Auditing goal can be achieved through below steps:
1. Enabling Audit in a DB.
2. Implementing policies.
3. Generating reports.
ENABLING AUDIT :
1. Create a storage area for auditing tables . May create an area for Index too. Area should be of Type 2 storage essentially .
eg.Add.st :
d "AUDIT_AREA_DATA":70,64;512 ./testdb_70.d1
d "AUDIT_AREA_IDX":71,64;512 ./testdb_71.d1 2. After creating Area enable auditing for database : $ proutil testdb -C enableauditing area "AUDIT_AREA_DATA" - indexarea "AUDIT_AREA_IDX" deactivateidx “OpenEdge Release 10.2B04 as of Thu Mar 3 19:17:16 EST 2011
The 95 audit event records for default system events were loaded successfully. (14812)The 36 audit event records for encryption audit events were loaded successfully. (14812)Auditing has been enabled for database testdb. (12479)”
IMPLEMENTING AUDIT POLICY :
1. Import Policy in local Database.
2. Export implemented Policy in Character Database.
There are various audit policies predefined for OE database. However we can create our customized policies too. Here in particular to our environment our goal is to enable auditing for DBA activities like
Dump/load , database object creation, idxbuild etc.
For this purpose we two pre defined policies as below.App-Schema PSC-Db-Admin
A little description is as below :
App-Schema:Application schema changes. This includes when any of the following is created, updated, or deleted: table, table trigger, table field, table index; or sequence. This also includes when a database is created or updated.
PSC-Db-Admin:Database administration tools. This includes when the database is started or stopped; or when any of the following operations are performed on the database: backup, restore, binary dump, binary load, copy, table move, index move, index check, index rebuild, index fix, area truncate, SQL dump, text dump, text load.
Now comes the tool to Activate a policy called “Audit Policy Maintenance” .
Above tools is for Windows GUI only not for Character Interface. So we need to Enable a policy in our local system ,then export it in a XML format and load it in Character interface through Admin tool.
We will see this further.
After enabling Audit in our local DB ( Local DB should be a similar copy of Character DB in terms of schema) , we need to import policy from Audit policy maintenance tool . Read below .
1. Goto “Audit Policy Maintenance “option in “Tools” in Data Dictionary.
2. You will get below window . Go to File and then “Import Policy” .
3. Auditing policies are stored in $DLC/auditing drive in XML format . Browse there and select “policies.xml” .
4. After importing you will get below message box.
5. You can see Different policies being imported as below .
6. You need to select a policy to activate (however when you import policies.xml , all policies in this xml are activated by default . we need to activate App-Schema and PSC-DB-Admin Policy and deactivate others as below) .Select one policy ( here PSC-DB-Admin) .
If you uncheck “Policy active” check box , it will get deactivated ( after saving changes.).
7. You need to uncheck and rest of the policies and check(if not) two policies in concern .Now you need to save changes as below from ”Save record” .
8. Once you save it you can see active policies as below.
Export Policy to character Database:
Goto “Audit Policy Maintenance” tool and select File > Export Policy.
Browse to directory where you want to generate XML file.
Give a name like “db-policy.xml” and export by clicking on Open . The Xml generated needs to be loaded in target Database . GENERATING REPORTS :Once Auditing is enabled we need to query audit related tables. Below figure may help us. Details of audit tables can be found in documents as below .
Table name Description
Archived_aud-audit-data >>> This table contains the audit data records. All events are stored in this table.
_aud-audit-data-value >>> This table is a child table of the _aud-audit-datatable, and contains records for each fieldchange data event.
_aud-audit-policy >>> This table contains named audit policies. Ifmultiple policies are active, the aggregation ofthe policies is applied, and the highest level ofauditing will be applied if a conflict existsbetween policies.
_aud-event >>> This table contains the definitions for allsupported OpenEdge and user-defined auditevents and their event ids. All event ids up to32,000 are reserved. You can create customapplication events with ids greater than 32,000.
_aud-event-policy >>> This table contains policy settings for eventsassociated with policies.
_aud-field-policy >>> This table contains field level auditing settingsassociated with a named policy.
_aud-file-policy >>> This table contains table level auditing settingsassociated with a named policy.
Commentaires