Hitachi

Hitachi Advanced Database Command Reference


3.2.1 Explanation of the specification format and options

Organization of this subsection

(1) Specification format

adbaudittrail
    -u authorization-identifier
  [-p password]
  {--start [--write-error {DOWN|FAILSOFT}]
  |--stop
  |--swap [-n node-number]
  |-d [-n node-number]}

(2) Explanation of options

-u authorization-identifier

~<character string>((1 to 100 bytes))

Specifies the authorization identifier of the HADB user who executes the adbaudittrail command. The privileges required for executing the adbaudittrail command vary depending on the specified options. The following table lists the specified options and the required privileges.

Table 3‒1: Privileges required for execution of the adbaudittrail command

No.

Option to specify

Privileges required

1

--start

  • CONNECT privilege

  • Audit admin privilege

2

--stop

  • CONNECT privilege

  • Audit admin privilege

3

--swap

  • CONNECT privilege

  • Audit admin privilege

4

-d

  • CONNECT privilege

  • Audit admin privilege or audit viewer privilege

For this option, specify an authorization identifier in the range from 1 to 100 bytes. Note that the byte count (1 to 100 bytes) does not include the double quotation marks used to enclose the authorization identifier.

Important

If the character string used as the authorization identifier includes any lowercase letter or a backslash (\), make sure that you check the rules for specifying authorization identifiers. For the rules for specifying authorization identifiers, see 1.4.2 Rules for specifying authorization identifiers and passwords.

-p password

~<character string>((1 to 255 bytes))

Specifies the password for the authorization identifier that is specified in the -u option.

Important

If the password includes a character that has a special meaning in the OS or shell, such as a double quotation mark (") or vertical bar (|), make sure that you check the rules for specifying passwords. For the rules for specifying passwords, see 1.4.2 Rules for specifying authorization identifiers and passwords.

If the adbaudittrail command is executed with this option omitted, a message prompting the user to enter a password will be displayed. In an environment in which a password cannot be entered from the standard input, such as when the command is executed in the background, make sure that you do not omit this option.

--start

Specify this option if you want to enable the audit trail facility.

If the multi-node function is being used, you can execute the adbaudittrail --start command on the master node only.

Note

When the audit trail facility is enabled, a new audit trail file is created. Audit trails are output to the created audit trail file.

--write-error {DOWN|FAILSOFT}

Specifies the processing method (whether to stop the HADB server) if audit trails can no longer be written to the audit trail file because, for example, the disk is full or a disk failure occurs. When this option is omitted, DOWN is assumed.

DOWN:

If an audit trail cannot be written to the audit trail file, the HADB server stops. At this time, the termination mode of the HADB server is abnormal termination.

FAILSOFT:

Even if an audit trail cannot be written to the audit trail file, the HADB server does not stop. The audit trail that cannot be written to the audit trail file is discarded, and the HADB server continues operation.

When the cause of the audit-trail write error to the audit trail file is eliminated, output to the audit trail file automatically restarts from the next write timing of audit trails.

Important

The specification of the --write-error option can be changed only when the adbaudittrail --start command is executed to enable the audit trail facility.

Therefore, if you want to change the specification of the --write-error option when the audit trail facility is enabled, first execute the adbaudittrail --stop command to disable the audit trail facility. Then, change the specification of the --write-error option, and then re-execute the adbaudittrail --start command to enable the audit trail facility.

--stop

Specify this option if you want to disable the audit trail facility. When the audit trail facility is disabled, output of audit trails stops.

If the multi-node function is being used, you can execute the adbaudittrail --stop command on the master node only.

Note

When the audit trail facility is disabled, the current audit trail file is renamed.

For details about renaming of the audit trail file, see Output destination of audit trails (audit trail file) in the HADB Setup and Operation Guide.

--swap

Specify this option to swap the current audit trail file to which audit trails are output.

You cannot search for or convert audit trails in the current audit trail file. If you want to search for or convert an audit trail in the current audit trail file, execute the adbaudittrail --swap command to swap the current audit trail file.

If the multi-node function is being used, the adbaudittrail --swap command with the -n option omitted can be executed on either the master node or slave node. In this situation, the audit trail file to be output on the node on which the command is executed is swapped.

-n node-number

~<integer> ((1 to 4))

Swaps the audit trail file to be output on the node whose number is specified for this option.

You can specify this option when the following two conditions are met.

  • If the multi-node function is used

  • If the adbaudittrail command is executed on the master node

When the multi-node function is not being used, this option is ignored.

Note

When the adbaudittrail --swap command is executed, the current audit trail file before swapping is renamed. Then, a new current audit trail file is created. After the adbaudittrail --swap command is executed, you can view audit trails in the renamed audit trail file.

For details about renaming of the audit trail file, see Output destination of audit trails (audit trail file) in the HADB Setup and Operation Guide.

-d

Specify this option if you want to display information related to the audit trail facility.

You can check whether the audit trail facility is enabled or disabled. You can also check the information in the audit trail file. For details about the output format and the displayed information, see 3.3.2 Displaying information related to the audit trail facility.

If the multi-node function is being used, the adbaudittrail -d command with the -n option omitted can be executed on either the master node or slave node. In this situation, information related to the audit trail facility of the node on which the command is executed is displayed.

-n node-number

~<integer> ((1 to 4))

Information related to the audit trail facility on the node with the node number specified in this option will be displayed.

You can specify this option when the following two conditions are met.

  • If the multi-node function is used

  • If the adbaudittrail command is executed on the master node

When the multi-node function is not being used, this option is ignored.