For the method of using the security audit facility, see the HiRDB Version 8 System Operation Guide.
- 125) pd_audit = Y | N
- Specifies whether to begin collecting an audit trail when HiRDB (a unit for a HiRDB/Parallel Server) is started.
- Y: Begins collecting an audit trail when HiRDB is started.
- N: Does not begin collecting an audit trail when HiRDB is started.
- Even if Y is specified for this operand, you can still collect an audit trail by executing the pdaudbegin command.
- Conditions
- All of the following conditions must be satisfied. If Y is specified when all of these conditions are not satisfied, HiRDB (a unit for a HiRDB/Parallel Server) cannot be started.
- A HiRDB file system area has been created for an audit trail file.
- The name of the HiRDB file system for the audit trail file is specified for the pd_aud_file_name operand.
- 126) pd_aud_file_name = HiRDB-file-system-area-name-for-audit-trail-file
<pathname>((maximum of 150 characters))- This operand is required if you use the security audit facility. If you do not specify this operand, you cannot use the security audit facility.
- Specify an absolute path name for the name of the HiRDB file system area for an audit trail file.
- Notes
- When this operand is specified, HiRDB (a unit for a HiRDB/Parallel Server) cannot be started if an error occurs during the access to the HiRDB file system area for audit trail files.
- In the case of a system configuration in which multiple units run on the same server machine, use this operand to specify an audit trail file for each unit. If the same audit trail file is specified in pd_aud_file_name operands in the system common definition for multiple units on the same server machine, the correct audit trail cannot be acquired. However, for a unit to which the standby-less system switchover (effects distributed) facility is applied, specify this operand in the system common definition.
- 127) pd_aud_max_generation_size = audit-trail-file-maximum-size
<unsigned integer>((1-5240))<<100>> (MB)- Specifies the maximum size (MB) of audit trail files.
- Specification guidelines
- Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
- pd_aud_max_generation_size-value
pd_aud_max_generation_num-value < size-of-HiRDB-file-system-area-for-audit-trail-files (value of the -n option of the pdfmkfs command) - 20 MB
- 128) pd_aud_max_generation_num = maximum-audit-trail-file-count
<unsigned integer>((2-200))<<50>>- Specifies the maximum number of (number of generations of) audit trail files to be created inside the HiRDB file system area for audit trail files.
- Specification guidelines
- Hitachi recommends that you not specify the maximum value (200) in case errors occur in all audit trail files. For the method of handling errors in audit trail files, see the HiRDB Version 8 System Operation Guide.
- Because HiRDB needs 20 MB for management, determine the value for this operand so that the following condition is satisfied:
- pd_aud_max_generation_size-value
pd_aud_max_generation_num-value < size-of-HiRDB-file-system-area-for-audit-trail-files (value of the -n option of the pdfmkfs command) - 20 MB
- Notes
- During the startup of HiRDB (a unit for a HiRDB/Parallel Server), if there is a file with a generation number that is greater than the value specified for this operand, the specified value becomes invalid. In this case, the largest generation number is assumed as the maximum number of audit trail files to be created inside the HiRDB file system area.
- 129) pd_aud_no_standby_file_opr = down | forcewrite
- Specifies the process to be performed by HiRDB when no swappable audit trail file is available.
- down:
- When the number of remaining swappable audit trail files is reduced to one, HiRDB (a unit for a HiRDB/Parallel Server) is forcibly terminated. After restarting HiRDB, load the data waiting to be loaded from the audit trail files into an audit trail table. During this step, temporarily suppress the execution of commands and transactions.
- forcewrite:
- If no swappable audit trail file is available, an audit trail file waiting for data loading (except for files that are shut down) is forcibly made into a swapping target, and audit trail outputting is continued. For this process, the audit trail file waiting for data loading that has the oldest update date is made into the swapping target.
- If all files are shut down, audit trail outputting is cancelled.
