grant Database Access (GRDB
) and Open Database (OPDB
). - In the third line, the user
pat
is audited for all events that are specified in the template_secure2
, and also for all attempts at Alter Table (ALTB
), but not for attempts at Create Table (CRTB
), Create Index (CRIX
), and Start New Session (STSN
). - No template is specified for the target mask
jaym
in the fourth line, and no events are indicated; the mask is empty. (This prevents the _default mask from being applied tojaym
.) - In the fifth line, the target mask
johns
audits the same events as the maskakee
, minus all successful attempts at Alter Index (SALIX
).
Important: Future changes to a base mask are not
reflected in other masks that might have been created or modified
with that mask as a base.
An example of an audit mask input file, adtmasks.std, is provided in the $ONEDB_HOME/aaodir UNIX™ directory or in the %ONEDB_HOME%\aaodir Windows™ directory. The adtmasks.std file is intended only to serve as a guide to the DBSSO for how to set up an audit mask.
Audit masks do not work the same way as audit configuration parameters during initialization of the database server. (See The ADTCFG file.) Specifically, audit masks are not automatically read from a file and initialized.