Administrator Guide : Security : Using solidDB® audit features : Interpretation of Audit Info files
  
Interpretation of Audit Info files
solidDB® product package does not contain a specific tool for analyzing the Audit Info output files. For most trivial cases, searching suspected strings from the files may be sufficient. For anything more complicated, writing scripts or using third party tools to analyze the output will be required. This section will describe a few guidelines on things to be considered while doing the analysis.
For most auditing cases, completeness of the record is among the first thing to be validated. solidDB® audit trail field msg_id will provide a continuous ascending sequence of audit record numbers. If there are lacking numbers in the middle, there are either files lacking entirely, copying the files has not been successfully completed or the contents of some files have been changed.
If HotStandy is used, there will be audit files from two different servers. The msg_id fields will be server-specific. To collect information about all logical operations in sequence taking place inside the system of two servers, the files should be merged using the time column. The time will be the system time of the particular servers. If it is not synchronized, the order of entries in the merged file can not be guaranteed.
For validating that write operations got completed, look for TRXCOMM/TRXROLL record. Audit Trail contains information about all statement executions, also the ones that were rolled back. If a transaction is rolled back, there is a rollback record in the file.
The modifications values in the table modified inside the trigger code using trigger variables are not visible in the audit trail. Statements executed inside the trigger code are visible as regular statements.
See also
Using solidDB® audit features