For the method of using the security audit facility, see the HiRDB Version 8 System Operation Guide.
- 42) pd_audit = Y | N
- Specifies whether to begin collecting an audit trail when HiRDB (or a unit for a HiRDB/Parallel Server) is started.
- Y: Begins collecting an audit trail when HiRDB is started.
- N: Does not begin collecting an audit trail when HiRDB is started.
- Even if N is specified for this operand, you can still collect an audit trail by executing the pdaudbegin command.
- Conditions
- All of the following conditions must be satisfied. If Y is specified when all of these conditions are not satisfied, HiRDB (or a unit for a HiRDB/Parallel Server) cannot be started.
- A HiRDB file system area has been created for an audit trail file.
- The name of the HiRDB file system for the audit trail file is specified for the pd_aud_file_name operand.
- 43) pd_aud_file_name = HiRDB-file-system-area-name-for-audit-trail-file
<pathname>((up to 150 characters))- This operand is required if you use the security audit facility. If you do not specify this operand, you cannot use the security audit facility.
- Specify an absolute path name for the name of the HiRDB file system area for an audit trail file.
- Notes
- When this operand is specified, HiRDB (or a unit for a HiRDB/Parallel Server) cannot be started if an error occurs during the access to the HiRDB file system area for audit trail files.
- For a system configuration in which multiple units run on the same server machine, use this operand to specify an audit trail file for each unit. If the pd_aud_file_name operand in the system common definition specifies the same audit trail file for multiple units on the same server machine, audit trails cannot be correctly collected.
However, for a unit to which the standby-less system switchover (effects distributed) facility is applied, specify this operand in the system common definition.
- 44) pd_aud_max_generation_size = audit-trail-file-maximum-size
<unsigned integer>((1-5240)) (MB)- Specifies the maximum size (MB) of audit trail files.
- Specification guidelines
- Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
- pd_aud_max_generation_size-value
pd_aud_max_generation_num-value < size-of-HiRDB-file-system-area-for-audit-trail-files (value of the -n option of the pdfmkfs command) - 20 MB
- 45) pd_aud_max_generation_num = maximum-audit-trail-file-count
<unsigned integer>((2-200))- Specifies the maximum number of (number of generations of) audit trail files to be created inside the HiRDB file system area for audit trail files.
- Specification guidelines
- Hitachi recommends that you not specify the maximum value (200) in case errors occur in all audit trail files. For the method of handling errors in audit trail files, see the HiRDB Version 8 System Operation Guide.
- Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
- pd_aud_max_generation_size-value
pd_aud_max_generation_num-value < size-of-HiRDB-file-system-area-for-audit-trail-files (value of the -n option of the pdfmkfs command) - 20 MB
- Notes
- During the startup of HiRDB (or a unit for a HiRDB/Parallel Server), if there is a file with a generation number that is greater than the value specified for this operand, the specified value becomes invalid. In this case, the largest generation number is assumed as the maximum number of audit trail files to be created inside the HiRDB file system area.
- 46) pd_aud_async_buff_size = size-of-buffer-used-for-asynchronous-output-of-audit-trail-file
<unsigned integer>((0, 4096-6553600)) (Byte)- Specifies the size (bytes) of the buffer to be used for asynchronously outputting audit trail. If 0 is specified, audit trail is synchronously output. The following table describes the advantages and disadvantages of each output method.
pd_aud_async_buff_size value | Audit trail output method | Advantages | Disadvantages |
---|
0 | Synchronous output | Audit trail can be reliably output to an audit trail file. | Because file input/out occurs on the extension of SQL processing, the impact on performance is large. |
4096-6553600 | Asynchronous output | Can reduce the impact on SQL processing performance. | If HiRDB (or unit for a HiRDB/Parallel Server) is abnormally terminated after the audit trail is output to the buffer and before it is output to an audit trail file, the audit trail may be lost. |
- Operand rule
- For this operand, specify an integer multiple of 4096. If a value that is not an integer multiple of 4096 is specified, it is rounded up to an integer multiple of 4096 and set as the value for this operand. For example, if 5000 is specified, 8192 is set for the operand.
- 47) pd_aud_async_buff_count = number-of-buffer-sectors-used-for-asynchronous-output-of-audit-trail-file
<unsigned integer>((1-6500))- Specifies the number of buffer sectors to be used for asynchronously outputting an audit trail.
- 48) pd_aud_async_buff_retry_intvl = retry-interval-for-allocation-of-a-buffer-to-be-used-for-asynchronous-output-of-audit-trail-file
<unsigned integer>((1-1000)) (milliseconds)- Specifies the retry interval for monitoring for a buffer to be used for asynchronous output of the audit trail so that the audit trail can be acquired when all buffers are in use.
- Specification guidelines
- Normally, there is no need to specify this operand.
- When the security audit facility is used and a UAP requires an extended amount of time to execute, specifying a small value in this operand may reduce the UAP execution time.