Contents Index Enabling and disabling auditing Audit records

SQL Anywhere Studio Security Guide
  Auditing

Reading auditing output


This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.

You can use the dbtran utility to retrieve audit records from the transaction log. The transaction log file is usually found in the dbname.log file, located in the same directory as the database file.

The -g switch tells dbtran to include audit records in the output. The output from dbtran is a SQL script with comments interspersed. This SQL script can be used to recover the database if a failure occurs. When using the -g option, the output file is entirely comments, since the -g option implies the -d option (which records transaction log information in the order in which it was contained in the log, not in the default commit order). Do not use output in this format for recovery of a database. Each line is commented to avoid accidental use of this file for recovery.

When a user connects to the database, an audit record is generated:

--CONNECT-1001-0000198970-dba-1998/dec/03 14:54

The data following the CONNECT are interpreted as follows:

Other records have the connection ID and byte offset, but only the CONNECT record has the user name and date/time. Note that disconnects are not logged. If another CONNECT record is generated with the same connection ID as a previous CONNECT record, you can assume that the first user has disconnected. Although the connection ID is reused, the second connection is entirely unrelated to the first.


Contents Index Enabling and disabling auditing Audit records