Adding one or more masks using an input file

About this task

To add one or more masks by using an input file:

Procedure

Use the onaudit utility to add one or more masks to the mask table with instructions from a file that has the same format as the output of onaudit -o.
The following command reads a file in /work/audit_up and adds audit masks to the mask table according to the instructions in that file:
onaudit -f /work/audit_up
The following code block shows an example of an input file. The syntax for the input file is explained in The onaudit utility: Configure audit masks.
kickt         _secure1
jacks         -         +ADCK,SRDRW,GRDB,OPDB
pat         _secure2          +ALTB -CRTB,CRIX,STSN
jaym         -
johns         akee         -SALIX

The preceding example input file provides the following information:

  • In the first line, the instructions specify auditing for user kickt in the new template _secure1.
  • The second line creates a new mask called jacks, which contains the events Add Chunk (ADCK), successful attempts at Read Row (SRDRW), and all attempts at Grant Database Access (GRDB) and Open Database (OPDB).
  • In the third line, the user pat is audited for all events that are specified in the template _secure2, and also for all attempts at Alter Table (ALTB), but not for attempts at Create Table (CRTB), Create Index (CRIX), and Start New Session (STSN).
  • No template is specified for the target mask jaym in the fourth line, and no events are indicated; the mask is empty. (This prevents the _default mask from being applied to jaym.)
  • In the fifth line, the target mask johns audits the same events as the mask akee, minus all successful attempts at Alter Index (SALIX).
Important: Future changes to a base mask are not reflected in other masks that might have been created or modified with that mask as a base.

An example of an audit mask input file, adtmasks.std, is provided in the $ONEDB_HOME/aaodir UNIX™ directory or in the %ONEDB_HOME%\aaodir Windows™ directory. The adtmasks.std file is intended only to serve as a guide to the DBSSO for how to set up an audit mask.

Audit masks do not work the same way as audit configuration parameters during initialization of the database server. (See The ADTCFG file.) Specifically, audit masks are not automatically read from a file and initialized.