The solidDB AuditInfo feature is enabled by setting the Srv.AuditInfoLogEnabled parameter to yes in the solid.ini file. Other parameters control file sizes, numbering patterns, and other details. For example:
▪ The files are generated in a specific directory that is defined by setting the directory path with the Srv.AuditInfoLogDir parameter.
Note Since the audit log files are likely to contain sensitive data in a human-readable format, it is recommended to restrict the access to this directory to users who require the access to monitor and manage audit feature. Using the solidDB working directory for the audit directory is not recommended since all database administrators typically require access to files that are stored in this directory.
▪ You can configure the types of database operations to be collected by using the Srv.AuditInfoFilter parameter. If you do not include this parameter, all database activity is logged.
▪ You can specify the users for which audit information is collected by using one of two solid.ini parameters:
– To specify the users to include, use Srv.AuditInfoIncludeUsers.
– To specify the users to exclude, use Srv.AuditInfoExcludeUsers.
Note The options are mutually exclusive so no more than one parameter should be used at a time. If neither parameter is used, audit activity is collected for all users. The type of activity collected for each user depends on the presence and value of the Srv.AuditInfoFilter parameter.
For example, in the following configuration, the audit records would include all SQL activity from the users sullivan, timothy, and dba:
Note User names in solidDB are not case-sensitive.
For full details of the AuditInfo parameters, see Srv section.
Monitoring the audit log
Information about the audit starting is recorded in the solmsg.out file. If the solidDB server is not able to write to the directory for any reason, an error message is written to the solmsg.out file.
The AuditInfo feature cannot be started or stopped by ADMIN COMMANDs. However, the audit state can be monitored by the ADMIN COMMAND 'audit status' command. The command returns whether the AuditInfo feature is active or not, and errors associated with audit collection. For full details of the command, see AUDIT STATUS.
Validating completeness of audit log
You should ensure that the audit information covers the intended scope. The audit information might consist of a significant number of large files. To validate the completeness of the audit you should run a check that validates the numbering of audit log entries. The msg_id fields in the audit log entries should contain all numbers from 0 (or start of the audit period) to the end of the audit period. For more information about the content of audit records, see AuditInfo log records.
When using solidDB in a HotStandby configuration, audit log files are collected for each server and not for each logical database. Therefore, it is necessary to merge audit information from both database servers to create a consistent audit log for the logical database. See Using AuditInfo Log feature with solidDB HotStandby for more details.