The HiRDB administrator uses one of the following methods to collect an audit trail:

• Specify Y for the pd_audit operand
  In this case, an audit trail will be collected beginning at the time of HiRDB startup.
  
• Execute the pdaudbegin command
  In this case, the audit trail will be collected beginning at the time the command is executed.
  

To stop collection of the audit trail, execute the pdaudend command. Only the HiRDB administrator can execute this command. The auditor cannot use this command.

Reference note

• If HiRDB is restarted, the previous operating status is inherited. If an audit trail was being collected, it will be collected after restart; if an audit trail was not being collected, it will not be collected after restart.
• If HiRDB undergoes a normal startup, then rather than the previous operating status, the specification of the pd_audit operand takes precedence. Even if an audit trail was being collected, if pd_audit=N is specified, no audit trail will be collected after a normal startup. If an audit trail was not being collected but pd_audit=Y is specified, an audit trail will be collected after the normal startup.

Audit trail files can be deleted with the pdaudrm command. Only the HiRDB administrator can use this command. The auditor cannot use this command.

The HiRDB administrator manipulates the RDAREA that stores the audit trail table. For example, the HiRDB administrator can perform the following actions:

• Back up the RDAREA that stores the audit trail table
• Recover the RDAREA that stores the audit trail table
• Modify the structure of the RDAREA that stores the audit trail table (extend the RDAREA, for example)
• Add or remove usage privileges for the RDAREA that stores the audit trail table^#

#: This is performed when the RDAREA that stores the audit trail table is modified. For example, the HiRDB administrator can remove usage privileges for the RDAREA before it is modified, and grant an auditor usage privileges for the RDAREA after it is modified.

Data is registered in the audit trail table jointly by the HiRDB administrator and the auditor. Treat as input information the audit trail file waiting for data loading, and use the database load utility (pdload command) to load data to the audit trail table. For details about how to load data, see 24.7 Recording data in the audit trail table.

The HiRDB administrator and the auditor jointly use the pdls -d aud command to check the status of the audit trail file. The following can be checked:

• Whether there is an audit trail file waiting for data loading
• Whether there is an audit trail file that can be used as a swap target

For details about audit trail file statuses, see 24.6 Operation of audit trail files.

The HiRDB administrator manipulates the HiRDB file system area for the audit trail files. For example, the HiRDB administrator performs the following actions:

• Delete the audit trail table by deleting the HiRDB file system area (delete with an OS command)^#
• Back up the HiRDB file system area with the pdfbkup command
• Recover the HiRDB file system area with the pdfrstr command
• Initialize the HiRDB file system area with the pdfmkfs command
• Delete the HiRDB files that store the audit trail table with the pdfrm command

#: HiRDB does not output this event as part of the audit trail. Use the OS's audit facility to audit this event.

The HiRDB administrator and the auditor jointly use the pdaudswap command to swap audit trail files. To load data from the current audit trail file to another audit trail table, you must first use the pdaudswap command to swap audit trail files. Then you can load the data. The current audit trail file cannot be data loaded.

Note

If either of the following conditions is satisfied, the pdaudswap command cannot be executed:

• There are no swappable audit trail files
• No audit trail files have been generated