12.8.4 Operation methods available with linkage between the audit trail facility and JP1/Audit

(1) Operation method 1 (conversion is performed when the audit trail file is swapped)

The following describes the operation method in which audit trails are converted when the audit trail file is swapped.

In this operation method, the system needs to monitor messages that are output when the current audit trail file is swapped, and to execute the adbconvertaudittrailfile command each time the audit trail file is swapped. We recommend that you create a job that automatically executes the adbconvertaudittrailfile command when the target messages are output.

Note that the audit trail file swapped when the HADB server is terminated cannot be converted until the next time the HADB server is started. Therefore, it is necessary to confirm that the HADB server is operating before executing the adbconvertaudittrailfile command.

Procedure:

1. Start monitoring the messages.

   Monitor the KFAA81401-I and KFAA81402-I messages that are output to the server message log file ($ADBDIR/spool/adbmessageXX.log^#). These messages are output when the audit trail file is swapped. When the audit trail file is swapped, obtain the path of the file.

   #

   XX is a sequential number between 01 and 04.

2. Move the audit trail file from the audit trail directory to the audit trail storage directory.

   Move the target audit trail file based on the audit trail file's path obtained in step 1.

3. Execute the adbls -d srv command.

   Confirm that the HADB server is operating. Check whether the HADB server's status that is output for the output item STATUS is one of the following statuses:

   • ACTIVE: Operating (normal mode)

   • QUIESCE: Operating (quiescence mode)

   • OFFLINE: Operating (offline mode)

   • MAINTNCE: Operating (maintenance mode)

   If the HADB server is not operating, wait for it to start (create a job that automatically waits for the HADB server to start). Before you go to the next step, make sure that the HADB server is started by, for example, the HADB administrator or another job.

   Important

   Do not include the processing that starts the HADB server in the same job that automatically executes the adbconvertaudittrailfile command. If you do so, the HADB server becomes unable to terminate. Therefore, if the HADB server is not operating, it must be started by using a means other than the job that automatically executes the adbconvertaudittrailfile command.

4. Execute the adbconvertaudittrailfile command.

   Use the adbconvertaudittrailfile command to convert the audit trail file that you moved in step 2.

Note

We recommend that you provide a means to swap the current audit trail file periodically in addition to the job that automatically executes the adbconvertaudittrailfile command. Use the adbaudittrail --swap command to swap the current audit trail file. Make sure that the job converts audit trails each time the adbaudittrail --swap command is executed periodically.

To Page Top

(2) Operation method 2 (conversion is performed periodically)

The following describes the operation method in which audit trails are converted periodically.

In this operation method, the adbconvertaudittrailfile command targets all the audit trail files stored in the audit trail directory. We recommend that you create and execute a batch program that executes the adbconvertaudittrailfile command periodically (for example, once a day or once a week).

Procedure:

1. Execute the adbls -d srv command.

   Confirm that the HADB server is operating. Check whether the HADB server's status that is output for the output item STATUS is one of the following statuses:

   • ACTIVE: Operating (normal mode)

   • QUIESCE: Operating (quiescence mode)

   • OFFLINE: Operating (offline mode)

   • MAINTNCE: Operating (maintenance mode)

   If the HADB server is not operating, start it. Then, go to the next step.

2. Create a list of audit trail files that need to be moved.

   Using the find command of the OS, search for audit trail files in the audit trail directory and create a list of audit trail files (/home/adbmanager/tmp/auditfilelist.txt) that need to be moved. Note that the following command excludes the current audit trail file from its results.

   Command execution example

   find /mnt/audittrail/outputarea/audit \
       -name "adbaud-????????-??????-???*.aud" \
       > /home/adbmanager/tmp/auditfilelist.txt

3. Copy the audit trail files that need to be moved.

   Use the cp command of the OS to copy all of the files in the list (/home/adbmanager/tmp/auditfilelist.txt) that need to be moved from the audit trail directory to the audit trail storage directory.

   while read filename ; do
     cp ${filename} /mnt/audittrail/shorttimesavearea/audit_bak
   done < /home/adbmanager/tmp/auditfilelist.txt

4. Delete the audit trail files for which the copy process has completed.

   When the copy process has completed, use the rm command of the OS to delete the source files from the audit trail directory.

   while read filename ; do
     rm ${filename}
   done < /home/adbmanager/tmp/auditfilelist.txt

5. Execute the adbconvertaudittrailfile command.

   Use the adbconvertaudittrailfile command to convert all the audit trail files that have been moved, based on the list of audit trail files that need to be moved. This list is contained in the /home/adbmanager/tmp/auditfilelist.txt file created in step 2.

   Note that if multiple audit trail files are converted at the same time, audit trails being collected might be lost if the common format audit trail file is switched. In this case, JP1/Audit might fail to collect some audit trails.

6. Delete the list of audit trail files that need to be moved.

   Using the rm command of the OS, delete the list you created in step 2 (/home/adbmanager/tmp/auditfilelist.txt) of audit trail files that need to be moved.

   rm /home/adbmanager/tmp/auditfilelist.txt

To Page Top