Querying Audit Records

How to Work with Audit Records

This chapter describes tasks that involve running queries against the audit records. Before undertaking these tasks, be familiar with the AuditMaster interface, as described in Chapter 5: Using AuditMaster Viewer.

This chapter covers the following topics:

n	Displaying Audit Records

n	Working with Archived Audit Records

n	Running Queries

n	Working with Alerts

n	Printing Reports

n	Searching Audit Records

n	Sorting Audit Records

n	Exporting Audit Records to Other Applications

n	Displaying Audit Records under Pervasive PSQL Security

n	Using AuditMaster Undo

Displaying Audit Records

AuditMaster monitors application data records for various changes and operations. As it audits these events, it writes audit records to a log file. To access the new records, they are moved to a view file.

Audit records are displayed by queries. A query can include the current view file, one or more archived files, or both current view and archived files. Before querying the current view file, you first should update it to retrieve any new audit records from the log file.

This section covers the following tasks:

n	To update the current view file

n	To display audit records

‰	To update the current view file

1	In the data tree, right-click the current view file and select Update Current View File, or in the toolbar, select the update current view file icon .

An icon shows that the current view file update is in progress.

2	Right-click the current view file and select Get File Information.

The tree expands to show information like the following:

You may now query for the audit records you want to display.

Note The Update Status step is optional. However, since the time to finish the update depends on the size of the log file, it may be helpful to verify that the update has finished. For large updates, to be sure that all records are ready for query, update status and then check the status log for the “end of current view file update” message.

‰	To display audit records

1	Click the current view file or an archived file in the data tree.

2	Do one of the following:

w	Right-click the file and select Query.

w	Select the File  Query command.

w	In the toolbar, select the new query icon .

The Query Builder window appears.

Figure 7-1 Query Builder

3	Click the Files tab to check the range for the query.

The Files tab shows the files available for audit record query.

Since the current view file has been chosen, its checkbox is selected. Other examples might include other files.

4	Click the Execute button at the bottom of the window.

The result of the query appears in the audit record grid.

Figure 7-2 Sample Audit Record Grid

To change which record columns are visible, see Working with the Audit Record Grid. To view an individual record in detail, see Viewing Audit Record Details.

Working with the Audit Record Grid

Queries display audit data in the audit record grid. Each column in the grid shows information for each audit record, such as its capture date and time, table name, operation, and user name. The following table provides options for working with and customizing the audit record grid display:

 

Option	Steps
Setting visible columns in the audit record grid	• Click the Visible Columns drop-down arrow to open or close the list. • Select or clear checkboxes to show or hide particular columns. • Use the ordering buttons to set column order. See Audit Record Columns for more information about individual columns.
Changing column order in the audit record grid	Drag and drop each column to the desired position.
Searching audit records	See To search audit records
Sorting audit records	See To sort audit records
Exporting audit records	See To export audit records