Installing auditing with installsecurity  Setting up audit trail management

Chapter 18: Auditing

Moving the auditing database to multiple devices

Place the sybsecurity database on its own device, separate from the master database. If you have more than one audit table, place each table on its own device. It can also be helpful to put each table on a separate segment which points to a separate device. If you currently have sybsecurity on the same device as master, or if you want to move sybsecurity to another device, use one of the procedures described in the following sections. When you move the database, you can specify whether to save your existing global audit settings.


Moving sybsecurity without saving global audit settings

To move the sybsecurity database without saving the global audit settings:

  1. Execute the following to remove any information related to logins from the syslogins system table:

    sp_audit "all","all","all","off" 
    
  2. Drop the sybsecurity database.

  3. Install sybsecurity again using the installation procedure described in either:

  4. During the installation process, place the sybsecurity database on one or more devices, separate from the master device.


Moving sybsecurity and saving global audit settings

StepsTo move the sybsecurity database and save the global audit settings

  1. Dump the sybsecurity database:

    dump database sybsecurity to "/remote/sec_file"
    
  2. Drop the sybsecurity database:

    drop database sybsecurity
    
  3. Initialize the first device on which you want to place the sybsecurity database:

    disk init name = "auditdev", 
        physname = "/dev/dsk/c2d0s4", 
        size = "10M"
    
  4. Initialize the device where you want to place the security log:

    disk init name = "auditlogdev", 
        physname = "/dev/dsk/c2d0s5",
        size = "2M"
    
  5. Create the new sybsecurity database:

    create database sybsecurity on auditdev
        log on auditlogdev
    
  6. Load the contents of the old sybsecurity database into the new database. The global audit settings are preserved:

    load database sybsecurity from "/remote/sec_file"
    
  7. Run online database, which upgrades sysaudits and sysauditoptions if necessary:

    online database sybsecurity
    
  8. Load the auditing system procedures using the configuration documentation for your platform.

StepsCreating more than one sysaudits table in sybsecurity

  1. Initialize the device where you want to place the additional table:

    disk init name = "auditdev2", 
        physname = "/dev/dsk/c2d0s6", 
        size = "10M"
    
  2. Extend the sybsecurity database to the device you initialized in step 1:

    alter database sybsecurity on auditdev2 = "2M"
    
  3. Run sp_addaudittable to create the next sysaudits table on the device you initialized in step 1:

    sp_addaudittable auditdev2
    
  4. Repeat steps 1 – 3 for each sysaudits table.





Copyright © 2005. Sybase Inc. All rights reserved. Setting up audit trail management

View this book as PDF