12.10.2 Notes about audit trails output during command execution : Hitachi Advanced Database Setup and Operation Guide

(1) Audit trails output when commands are executed that connect to the HADB server

When you execute a command that connects to the HADB server, audit trails are output for the following events, in addition to the audit trails for the command itself.

Connecting to the HADB server
Disconnecting from the HADB server

For details about the commands that connect to the HADB server, see List of commands in the manual HADB Command Reference.

To Page Top

(2) Notes about executing the adbcancel command

The information output in audit trails and command return values differ as shown in the following table, depending on the timing with which the following event occurs: the adbcancel command is executed for a command that connects to the HADB server or the HADB server detects a communication error during execution of a command that connects to the HADB server.

Table 12‒27: Information output in audit trails and command return values
Timing with which `adbcancel` command was executed or HADB server detected communication error	Audit trails for connecting to the HADB server	Audit trails for command	Audit trails for disconnecting from the HADB server	Command return value
Between connecting to the HADB server and command processing	Output as SUCCESS	Not output	Output as OCCURRENCE^#	Error
Between command processing and disconnecting from the HADB server	Output as SUCCESS	Output as SUCCESS if command processing is successful	Output as OCCURRENCE^#	Error

#: If OCCURRENCE is output as the event result, disconnection from the HADB server itself has been completed. For details about the reason why OCCURRENCE was output, see the message log.

To Page Top

(3) Notes about executing the adbaudittrail command

If renaming of the current audit trail file fails when either of the following is executed, the end code output in the audit trail will not match the return code of the command.
- The HADB server is terminated
- The audit trail facility is disabled

The following table shows the nodes to which audit trails are output when executing the adbaudittrail command in an environment that uses the multi-node function:

Table 12‒28: Node to which audit trails are output when `adbaudittrail` command is executed
No.	Option specified in `adbaudittrail` command	Output destination node for audit trails
No.	Option specified in `adbaudittrail` command	Audit trails for connecting to the HADB server	Audit trails for `adbaudittrail` command	Audit trails for disconnecting from the HADB server
1	`--start`	Master node	Master node	Master node
2	`--stop`	Master node	Master node	Master node
3	`--swap`	Master node^#1	Node on which the command was executed	Master node^#1
4	`--swap -n` `node-number`	Master node	Node whose node number is specified in the `-n` option^{#2, #3}	Master node
5	`-d`	Master node^#1	Node on which the command was executed	Master node^#1
6	`-d -n` `node-number`	Master node	Node whose node number is specified in the `-n` option^{#2, #3}	Master node

#1: If the command is executed on the master node, NULL is output for CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER. If the command is executed on the slave node, the IP address and port number that the adbaudittrail command used to connect to the HADB server on the master node are output for CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER. CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER are the column names of the table function derived table used when retrieving audit trail data. For details, see 12.9.2 Column structure of table function derived table when retrieving audit trails.

#2: If you specify the node number of the slave node in the -n option of the adbaudittrail command, the IP address and port number used by the master node for inter-server communication are output for CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER. If you specify the node number of the master node, NULL is output for CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER. CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER are the column names of the table function derived table used when retrieving audit trail data. For details, see 12.9.2 Column structure of table function derived table when retrieving audit trails.

#3

If either of the following errors occurs, audit trails for the adbaudittrail command are output to the master node:

The adbaudittrail command was executed by an HADB user who does not have the audit admin privilege (or any audit privilege in the case of the -d option)
The adbaudittrail command is executed when the audit trail facility is disabled

To Page Top

(4) Notes about executing the adbconvertaudittrailfile command

The following table shows the nodes to which audit trails are output when executing the adbconvertaudittrailfile command in an environment that uses the multi-node function.

Table 12‒29: Node to which audit trails are output when `adbconvertaudittrailfile` command is executed
Output destination node for audit trails
Audit trails for connecting to the HADB server	Audit trails for the `adbconvertaudittrailfile` command	Audit trails for disconnecting from the HADB server
Master node^#	Node on which the command was executed	Master node^#

#: If the command is executed on the master node, NULL is output for CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER. If the command is executed on the slave node, the IP address and port number that the adbconvertaudittrailfile command used to connect to the HADB server on the master node are output for CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER. CLIENT_IP_ADDRESS and CLIENT_PORT_NUMBER are the column names of the table function derived table used when retrieving audit trail data. For details, see 12.9.2 Column structure of table function derived table when retrieving audit trails.

To Page Top