12.6 Stopping use of the audit trail facility
The following figure shows the procedure for stopping use of the audit trail facility.
Procedure:
-
Appoint an auditor to disable the audit trail facility.
Appoint one auditor (an HADB user with the audit admin privilege) whose responsibility it will be to disable the audit trail facility. The auditor you appoint will perform steps 2 to 5.
-
Delete audit target definitions.
The auditor appointed in step 1 uses a DROP AUDIT statement to delete all defined audit target definitions. For details about how to delete audit target definitions, see 12.4.4 Changing audit target definitions.
-
Delete all auditors except the auditor appointed to disable the audit trail facility.
Before disabling the audit trail facility, you need to delete all auditors other than the auditor who was appointed in step 1. Use the following procedure to delete these auditors:
-
First, the auditor appointed in step 1 identifies the authorization identifiers of all auditors. For details about how to identify the authorization identifier of an auditor, see (36) Checking the authorization identifiers and audit privileges of auditors in B.22 Searching a dictionary table.
-
Next, using these authorization identifiers, the auditor appointed in step 1 uses a REVOKE statement to revoke the audit viewer privilege of all auditors, including themselves. There should now be no HADB users who have the audit viewer privilege. For an example of an SQL statement that revokes the audit viewer privilege, see (2) Deleting auditors (revoking audit privileges) in 12.4.1 Adding, deleting, and changing auditors (granting or revoking audit privileges).
-
Finally, using the authorization identifiers, the auditor appointed in step 1 uses a REVOKE statement to revoke the audit admin privileges of all auditors other than itself. The auditor appointed in step 1 should now be the only HADB user who has the audit admin privilege. For an example of an SQL statement that revokes the audit admin privilege, see (2) Deleting auditors (revoking audit privileges) in 12.4.1 Adding, deleting, and changing auditors (granting or revoking audit privileges).
-
-
Disable the audit trail facility.
The auditor appointed in step 1 uses the adbaudittrail command to disable the audit trail facility. Executing the adbaudittrail command with the --stop option specified disables the audit trail facility. Audit trails will no longer be output after the audit trail facility is disabled.
Command execution example
adbaudittrail -u ADBAUDITADMIN -p '#HelloHADB_ADMIN' --stop
- Note
-
For information about the adbaudittrail command, see adbaudittrail (Manage the Audit Trail Facility) in the manual HADB Command Reference.
-
Delete the auditor who disabled the audit trail facility.
The auditor appointed in step 1 uses a REVOKE statement to revoke his or her own audit admin privilege. For details about revoking the audit admin privilege, see (2) Deleting auditors (revoking audit privileges) in 12.4.1 Adding, deleting, and changing auditors (granting or revoking audit privileges).
-
Delete the audit trail directory.
Audit trails will no longer be output after the audit trail facility is disabled. This means that the audit trail directory is no longer required and can be deleted.
-
First, the HADB administrator moves any audit trail files remaining in the audit trail directory to the audit trail storage directory. For details about how to move audit trail files, see 12.3.1 Moving audit trail files (to audit trail storage directory).
-
The HADB administrator then deletes the audit trail directory.
-
-
Delete the operands in the server definition that relate to the audit trail facility.
Because you are stopping use of the audit trail facility, the following operands specified in the server definition are no longer required. The HADB administrator can delete these operands as needed.
-
adb_audit_log_path operand
-
adb_audit_log_max_size operand
-
adb_audit_log_max_num operand
For details about how to modify the server definition, see 8.5.2 Modifying the server definition.
-