- 130) pd_aud_async_buff_size = size-of-buffer-used-for-asynchronous-output-of-audit-trail-file
<unsigned integer>((0, 4096-6553600))<<401408>> (Byte)- Specifies the size (bytes) of the buffer to be used for asynchronously outputting the audit trail. If 0 is specified, the audit trail is synchronously output. The following table describes the advantages and disadvantages of each output method.
pd_aud_async_buff_size value | Audit trail output method | Advantages | Disadvantages |
---|
0 | Synchronous output | Audit trail can be reliably output to an audit trail file. | Because file input/out occurs on the extension of SQL processing, the impact on performance is large. |
4096-6553600 | Asynchronous output | Can reduce the impact on SQL processing performance. | If HiRDB (a unit for a HiRDB/Parallel Server) is abnormally terminated after the audit trail is output to the buffer and before it is output to an audit trail file, the audit trail may be lost. |
- Operand rule
- For this operand, specify an integer multiple of 4096. If a value that is not an integer multiple of 4096 is specified, it is rounded up to an integer multiple of 4096 and set as the value for this operand. For example, if 5000 is specified, 8192 is set for the operand.
- Relationship to other operands
- If v6compatible or v7compatible is specified in the pd_sysdef_default_option operand, the default value for this operand is 4096.
- 131) pd_aud_async_buff_count = number-of-buffer-sectors-used-for-asynchronous-output-of-audit-trail-file
<unsigned integer>((1-6500))<<max(1, number of HiRDB servers in unit x 10)>> (sectors)- Specifies the number of buffer sectors to be used for asynchronously outputting an audit trail.
- Relationship to other operands
- If v6compatible or v7compatible is specified in the pd_sysdef_default_option operand, the default value for this operand is 3.
- 132) pd_aud_async_buff_retry_intvl = retry-interval-for-allocation-of-a-buffer-to-be-used-for-asynchronous-output-of-audit-trail-file
<unsigned integer>((1-1000))<<50>> (milliseconds)- Specifies the retry interval for monitoring for a buffer to be used for asynchronous output of the audit trail so that the audit trail can be acquired when all buffers are in use.
- Specification guidelines
- Normally, there is no need to specify this operand.
- When the security audit facility is used and a UAP requires an extended amount of time to execute, specifying a small value in this operand may reduce the UAP execution time.
- 133) pd_aud_file_wrn_pnt = warning-message-output-trigger[,trigger-for-resetting-warning-message-output-status]
- warning-message-output-trigger:
<unsigned integer><<0-100>><<0 or 80>>(%) - When the number of unswappable audit trail files reaches or exceeds the warning value, a warning message is issued. For this operand, specify the warning value as a percentage of the maximum audit trail file count specified in the pd_aud_max_generation_num operand. For example, if 100 is specified for the pd_aud_max_generation_num operand, and 90 is specified for the pd_aud_file_wrn_pnt operand, the KFPS05123-W warning message is issued when the number of unswappable audit trail files reaches or exceeds 90.
- For a HiRDB/Parallel Server, the number is checked for each unit.
- If 0 is specified in this operand, no warning message is issued.
- Relationship to other operands
- If this operand is omitted, and if MANUAL is specified for the pd_watch_resource operand or this operand is omitted, 0 is assumed for the pd_aud_file_wrn_pnt operand. That is, no warning message is issued.
- If this operand is omitted, and if AUTO is specified for the pd_watch_resource operand or this operand is omitted, 80 is assumed for the pd_aud_file_wrn_pnt operand. That is, a warning message is issued when 80% is reached or exceeded.
- trigger-for-resetting-warning-message-output-status:
<unsigned integer><<0-99>>(%) - Specifies the trigger for resetting the warning message output status. When the warning message (KFPS05123-W) is output, HiRDB goes into the warning message output status. Once HiRDB goes into this status, the warning message is not output again even if the number of unswappable audit trail files exceeds the warning value again. However, when the number of unswappable audit trail files falls below the trigger for resetting the warning message output status specified here, the warning message output status is reset.
- For example, if pd_aud_file_wrn_pnt=90,70 is specified, the warning message is output when the number of unswappable audit trail files reaches or exceeds 90% of the maximum number of audit trail files. Afterwards, no warning message is output until the number of unswappable audit trail files falls below 70% of the maximum number of audit trail files. After the percentage falls below 70%, and when it subsequently reaches or exceeds 90% again, the warning message is output.
- Notes
- When this specification is omitted, warning-message-output-trigger -30 is assumed as the default (if the result is a negative number, 0 is used).
- If a value greater than the warning message output trigger is specified, the warning message output trigger value is used.