Question & Answer
Question
What are the minimum requirements needed to start IDS auditing? What are the minimum requirements needed to start onaudit?
Answer
BACKGROUND
IBM® Informix® Dynamic Server™ (IDS) auditing enables the recording of selected user activities on the database server.
This article briefly discusses the set up procedure and provides a demonstration for database server-managed auditing using Informix Dynamic Server for Unix without Role Separation.
AUDITING SETUP
1. Log in as user informix.
2. Auditing is turned off by default when you install the database server. To turn it on, edit the $INFORMIXDIR/aaodir/adtcfg as follows:
- Change ADTMODE from 0 (which is the default) to 1. A 1 means that database server-managed auditing is on for all sessions.
- Change ADTPATH to the full path to which you want the database server to save audit files. Ownership of the directory should be informix, Group ID should be informix and Permission 755 to prevent unauthorized use of the audit files.
- For this example we will use /usr/informix/auditing for ADTPATH.
This is the resulting adtfcg file contents:
- ADTMODE 1
ADTPATH /usr/informix/auditing
ADTSIZE 50000
ADTERR 0
Here are links to a description of each parameter:
- ADTMODE = 1
ADTERR = 0
ADTPATH = /usr/informix/auditing
ADTSIZE = 50000
Audit file = 0
Auditing is now turned on.
onaudit -a -u _require -e +OPDB,GRDB,RVDB,GRTB,RVTB,CRRL,STRL,STSA,STOM,GRRL,RVRL,GRFR,RVFR
More information regarding audit masks or user masks can be found in the Information Center at these links:
For a list of all the audit event codes go here, Audit Event Codes and Fields.
AUDITING DEMONSTRATION
1. Create an individual user mask. For this example, the user mask is pat and the events to be audited will be creating and dropping databases.
- onaudit -a -u pat -e +CRDB,DRDB
- _require - GRDB,GRTB,OPDB,RVDB,RVTB,STOM,GRFR, RVFR,CRRL,GRRL,RVRL,STRL,STSA
pat - CRDB,DRDB
- CREATE DATABASE test;
CREATE TABLE tab1
(
col1 INT
);
DATABASE sysmaster;
DROP DATABASE test;
- >onshowaudit
ONLN|2002-10-31 14:25:10.000|digger2|2684|pat|pat|0:CRDB:test:-
ONLN|2002-10-31 14:25:28.000|digger2|2684|pat|pat|0:OPDB:sysmaster:0:-
ONLN|2002-10-31 14:25:28.000|digger2|2684|pat|pat|0:DRDB:test:-
5. Repeat step #3 as user informix.
6. Run onshowaudit to display the tracked events for user informix. The events are displayed here.
- >onshowaudit
ONLN|2002-10-31 14:38:35.000|digger2|2711|informix|informix|
0:OPDB:sysmaster:0:-
Note that the CRDB (create database), OPDB (open database), and DRDB (drop database) events are shown for user pat but user informix only shows OPDB.
Furthermore, note that auditing does not record the CRTB (create table) event for either user because it is not part of any of the auditing masks.
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21067407