22.4.1 Security audit facility operand specifications

Executor: HiRDB administrator

Table 22-10 lists the operands that can be specified for using the security audit facility.

Table 22-10 Operands specified for using the security audit facility

OperandExplanation
pd_auditSpecifies whether or not collection of an audit trail is to start from the time HiRDB starts:
Y: Collect an audit trail from the time of HiRDB startup.
N: Do not start collecting an audit trail at the time HiRDB starts.
Even if N is specified in this operand, an audit trail can be collected by executing the pdaudbegin command.
If Y is specified in the pd_audit operand, or if the pdaudbegin command is executed, audit trails for the following events are collected unconditionally:
  • System administrator security events
  • Auditor security events
For other events, use CREATE AUDIT to specify whether an audit trail is to be collected. For details, see 22.4.4 Audit event definition.
pd_aud_file_nameSpecifies the HiRDB file system area to be used for the audit trail files. HiRDB creates the audit trail files in this HiRDB file system area. This operand must be specified when the security audit facility is used. If it is not specified, the security audit facility cannot be used.
When this operand is specified, HiRDB will not start if an access error occurs in the HiRDB file system area for the audit trail files during startup of HiRDB (or unit for a HiRDB/Parallel Server).
pd_aud_max_generation_sizeSpecifies the maximum size of an audit trail file.
pd_aud_max_generation_num*Specifies the maximum number of audit trail file generations to be created in the HiRDB file system area for audit trail files.
pd_aud_no_standby_file_oprSpecifies the processing when there are no available swappable audit trail files:
down:
When there is one or fewer swappable audit trail files available, HiRDB (or unit for a HiRDB/Parallel Server) is to be terminated forcibly.
forcewrite (default):
When there are no swappable audit trail files available, a data load waiting audit trail file (excluding files in shutdown status) is to be forcibly made the swap target so that audit trail output will continue. For details about the status of audit trail files, see 22.6 Operation of audit trail files.
pd_aud_async_buff_sizeSpecifies the buffer length to be used when the audit trail is output asynchronously.
pd_aud_async_buff_countSpecifies the number of buffers to be used when the audit trail is output asynchronously.
pd_aud_async_buff_retry_intvlSpecifies the interval at which buffer monitoring is to be retried until an unused buffer is allocated when all the buffers used for asynchronous output of an audit trail are in use.
pd_aud_file_wrn_pntSpecifies that a warning message is to be output when the number of unswappable audit trail files reaches a warning level. Specify for the warning value a value that is less than the maximum number of audit trail file generations specified in the pd_aud_max_generation_num operand.
* Specify the value of the pd_aud_max_generation_num operand so that it satisfies the following condition:
  • Value of pd_aud_max_generation_num < value of pdfmkfs command's -l option
The -l option specifies the maximum number of files to be created in the HiRDB file system area used for the audit trail files, which is discussed later. If the value of the operand is specified so that this condition is satisfied, then if swappable files cannot be prepared immediately, you will be able to increase the value of the pd_aud_max_generation_num operand. Figure 22-4 shows the recommended specification.

Figure 22-4 Recommended relationship between the value of pd_aud_max_generation_num and the -l option

[Figure]