12.9.1 List of audit target events and output items

1

Mandatory audit event

System event

These events are used to audit activity that involves starting, stopping, and modifying the system.

An audit trail is output when any of the following events occur:

• Starting the HADB server^#1 (adbstart command)

• Stopping the HADB server^#2 (adbstop command)

• Changing the HADB server operation mode (adbchgsrvmode command)

• Changing the node type (adbchgnodetype command)

• Starting and stopping output of SQL trace information (adbchgsqltrc command)

• Centrally managing client definitions (adbclientdefmang command)

• Adding and modifying DB areas (adbmodarea command)

• Changing a buffer (adbmodbuff command)

• Managing the updated-row columnizing facility (adbcolumnize command)

2

Audit event

These events are used to audit operations related to the auditing process itself.

An audit trail is output when any of the following events occur:

• Granting audit admin privilege (GRANT statement with AUDIT ADMIN specified)

• Granting audit viewer privilege (GRANT statement with AUDIT VIEWER specified)

• Revoking audit admin privilege (REVOKE statement with AUDIT ADMIN specified)

• Revoking audit viewer privilege (REVOKE statement with AUDIT VIEWER specified)

• Defining audit targets (CREATE AUDIT statement)

• Deleting audit target definition information (DROP AUDIT statement)

• Referencing audit target definition information (retrieval from SQL_AUDITS dictionary table)

• Retrieving data from viewed tables that depend on the SQL_AUDITS dictionary table

• Changing auditor passwords (ALTER USER statement)

• Enabling the audit trail facility (adbaudittrail command with --start option specified)

• Disabling the audit trail facility (adbaudittrail command with --stop option specified)

• Swapping the audit trail file (adbaudittrail command with --swap option specified)

• Referencing information related to the audit trail facility (adbaudittrail command with -d option specified)

• Using a system-defined function for audit trails (ADB_AUDITREAD function)

• Retrieving data from a viewed table that depends on a derived table that specifies an ADB_AUDITREAD function

• Converting audit trail files (adbconvertaudittrailfile command)

3

Optional audit event

Session event

These events are used to audit user authorization based on the authorization identifiers and passwords of HADB users.

An audit trail is output when any of the following events occur:

• Connection to the HADB server

• Disconnection from the HADB server

4

Privilege management event

These events are used to audit the granting or revocation of privileges.

An audit trail is output when any of the following events occur:

• Granting privileges (GRANT statement)

• Revoking privileges (REVOKE statement)

• Creating an HADB user (CREATE USER statement)

• Deleting an HADB user (DROP USER statement)

• Changing user information for an HADB user (ALTER USER statement)

5

Definition SQL event

These events are used to audit the definition, deletion, and modification of objects.

An audit trail is output when any of the following events occur:

• Defining an object

  • CREATE INDEX statement

  • CREATE SCHEMA statement

  • CREATE TABLE statement

  • CREATE VIEW statement

• Deleting an object

  • DROP INDEX statement

  • DROP SCHEMA statement

  • DROP TABLE statement

  • DROP VIEW statement

• Modifying an object

  • ALTER TABLE statement

  • ALTER VIEW statement

6

Data manipulation SQL event

These events are used to audit access to objects.

An audit trail is output when any of the following events occur:

• Retrieving data from tables (SELECT statement)

• Inserting rows into tables (INSERT statement)

• Updating table row data (UPDATE statement)

• Deleting table row data (DELETE statement)

• Deleting all row data from a table (TRUNCATE TABLE statement)

• Deleting all row data in a chunk (PURGE CHUNK statement)

• SQL parsing error

• Acquiring data stored in chunks (#GETDATA subcommand of adbsql command)

• Acquiring the number of data items stored in a chunk (#GETCOUNT subcommand of adbsql command)

• Displaying table information (#TABLES subcommand of adbsql command)

• Displaying column information (#COLUMNS subcommand of adbsql command)

• Displaying index information (#INDEXES subcommand of adbsql command)

• Displaying chunk information (#CHUNKS subcommand of adbsql command)

• Displaying authorization identifiers (#GETUSER subcommand of adbsql command)

7

Command operation event^#3

These events are used to audit execution of commands that connect to the HADB server.

An audit trail is output when any of the following events occur:

• Importing data (adbimport command)

• Rebuilding indexes (adbidxrebuild command)

• Collecting cost information (adbgetcst command)

• Analyzing DB status (adbdbstatus command)

• Exporting data (adbexport command)

• Merging chunks (adbmergechunk command)

• Setting, changing, and deleting chunk comments (adbchgchunkcomment command)

• Change the chunk status (adbchgchunkstatus command)

• Archiving chunks (adbarchivechunk command)

• Unarchiving chunks (adbunarchivechunk command)

• Reorganizing system tables (base tables) (adbreorgsystemdata command)

• Registering and deleting synonym dictionaries (adbsyndict command)