12.1.7 Considering the approach to take when attempts to write to the audit trail file fail

You need to consider whether to stop the HADB server if an attempt to write to the audit trail file fails for either of the following reasons:

• The disk containing the audit trail directory is full

• A failure has occurred on the disk containing the audit trail directory

Select either of the following as the processing method for situations where an attempt to write to the audit trail file fails. Specify the method you select in the --write-error option of the adbaudittrail --start command.

■ Terminate the HADB server

The HADB server is terminated if audit trail data cannot be written to the audit trail file. The termination mode of the HADB server in this scenario is abnormal termination.

Select this approach if you want to prioritize the recording of HADB user activity as audit trail data over the continued operation of the HADB server. This approach minimizes gaps in the acquisition of audit trail data.

To terminate the HADB server, specify DOWN in the --write-error option. Alternatively, you can omit the --write-error option altogether.

■ Continue HADB server operation

The HADB server does not terminate if audit trail data cannot be written to the audit trail file. The audit trail data that could not be written to the audit trail file is discarded, and the HADB server continues operating.

Select this approach if you want to prioritize the continued operation of the HADB server over the recording of HADB user activity as audit trail data.

To continue HADB server operation, specify FAILSOFT in the --write-error option. When FAILSOFT is specified, if the issue that prevented the audit trail data from being written to the audit trail file is later resolved, output to the audit trail file automatically resumes the next time audit trail data is scheduled to be written.

You can use either of the following methods to confirm that output to the audit trail file has resumed:

• Wait until the next time audit trail data is scheduled to be written, and then execute the adbaudittrail -d command

• Execute the adbaudittrail -d command after using the adbaudittrail --swap command to trigger the writing of audit trail data

Confirm that ACTIVE appears for audit in the output of the adbaudittrail -d command. If ACTIVE appears, output to the audit trail file has resumed.

Note

For information about the adbaudittrail command, see adbaudittrail (Manage the Audit Trail Facility) in the manual HADB Command Reference.

To Page Top