Was this helpful?
auditdb Command--Audit a Database
Permission required: DBA or system administrator.
The auditdb command prints selected portions of the journal for a database. It also creates an audit trail of the changes made to particular tables.
Auditdb does not necessarily give you a complete list of all transactions since the last checkpoint. Reasons for this are:
Auditdb does not exclusively lock the database, so other users can complete a transaction while auditdb is running.
In some cases, a completed transaction may not have been moved yet from the log files to the journal files.
If you need an accurate list of transactions since the last checkpoint, make sure all users exit the database before you run auditdb, or use the –wait flag. If you run auditdb with the –wait flag, and a large amount of unarchived information is in the log file, there will be a delay before the request is processed.
The auditdb command has the following format:
auditdb [-a] [-all] [#cn] [-bdd-mmm-yyyy[:hh:mm:ss]] [-edd-mmm-yyyy[:hh:mm:ss]]
[-iusername] [‑aborted_transactions] [-inconsistent] [file[=filename {,filename} [-timestamp]]]
[-table=tablename {,tablename}] [-uusername] [-wait]
[-maxobuf=n] dbname[/server_class] [-help]
-a
Prints journal entries for the system catalogs.
-all
Prints everything in the journal file.
#cn
Prints journal entries for transactions committed starting from an older checkpoint. The checkpoint number n must be a valid checkpoint number (as shown by the infodb command).
If you omit this parameter, auditdb lists transactions starting from the most recent checkpoint.
Linux: In bash shell, you must place this option in quotes; otherwise characters after the # will be treated as a comment. For example:
auditdb empdata "#c1"
-bdd-mmm-yyyy[:hh:mm:ss]
Prints journal entries for transactions committed after the specified date and time. If you specify a date and omit the time, the time defaults to 00:00:00 (midnight).
If you omit this parameter, auditdb lists transactions starting from the date and time of the most recent checkpoint.
-edd-mmm-yyyy[:hh:mm:ss]
Prints journal entries for transactions committed before the specified date and time. If you specify a date and omit the time, the time defaults to 00:00:00 (midnight).
If you omit this parameter, auditdb lists transactions through the current system date and time.
-iusername
Prints journal entries for actions taken by the specified user.
-aborted_transactions
Prints journal entries for aborted transactions.
-inconsistent
Lets you view journals that the database has marked as inconsistent. The audit will still fail if core catalogs are inconsistent.
-file[=filename {,filename}]
Specifies that audit output is to go to one or more files. To use this option, you must specify the –table option.
If a file list is specified, the number of files must match the number of tables. The audit output of the first tablename goes to the first filename, and so on. No spaces are allowed in the file list.
If the –file flag is present without a list of file names, auditdb creates default file names of the form “tablename.trl” (the file extension is an abbreviation of “trail”).
If a list of tables is specified without a list of files, output is presented to the standard output device.
This flag is not valid for system catalogs (-a flag).
The output files produced are in binary (bulk copy) format and contain rows appended to, deleted from, or copied into the tables specified. You can copy the output files into a table that has been created to have a row for each operation against the specified table. For more information, see the Database Administrator Guide.
-timestamp
Replaces the date field in the output file with a timestamp(2). This flag must be used with the -file flag.
-table=tablename {,tablename}
Specifies a particular table or tables for which journal entries are to be printed. Up to 64 table names (and 64 file names if the –file flag is also used) can be specified on the command line. No spaces are allowed in the table list. If this flag is omitted, all tables in the database are audited.
This flag is not valid for system catalogs (-a flag).
The table name can be qualified with a valid schema name in the format schema.tablename, as described in Schema Qualifier--Specify Ownership.
-uusername
Specifies the user for which journal entries are to be printed, as described in Standard Flags and Parameters.
-wait
Waits until journals are current before starting the audit. Auditing begins after all archiving is completed on the database, or after the archiver has copied all log file information up to the log file end-of-file when the auditdb request was initiated.
If a large amount of unarchived information is in the log file, there will be a delay before the request is processed.
Note:  A short delay (typically a few seconds) occurs after a transaction is committed and before it is visible using auditdb.
-maxobuf=n
Specifies a maximum output buffer size. When auditdb tries to generate audit trail output rows that exceed the default of 8192 bytes, it generates error messages. This option lets you specify a value larger than the default, but a smaller value is valid also. n must be > 0.
dbname
Specifies the database (one database name only), and the server_class, if required, as described in Standard Flags and Parameters.
-help
Displays command options.
Last modified date: 08/14/2024