For details about how to use the security audit facility, see the HiRDB Version 9 System Operation Guide.
- 46) pd_audit = Y | N
- Specifies whether to begin collecting an audit trail when HiRDB (or a unit for a HiRDB parallel server configuration) is started.
- Y: Begins collecting an audit trail when HiRDB is started.
- N: Does not begin collecting an audit trail when HiRDB is started.
- Even if N is specified for this operand, you can still collect an audit trail by executing the pdaudbegin command.
- Conditions
- All of the following conditions must be satisfied. If Y is specified when all of these conditions are not satisfied, HiRDB (or a unit for a HiRDB parallel server configuration) cannot be started.
- A HiRDB file system area has been created for an audit trail file.
- The name of the HiRDB file system for the audit trail file is specified for the pd_aud_file_name operand.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is N.
- 47) pd_aud_file_name = HiRDB-file-system-area-name-for-audit-trail-file
- ~<path name>((up to 150 characters))
- This operand is required if you use the security audit facility. If you do not specify this operand, you cannot use the security audit facility.
- Specify an absolute path name for the name of the HiRDB file system area for an audit trail file.
- When you use the security audit facility in a HiRDB parallel server configuration, we recommend that you acquire an audit trail for the entire system. To do so, specify one of the following:
- pd_aud_file_name operand in the system common definition
- pd_aud_file_name operand in each unit control information definition
- In system configurations that run multiple units on a single server machine, the pd_aud_file_name operand must be specified in all the unit control information definitions.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed.
- Notes
- When this operand is specified, HiRDB (or a unit for a HiRDB parallel server configuration) cannot be started if an error occurs during the access to the HiRDB file system area for audit trail files.
- If the same audit trail file is specified in pd_aud_file_name operands in the system common definition for multiple units on the same server machine, the correct audit trail cannot be acquired.
- 48) pd_aud_max_generation_size = audit-trail-file-maximum-size
- ~<unsigned integer>((1-5240)) (megabytes)
- Specifies, in megabytes, the maximum size of audit trail files.
- Specification guidelines
- Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
- pd_aud_max_generation_size value
pd_aud_max_generation_num value < size of HiRDB file system area for audit trail files (value of the -n option of the pdfmkfs command) - 20 MB - When the specified value is smaller than the capacity of one audit trail record or no value is specified for this operand, and the size of one audit trail record is larger than the default, it will not be possible for HiRDB to start.
To start such a HiRDB unit, set the operand value so that the following condition is satisfied:
Value of pd_aud_max_generation_size![[Figure]](figure/zueng001.gif)
Maximum audit trail record size
1,024![[Figure]](figure/zueng010.gif)
1,024 + 2,048 (bytes)
Use the following formula to calculate the audit trail record size:
Maximum audit trail record size = 1,067 +
value of pd_aud_sql_source_size
4![[Figure]](figure/zueng010.gif)
4 +
value of pd_aud_sql_data_size
4![[Figure]](figure/zueng010.gif)
4 (bytes)
- If data is being output to the audit trail file asynchronously, see Output to audit trail file (asynchronous output) in the HiRDB Version 9 System Operation Guide.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is 100.
- 49) pd_aud_max_generation_num = maximum-audit-trail-file-count
- ~<unsigned integer>((2-200))
- Specifies the maximum number of (number of generations of) audit trail files to be created inside the HiRDB file system area for audit trail files.
- Specification guidelines
- We recommend that you not specify the maximum value (200) in case errors occur in all audit trail files. For details about how to handle errors in audit trail files, see the HiRDB Version 9 System Operation Guide.
- Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
- pd_aud_max_generation_size-value
pd_aud_max_generation_num-value < size-of-HiRDB-file-system-area-for-audit-trail-files (value of the -n option of the pdfmkfs command) - 20 MB
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is 50.
- Notes
- During the startup of HiRDB (or a unit for a HiRDB parallel server configuration), if there is a file with a generation number that is greater than the value specified for this operand, the specified value becomes invalid. In this case, the largest generation number is assumed as the maximum number of audit trail files to be created inside the HiRDB file system area.
- 50) pd_aud_async_buff_size = size-of-buffer-used-for-asynchronous-output-of-audit-trail-file
- ~<unsigned integer>((0, 4096-6553600)) (bytes)
- Specifies the size (in bytes) of the buffer to be used for asynchronously outputting audit trail. If 0 is specified, audit trail is synchronously output. When the specified value is smaller than the maximum audit trail record size or no value is specified for this operand, and the maximum audit trail record size is larger than the default, it will not be possible for the HiRDB unit to start.
- For details about the maximum audit trail record size, see the description of the pd_aud_max_generation_size operand.
- The following table describes the advantages and disadvantages of each output method.
pd_aud_async_buff_size value | Audit trail output method | Advantages | Disadvantages |
---|
0 | Synchronous output | Audit trail can be reliably output to an audit trail file. | Because file input/out occurs on the extension of SQL processing, the impact on performance is large. |
4096 to 6553600 | Asynchronous output | Can reduce the impact on SQL processing performance. | If HiRDB (or unit for a HiRDB parallel server configuration) is abnormally terminated after the audit trail is output to the buffer and before it is output to an audit trail file, the audit trail might be lost. |
- Specification guidelines
- To output an audit trail asynchronously, we recommend that you set this buffer size on the large side. There is only one of these buffers per unit, so performance might be degraded if contention occurs among environments that have many transactions that create high processing loads.
