Installing auditing

To configure Adaptive Server for auditing:

  1. Log in to your machine using your Sybase System Administrator (“sa”) user account.

  2. Start auditinit at the UNIX prompt:

    $SYBASE/$SYBASE_ASE/install/auditinit
    

    auditinit displays the following menu:

    AUDITINIT
    1. Release directory:  /usr/u/sybase 
    2. Configure a Server product
    
  3. Select Configure a Server Product.

  4. Select Adaptive Server.

  5. Select Configure an Existing Sybase Server.

  6. Select the server to configure.

  7. Provide the SA Password for the server you selected.

  8. From the Sybase Server Configuration screen, select Configure Auditing.

    As you proceed through the menus in auditinit, you can change any default values that appear. As you finish each menu, press Ctrl+A to accept the defaults or changed values and move to the next menu.

    CONFIGURE AUDITING 
    1. Configure auditing:  no 
    2. Add a device for audit table(s) 
    3. Add a device for the audit database transaction log 
    4. Delete a device entry 
    5. Change a device entry 
    
    List of devices for the audit tables: 
    Logical name    Physical name    Segment name    Table name    Size 
    
    Device for the audit datbase transaction log: 
    Logical name    Physical name    Segment name    Table name    Size 
    
    
  9. From the Configure Auditing screen, select Configure Auditing.

    auditinit redisplays the Configure Auditing menu with the value “yes” displayed for Configure Auditing.

Creating a device for an audit table

To create a device for an audit table:

  1. From the Configure Auditing screen, select Add a Device for Audit Table(s).

    auditinit displays the following menu:

    ADD/CHANGE A NEW DEVICE FOR AUDITING 
    1. sybsecurity physical device name: 
    2. Logical name of the device: 
    3. Size of the device (Meg): 
    4. Device size for auditing: 
    
  2. Select Sybsecurity Physical Device Name.

  3. Enter the full path of the physical device (raw partition) that you located in “Pre-installation tasks for auditing devices”.

    Enter the physical name of the device to use for the audit database (default is " "): 
    
    /dev/path_to_partition
    

    where path_to_partition is the path to the raw partition for the device.

    If you specify an operating system file, the following warning appears:

    WARNING: '/secret1/sybase_dr/install/aud1.dat' is a regular file which is not recommended for a Server device.
    
  4. Press Return to acknowledge the warning.

    auditinit redisplays the Add/Change a New Device for Auditing menu, which displays the physical name of the device:

    ADD/CHANGE A NEW DEVICE FOR AUDITING 
    1. sybsecurity physical device name:  /secret1/sybase_dr/install/aud1.dat 
    2. Logical name of the device: 
    3. Size of the device: 
    4. Device size for auditing:
    
  5. Proceed through the remaining items on this menu.

    NoteThe Size of the Device value must be equal to or greater than the Device Size for Auditing value. The Device Size for Auditing must be equal to the device size. If you are following Sybase auditing guidelines, you do not need to change the value displayed in Device Size for Auditing.

  6. Press Ctrl+A to accept the settings. auditinit returns to the Configure Auditing menu and displays the device you have created.

    CONFIGURE AUDITING 
     1.  Configure auditing:  yes
     2.  Add a device for audit table(s)
     3.  Add a device for the audit database transaction log 
     4.  Delete a device entry 
     5.  Change a device entry 
    
    List of devices for the audit tables:
    Logical name   Physical name    Segment name         Table name    Size
    
    
    6.Audit_01' secret1/sybase_dr/install/aud1.dat’ sysaudits_01 5
    
  7. To add multiple audit devices, repeat steps 1– 6.

    You can add as many as eight devices. Sybase recommends adding three or more audit table devices.

    After adding a device, auditinit returns to the Configure Auditing menu and displays all the devices you have created.

