12.1.1 Considering audit target definitions (selecting events for which to output audit trails)
The audit trail facility can output audit trails for any audit target event. However, outputting an audit trail for every event generates an extremely large volume of audit trail data, which limits how efficiently the auditors can work. For this reason, you need to decide which events will be of interest to an auditor based on the intention of the audit process. The following table shows examples of the events that might be of interest to an auditor conducting the audit process with a certain intention.
|
Intention of auditing |
Examples of events subject to auditing |
Type of audit target event |
|---|---|---|
|
Finding out whether the configuration of the HADB server has been modified without authorization |
Starting and terminating the HADB server |
Mandatory audit event |
|
Finding out whether an unauthorized operation has been performed with respect to the audit trail facility |
Performing operations in relation to the audit trail facility |
Mandatory audit event |
|
Finding out whether any suspicious connections have been made to the HADB server |
Connecting to the HADB server |
Optional audit event |
|
Finding out whether data has been tampered with or removed |
Creating, searching, updating, and deleting tables |
Optional audit event |
|
Finding out whether use of the system complies with the security policy (such as changing passwords regularly) |
Changing the password of an HADB user |
Optional audit event |
A mandatory audit event is an event for which an audit trail will always be output as long as the audit trail facility is enabled. Optional audit events differ in that the auditor can select whether an audit trail is output. If you want to output audit trails for optional audit events, you need to define those events as audit targets by using the CREATE AUDIT statement.
Based on the intention of the audit process, decide whether to audit only mandatory audit events, or to also include optional audit events.
For lists of audit target events (mandatory audit events and optional audit events), see 12.9.1 List of audit target events and output items.