- Operand rule
- For this operand, specify an integral multiple of 4,096. If a value that is not an integral multiple of 4,096 is specified, it is rounded up to an integer multiple of 4,096 and set as the value for this operand. For example, if 5000 is specified, 8192 is set for the operand.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is 401408.
- Notes
- Starting HiRDB (or, for a HiRDB parallel server configuration, the unit) requires shared memory for the unit controllers equal in size to value of pd_aud_async_buff_size
value of pd_aud_async_buff_count (bytes). Make sure that the value from this equation does not exceed the upper limit for shared memory for unit controllers as a whole. For details about calculating the shared memory size used by unit controllers, see the HiRDB Version 9 Installation and Design Guide. - When the values specified in the pd_aud_async_buff_size and pd_aud_async_buff_count operands are small, all sectors of the asynchronous output buffer might wait for flushing, transaction execution times might lengthen, or, depending on the specification of the pd_aud_no_standby_file_opr operand, HiRDB (or the unit for a HiRDB parallel server configuration) might be forcibly terminated.
Determine the settings for the pd_aud_async_buff_size and pd_aud_async_buff_count operands taking into consideration the number of audit trail outputs per unit of time. For details, see Output to audit trail file (asynchronous output) in the HiRDB Version 9 System Operation Guide.
- Effects on individual estimation formulas
- If the value of the pd_aud_async_buff_size operand is changed, the following estimation formulas are affected:
- HiRDB Version 9 Installation and Design Guide:
- Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB single server configuration
- Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB parallel server configuration
- 51) pd_aud_async_buff_count = number-of-buffer-sectors-used-for-asynchronous-output-of-audit-trail-file
- ~<unsigned integer>((1-6500))
- Specifies the number of buffer sectors to be used for asynchronously outputting an audit trail.
- Specification guidelines
- We recommend that the number of buffer sectors be set on the high side. If the value is too small, writing to buffers might take longer due to writing into audit trail files, which can degrade performance.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is the larger of the following two values:
- 1 (when there are no HiRDB servers in the unit)
- Number of HiRDB servers in the unit
10
- Notes
- Starting HiRDB (or, for a HiRDB parallel server configuration, the unit) requires shared memory for the unit controllers equal in size to value of pd_aud_async_buff_size
value of pd_aud_async_buff_count (bytes). Make sure that the value from this equation does not exceed the upper limit for shared memory for unit controllers as a whole. For details about calculating the shared memory size used by unit controllers, see the HiRDB Version 9 Installation and Design Guide. - When the values specified in the pd_aud_async_buff_size and pd_aud_async_buff_count operands are small, all sectors of the asynchronous output buffer might wait for flushing, transaction execution times might lengthen, or, depending on the specification of the pd_aud_no_standby_file_opr operand, HiRDB (or the unit for a HiRDB parallel server configuration) might be forcibly terminated.
Determine the settings for the pd_aud_async_buff_size and pd_aud_async_buff_count operands taking into consideration the number of audit trail outputs per unit of time. For details, see Output to audit trail file (asynchronous output) in the HiRDB Version 9 System Operation Guide.
- Effects on individual estimation formulas
- If the value of the pd_aud_async_buff_count operand is changed, the following estimation formulas are affected:
- HiRDB Version 9 Installation and Design Guide:
- Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB single server configuration
- Formulas for shared memory used by a unit controller under Estimating the memory size required for a HiRDB parallel server configuration
- 52) pd_aud_async_buff_retry_intvl = retry-interval-for-allocation-of-a-buffer-to-be-used-for-asynchronous-output-of-audit-trail-file
- ~<unsigned integer>((1-1000)) (milliseconds)
- Specifies the retry interval for monitoring for a buffer to be used for asynchronous output of the audit trail so that the audit trail can be acquired when all buffers are in use.
- Specification guidelines
- Normally, there is no need to specify this operand.
- When the security audit facility is used and a UAP requires an extended amount of time to execute, specifying a small value in this operand might reduce the UAP execution time.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is 50.
- 53) pd_aud_sql_source_size = size-of-sql-statement-output-to-audit-trail
- ~<unsigned integer>((0-2000000))(bytes)
- Specifies the size in bytes of the SQL statements output to the audit trail when using the security audit facility. When 0 is specified, no SQL statements are output to the audit trail. For SQL statements larger than the specified value, the portion in excess of the specified value is not output to the audit trail.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is 0.
- Relationship to other operands
- If you specify this operand, re-estimate the specifications for the pd_aud_max_generation_size and pd_aud_async_buff_size operands.
- Effects on individual estimation formulas
- If the value of the pd_aud_sql_source_size operand is changed, the following estimation formula is affected:
- HiRDB Version 9 Installation and Design Guide:
- Determining audit trail file capacity
- 54) pd_aud_sql_data_size = size-of-sql-data-output-to-audit-trail
- ~<unsigned integer>((0-1000000))(bytes)
- Specifies the size in bytes of the SQL data output to the audit trail when using the security audit facility. When 0 is specified, no SQL data is output to the audit trail. For SQL data larger than the specified value, the portion in excess of the specified value is not output to the audit trail.
- Operand default
- When this operand is omitted, the specification of the same operand in the system common definition is assumed. When the same operand is also omitted in the system common definition, the default is 0.
- Relationship to other operands
- If you specify this operand, re-estimate the specifications for the pd_aud_max_generation_size and pd_aud_async_buff_size operands.
- Effects on individual estimation formulas
- If the value of the pd_aud_sql_data_size operand is changed, the following estimation formula is affected:
- HiRDB Version 9 Installation and Design Guide:
- Determining audit trail file capacity