Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Audit records and RDB

Audit records and RDB

Hi!

One can have secondary destinations for security event messages. Not only retaining them in the Security.audit$journal file(s) (primary destination).

My secondary destination resides on another node and I created the file by doing a $ Set Audit/archive=All -
/Destin=OtherNode::Disk1:[audit_dir]audit.file on the primary node.

The file on the secondary destination is created and filled with the General audit records I expect and also with the RDB audit records I have set up to to be captured and saved.

My problem is that I can only read the RDB audit records on my primary destination node not on my secondary destination node. (BTW I read the RDB records via an RDB database as stated in the manual)

Have anybody had to deal with the same problem?

regards
Johan Eklund
4 REPLIES
Karl Rohwedder
Honored Contributor

Re: Audit records and RDB

JOhan,

never tried that, but are there any error messages when loading the audit data into the database (it should log how many records had been loaded)? In metalink is an article describing how to do it. Perhaps a call to Oracle is nec.

regards Kalle

Re: Audit records and RDB

Hi Karl,

No, there are no error messages. RDB just tells me that it has read x records but that none where written.

And Yeah, I guess I'll have to check with Oracle as well. I started off here as one often gets better answers with such a cross-product problem as I have.

/Johan
Karl Rohwedder
Honored Contributor

Re: Audit records and RDB

I did a little test here and it looks as if the RDB audit events are not propagated to the audit-archive (nn records read, 0 stored).

regards Kalle

Re: Audit records and RDB

If you "take" the archive-file back to its originating node you'll get the records.

/Johan