    CONFIGURE AUDITING 
    1. Configure auditing:  yes 
    2. Add a device for audit table(s) 
    3. Add a device for the audit database transaction log 
    4. Delete a device entry 
    5. Change a device entry 
    
    List of devices for the audit tables: 
    Logical name    Physical name    Segment name         Table name     Size
    
    6. Audit_01'   /secret1/sybase_dr/install/aud1.dat’ sysaudits_01   5 
    7. Audit_02'   /secret1/sybase_dr/install/aud2.dat' sysaudits_02   5
    
    

Creating a device for the audit database transaction log

To create a device for the audit database transaction log:

  1. From the Configure Auditing menu, select Add a Device for the Audit Database Transaction Log.

    auditinit displays the Add/Change a New Device for Auditing menu.

    ADD/CHANGE A NEW DEVICE FOR AUDITING 
    1.  sybsecurity physical device name:  
    2.  Logical name of the device: 
    3.  Size of the new device (Meg): 
    4.  Device size for auditing:
    
  2. Select Sybsecurity Physical Device Name.

    auditinit prompts for the physical name and supplies you with a default, if available:

    Enter the physical name of the device to use for the sybsecurity database (default is''): 
     /dev/path_to_partition
    

    where path_to_partition is the path to the raw partition for the device.

  3. Enter the full path name of a physical device.

    If you enter an operating system file name, the following warning appears:

    WARNING: '/secret1/sybase_dr/install/audlog' is a regular file, which is not recommended for a Server device. 
    
  4. Press Return to acknowledge this warning.

    auditinit displays the Add/Change a New Device for Auditing menu and the value you selected for the physical name of the device.

    ADD/CHANGE A NEW DEVICE FOR AUDITING 
    1.sybsecurity physical device name: 
          /secret1/sybase_dr/install/auditlog.dat
    2.Logical name of the device: 
    3.Size of the device: 
    4.Device size for auditing:
    
  5. Proceed through the remaining items on this menu. As you do so, be aware of the following:

  6. Press Ctrl+A to accept the settings displayed in the Add/Change a New Device for Auditing menu.

    auditinit returns to the Configure Auditing menu and displays all the devices you have created.

    CONFIGURE AUDITING 
    1. Configure auditing:  yes 
    2. Add a device for audit table(s) 
    3. Add a device for the audit database transaction log 
    4. Delete a device entry 
    5. Change a device entry 
    
    List of devices for the audit tables: 
    Logical name    Physical name    Segment name         Table
    name     Size 
    
    
    6. Audit_01'   /secret1/sybase_  dr/install/aud1.dat’ sysaudits_01   5 
    7. Audit_02'   /secret1/sybase_  dr/install/aud2.dat' sysaudits_02   5 
    8. auditlog    /secret1/.../auditlog.dat logsegment   syslogs        2
    
    
  7. When you are ready to execute the audit configuration, press Ctrl+A. auditinit returns you to the Sybase Server Configuration screen.

  8. Press Ctrl+A again. auditinit prompts with:

    Execute the Sybase Server Configuration now?
    
  9. Enter “y” (yes).

    auditinit executes the tasks to install auditing. When the installation completes successfully, the following messages are displayed:

    Running task: install auditing capabilities.
    ....................Done
    Auditing capability installed.
    Task succeeded: install auditing capabilities.
    Configuration completed successfully.
    Press <return> to continue.
    

Enabling auditing

After auditing is installed, no auditing occurs until a System Security Officer enables auditing with sp_configure. For more information, see the System Administration Guide.

Deleting a device entry

To delete a device entry:

  1. Select Delete a Device Entry from the Configure Auditing menu.

  2. Enter the number of the device to delete.

  3. Press return.

Changing a device entry

To change a device entry:

  1. Select Change a Device Entry from the Configure Auditing menu.

  2. Enter the number of the device to change.

    auditinit displays the Add/Change a New Device for Auditing menu with information on the device you selected:

    ADD/CHANGE A NEW DEVICE FOR AUDITING 
    1. sybsecurity physical device name:
          /secret1/sybase_dr/install/audlog
    2. Logical name of the device: aud.log 
    3. size of the new device (Meg): 5
    4. Device size for auditing:5
    
  3. Select each remaining entry you want to change.

  4. Press Ctrl+A to save the new entries.