22.5.2 Actions performed by the auditor

Actions 1 and 2 below are performed periodically, and the remaining actions are performed as needed.

Organization of this subsection
(1) Check the status of the audit trail files
(2) Record data in the audit trail table (data load the audit trail table)
(3) Use the audit trail table
(4) Swap audit trail files
(5) Manipulate the audit trail table
(6) Add and delete audit events
(7) Change the password
(8) Delete the auditor's schema

(1) Check the status of the audit trail files

Check the status of the audit trail files with the pdls -d aud command. Check the following:

For details about the statuses of audit trail files, see 22.6 Operation of audit trail files.

(2) Record data in the audit trail table (data load the audit trail table)

Record data (the output audit trail) in the audit trail table. Use the database load utility (pdload command) to load the data into the audit trail table from a data load waiting audit trail file. For details about the data load procedure, see 22.7 Recording data in the audit trail table.

(3) Use the audit trail table

Use the audit trail table to perform audits. For details about the columns of the audit table, see 22.8 Audit trail table columns.

(4) Swap audit trail files

Use the pdaudswap command to swap audit trail files. For example, to load the data from the current audit trail file to the audit trail table, swap audit trail files with the pdaudswap command and then perform the data load. The current audit trail file cannot be data loaded.

Note
If either of the following conditions is satisfied, the pdaudswap command cannot be executed:
  • There are no swappable audit trail files
  • No audit trail files have been generated

(5) Manipulate the audit trail table

The auditor manipulates the audit trail table. For example, the auditor performs the following actions:

(6) Add and delete audit events

Audit events can be added with CREATE AUDIT. Unnecessary audit events can be deleted with DROP AUDIT.

(7) Change the password

The auditor's password can be changed with GRANT AUDIT. The auditor changes the password.

(8) Delete the auditor's schema

If there is no audit trail table, the auditor's schema can be deleted. The auditor and DBA privilege holders can delete the auditor's schema.