Auditing in A High Availability System

This section describes the special considerations for auditing in a system configured for Sybase Failover.

Configure a companion for auditing the same as you would configure a server that does not use failover. If a primary companion is configured for auditing, the secondary companion checks to determine whether it also needs to be configured for auditing as well. For more information see “Setting Auditing Options”.

All updates to user and security information (for example, sp_addlogin, sp_addrole, and so on) are done on both the systems in transactional fashion. This keeps the user and security data identical on both the companions.

Table 3-1 describes changes to the auditing configuration parameters.

Table 3-1: Auditing configuration parameters

Configuration Parameter

Functionality in Sybase Failover

auditing

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

Turning this parameter on and off is not synchronized dynamically for the companions. You must manually update the remote companion if you change this parameter locally.

allow procedure grouping

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

max roles enabled per user

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

unified login required

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

secure default login

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

systemwide password expiration

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

use security services

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

check password for digit

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

minimum password length

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.

maximum failed logins

Both companions must be configured the same for this parameter.

Checked as quorum attribute, or when explicitly listed with do_advisory.