Contents Index Administration of audit records Correlating audit records

SQL Anywhere Studio Security Guide
  Auditing

Auditing of database utilities


This page describes operation of Adaptive Server Anywhere in a manner equivalent to a C2-security-certified configuration. It does not provide general-purpose information on the topic.

Some database utilities perform actions that must be audited, but do not necessarily communicate with a running engine or server. These utilities must be audited separately. The utilities in question are dblog, dbwrite, and dbtran. These utilities check the database or transaction log to see if auditing is enabled. If so, they audit their invocation by writing to a file called dbname.alg, located in the same directory as the database file.

The .alg file is a text file, and can be viewed with any standard editor, such as Notepad. You can also use text-file sort and filter utilities (such as grep) to retrieve audit records for a particular user or utility.

Each audit record consists of a single line, in the following format:

2000/07/07 15:31:17.316 - User NT user name invoking utility name

You can delete records from this file at any time, simply by deleting them in the editor and saving the file. You can also delete the file at any time. Utilities that generate records into this file will fail if they cannot write to this file (for example, if the file system is full). Accesses to the .alg file can be audited using the Windows NT audit mechanism.


Contents Index Administration of audit records Correlating audit records