Archive Audit Logs

kasundha

kasundha

Member
OE 12.8
_user table used to control user access.

archival access granted to the archiving user.

I archived audit logs from live db to archival db using following commands,

Archive audit logs from Live DB.
Proutil <db name> -C auditarchive “07/21/2024 23:59:59.999+05:30” -checkseal -nodelete -directory /auditarchive/dumpauditarchive -U <userid> -P “password”

Load archived audit logs to archival db.

Proutil <archival db name> -C auditload /auditarchive/dumpauditarchive -checkseal -U <userid-P “password”

=================

Only users' login and logout data are archived. DB schema changes were not archived... any comment..?
 
kasundha said:
Only users' login and logout data are archived. DB schema changes were not archived
Click to expand...
You seem to be suggesting that there is data in the source database audit tables that should have been archived that is not in the audit archive database. Is that the problem?

kasundha said:
Proutil <db name> -C auditarchive “07/21/2024 23:59:59.999+05:30” -checkseal -nodelete -directory /auditarchive/dumpauditarchive -U <userid> -P “password”
Click to expand...
I'm curious why you use -nodelete when you archive. And that date suggests that you do not archive on a regular basis, which makes me wonder about the value of the audit archive database. Or am I reading too much into this command line?

Also, using -U/-P in an automated process risks exposing the audit archiver password. It could be an OS user, so you wouldn't have to authenticate on the command line.
 
Rob Fitzpatrick said:
You seem to be suggesting that there is data in the source database audit tables that should have been archived that is not in the audit archive database. Is that the problem?


I'm curious why you use -nodelete when you archive. And that date suggests that you do not archive on a regular basis, which makes me wonder about the value of the audit archive database. Or am I reading too much into this command line?

Also, using -U/-P in an automated process risks exposing the audit archiver password. It could be an OS user, so you wouldn't have to authenticate on the command line.
Click to expand...
For the first time, I'm going to archive audit logs, for testing purposes, doing it now. That's why I included the -nodelete option here.

This is one of the DB user accounts, and I'm using this only for archiving. Is there any mechanism to run this command without providing credentials?
 
kasundha said:
This is one of the DB user accounts, and I'm using this only for archiving. Is there any mechanism to run this command without providing credentials?
Click to expand...
Yes, the user granted the Audit Data Archiver permission can be an OS user. It is important to protect all credentials, but especially for this account as it has the power to destroy your audit trail.

The docs say you can't do this if you use _User:
-userid username
Specifies the user name of the privileged user. If you are using the _User table, username must be defined there, and you must include the -userid parameter to identify the user. If you are not using the _User table, use of -userid is optional; in this scenario, username specifies a local operating system login ID. Regardless of the source, username must have the Audit Data Archiver privilege in order to run AUDITARCHIVE.
Click to expand...
https://docs.progress.com/bundle/openedge-database-management-128/page/PROUTIL-AUDITARCHIVE-qualifier.html

Aside from being confusing (the parameter is -U, not -userid), the sentence in bold above is not true. You can simply omit -U/-P on the auditarchive command line, if the OS user running the command is defined in the database as having the Audit Data Archiver permission.
 
You must log in or register to reply here.

Similar threads

J
  • Locked
[Progress News] [Progress OpenEdge ABL] What Is LLMO, and Why Does It Matter for AI Search?
Replies
0
Views
48
John Iwuozor
J
Back
Top