ALTER SECURITY_AUDIT
Valid in: SQL, ESQL, OpenAPI, ODBC, JDBC, .NET
The ALTER SECURITY_AUDIT statement allows the current security audit log to be switched and for security auditing to be suspended or resumed in the current installation. This statement takes effect immediately and cannot be issued within a multi-statement transaction. It is available in dynamic SQL.
Syntax
The ALTER SECURITY_AUDIT statement has the following format:
[EXEC SQL] ALTER SECURITY_AUDIT [SUSPEND|RESUME|RESTART|STOP] [WITH AUDIT_LOG = 'audit_filename']
ALTER SECURITY_AUDIT SUSPEND|RESUME
Allows auditing to be suspended and later resumed. This allows maintenance on security audit logs to take place as required. When auditing is suspended any sessions that attempt to generate security audit records are stalled until auditing is resumed. Auditing is suspended immediately after the audit record logging the ALTER SECURITY_AUDIT statement is written.
Auditing can only be suspended when it is active, and resumed when it is suspended.
On installation restart, auditing is resumed automatically.
To allow the audit system to be resumed, users with maintain_audit privilege can continue to access Vector even when auditing is suspended. In this case any audit events generated are written to the audit log.
ALTER SECURITY_AUDIT RESTART
Restarts auditing.
ALTER SECURITY_AUDIT STOP
Stops auditing on request. This statement cannot be used to start security logging for servers that were not started with logging enabled. Auditing can only be stopped when it is active, and restarted when it is stopped.
Security auditing can be stopped, either by issuing an ALTER SECURITY_AUDIT STOP statement, or as the result of an audit system condition such as logfull or on-error.
ALTER SECURITY_AUDIT WITH AUDIT_LOG = 'audit_filename'
Sets the current installation security log. The security audit log can be changed whenever auditing is active (that is, when it is not stopped or suspended), or when restarting or resuming auditing. The audit log file specified must actually exist in the Vector audit configuration.
Permissions
You must have MAINTAIN_AUDIT privilege and be connected to the iidbdb database.
Related Statements
ALTER SECURITY_AUDIT Examples
The following examples allow the current security audit log to be switched and for security auditing to be suspended or resumed in the current installation:
1. Restart security auditing after it has been suspended.
ALTER SECURITY_AUDIT RESUME;
2. Restart auditing, switching to a new audit log.
ALTER SECURITY_AUDIT RESTART
WITH AUDIT_LOG = /install/ingres/files/audit.3
3. Cause Vector to log events to the auditlog.7 file.
ALTER SECURITY_AUDIT
WITH AUDIT_LOG = '/auditdisk/auditlog.7';