The HiRDB administrator creates audit trail files on a shared disk.
The HiRDB administrator creates audit trail files on a shared disk of the regular unit. During this process, the HiRDB administrator must select a destination disk that is different from the individual servers' shared disks (disks that store individual servers' system log files, synchronization point dump files, and server status files).
If audit trail files are created on a shared disk that corresponds to individual servers, the disk's host is switched when system switchover occurs. Consequently, other running servers within the unit can no longer output audit trails. At the system switchover destination, the audit trail files of the accepting unit are shared.
When system switchover occurs, HiRDB records monitored events in an audit trail file on the shared disk. For details about using audit trail files related to recording of monitored events, see 22.6 Operation of audit trail files.
When system switchover occurs, HiRDB records monitored events in the audit trail file being used by the accepting unit at the switching destination. In this case, operation of audit trail files related to monitored event records is managed centrally by the accepting unit.
For a system that uses the standby-less system switchover (effects distributed) facility, audit trails must be collected at all units.
When system switchover occurs, how the audit trail collection status is inherited depends on whether or not the switched unit stops. If the system at the switching destination is restarted, the status before system switchover occurred is inherited. If the system at the switching destination is started normally, the specification in the pd_audit operand is used.
When system switchover occurs, whether an audit trail is collected depends on the accepting unit's status. Table 25-18 shows whether an audit trail is collected when the standby-less system switchover (effects distributed) facility is used.
Table 25-18 Collection of audit trails when the standby-less system switchover (effects distributed) facility is used
Unit type | Unit status | Accepting unit | |
---|---|---|---|
Collecting | Not collecting | ||
Regular unit | Collecting | Collects | Does not collect |
Not collecting | Collects | Does not collect |
Figure 25-43 shows an example of audit trail collection when the standby-less system switchover (effects distributed) facility is used.
Figure 25-43 Audit trail collection example when the standby-less system switchover (effects distributed) facility is used
The auditor executes the pdload command using an audit trail file as the input information. However, if a factor such as an error caused system switchover, HiRDB will not have correctly collected the audited events that occurred immediately before the system switchover. For this reason, even if the pdload command is executed, it may not be possible to collect the data that existed immediately before system switchover.
The auditor executes the pdload command using the audit trail files of the regular unit and the accepting unit as the input information. The audit trails of a server that has been switched are processed as server information belonging to the accepting unit.
When a factor such as an error caused system switchover, HiRDB will not have correctly collected the audited events that occurred immediately before the system switchover. For this reason, even if the pdload command is executed, it may not be possible to collect the data that existed immediately before system switchover.
Operation after error recovery: Load the audit log using the same method as used before the error occurred.