2.18.5 Output destination of audit trails (audit trail file)
Audit trail information is output to a file in a specific directory (the audit trail directory). This file is called an audit trail file.
The file that is currently being used as the output destination for audit trail information is called the current audit trail file. If the size of the current audit trail file reaches the maximum allowed, the HADB server renames the current audit trail file. It then creates a new current audit trail file, outputting subsequent audit trail information to the new file. This process is called swapping the current audit trail file.
The following figure shows the process of swapping the current audit trail file.
|
|
![[Figure]](GRAPHICS/F0000097.GIF)
Explanation
-
Audit trail information is output to the current audit trail file in the audit trail directory. The name of the current audit trail file is always adbaud.aud.
-
When the size of the current audit trail file reaches the maximum (256 MB), the current audit trail file is renamed.
- Note
-
You can change the maximum size for the audit trail file by using the adb_audit_log_max_size operand in the server definition.
-
The HADB server creates a new current audit trail file, and outputs subsequent audit trail information to the new file.
- ■ Rules for renaming the audit trail file
-
When swapping the current audit trail file, the audit trail file that was the current file is renamed according to the following rules:
![[Figure]](GRAPHICS/F0000098.GIF)
When using the multi-node function
The file name of the current audit trail file and the rules for renaming audit trail file are as follows:
![[Figure]](GRAPHICS/F0000099.GIF)
- Note
-
-
Audit trail files that do not conform to these naming rules or that are stored in a location other than the audit trail directory are handled as files to which output of audit trail information has completed.
-
If an audit trail file with the same name already exists in the audit trail directory, a different name is used to avoid a conflict.
-
- ■ Timing of swapping of current audit trail file
-
The current audit trail file is swapped at the following times:
-
When the size of the current audit trail file reaches the maximum
-
When the adbaudittrail --swap command is used to swap the current audit trail file
- Note
-
If any of the following operations are performed, the current audit trail file is renamed after an audit trail for the operation is output to the file. In this case, a new current audit trail file is not created.
-
HADB server termination
-
Using the adbaudittrail --stop command to disable the audit trail facility
A new current audit trail file is created when the HADB server next starts or when the audit trail facility is re-enabled.
-
-
- ■ Maximum number of audit trail files that can be stored in audit trail directory
-
You can specify the maximum number of audit trail files that can be stored in the audit trail directory. To specify this maximum number, you use the adb_audit_log_max_num operand in the server definition. For example, if you specify 100 for this operand, a maximum of 100 audit trail files can be stored in the audit trail directory. This number includes the current audit trail file. When the HADB server creates a 101st audit trail file, the oldest audit trail file is deleted.
- Important
-
By default, no maximum number of files is set. Because the number of audit trail files in the audit trail directory increases continuously over time, you must take care to ensure the disk does not run out of free space.