Home | Previous Page | Next Page   Utility Syntax >

The onshowaudit Utility

The onshowaudit utility lets you extract information from an audit trail. You can direct this utility to extract information for a particular user or database server or both. This information enables you to isolate a particular subset of data from a potentially large audit trail.

The records are formatted for output. By default, onshowaudit displays the extracted information on the screen. You can redirect the formatted output to a file or pipe and can specify that onshowaudit reformat the output so you can load it into an Informix database table.

The onshowaudit utility extracts data from an audit trail but does not process the records or delete them from the audit trail. Access the audit trail only with the onshowaudit utility, which has its own protection:

UNIX Only

The UNIX command-line syntax for onshowaudit follows. 

Read syntax diagramSkip visual syntax diagram>>-onshowaudit--+-----+--+-----------+--+---------------+--+--------------------------+--+-----+-><
                +- -I-+  '- -f--path-'  '- -u--username-'  +- -s--servername----------+  '- -I-'
                '- -O-'                                    |  (1)                     |
                                                           '-------- -c--coservername-'

Notes:
  1. Extended Parallel Server
End of UNIX Only
Windows Only

The Windows command-line syntax for onshowaudit follows 

Read syntax diagramSkip visual syntax diagram>>-onshowaudit--+-----------+--+------+--+--------------------------------+--+---------------+-><
                '- -f--path-'  +- -ts-+  +- -u--username-- -s--servername-+  '- -I--loadfile-'
                               '- -tf-'  '- -d----------------------------'
End of Windows Only

Important:
If you include the -l option in your onshowaudit command, you must remove the six header lines that appear in the output file before you use that file as input for dbload or for an external file.

The following table identifies the syntax terms that can appear in an onshowaudit command line.

Any command-line options that you specify determine which part of the audit trail the onshowaudit utility uses.

Element Purpose Key Considerations
-d On Windows, assumes the default values for the user (current user) and the database server (INFORMIXSERVER) None
-f path Specifies a specific audit trail to examine, only for database server-managed auditing If this option is omitted, or if path is only a filename, see the notes that immediately follow this table.
-I On UNIX, uses the Informix database server audit trail None
-l

-l loadfile		 Directs onshowaudit to extract information with delimiters so that it can be redirected to a file or pipe and loaded into a database table or other application that accepts delimited data For information on the file format, see Audit Analysis. For information on the dbload utility, see the IBM Informix: Migration Guide. For information on loading data with external tables, see your IBM Informix: Administrator's Reference.
-O On UNIX, uses the operating-system audit trail None
-tf On Windows, shows only failure audit records None
-ts On Windows, shows only success audit records None
-s servername Specifies the database server about which to extract audit information None
-c coserverid Specifies the coserver number for which to extract audit information If omitted, information for all coservers is extracted (IBM Informix Extended Parallel Server Only)
-u username Specifies the login name of a user about which to extract audit information None

If -f is omitted, onshowaudit searches for audit files in the ADTPATH directory (set with the onaudit utility or in the ADTCFG file). The onshowaudit utility extracts data from all the audit files it finds that are in sequence, starting with the lowest integer.

The -f path option specifies the directory and filename of the audit files. The audit directory and filename must conform to minimum security levels. The directory should be owned by user informix, belong to that AAO group, and should not allow public access (0770 permission). The files should have comparable permissions (0660 permission). The files should not be symbolic links to other locations. The directory, however, can be a symbolic link. If the audit directory and files are not secure, onshowaudit returns an error message and does not display the audit results.

If an incomplete pathname (nothing but a filename) is specified, the onshowaudit utility searches the ADTPATH directory for that file and extracts audit data from it.

If a complete pathname is specified, the onshowaudit utility extracts audit data from the named file.

For information on the auditing configuration parameters in the ADTCFG file, see Appendix B. The ADTCFG File.

The database server does not audit the execution of the onshowaudit utility.

Warning:
Version 7.2 and later versions of the onshowaudit utility can parse and process the new and updated record structures for fragmented tables and indexes, which can span multiple partitions. If you use Version 7.2 or a later version of onshowaudit to analyze records that a database server prior to Version 7.0 created, you might receive inaccurate results. Version 7.2 and later versions of onshowaudit expect to find an additional field for fragmentation (partno) in certain audit records, but this field is absent in audit records prior to Version 7.0.
UNIX Only

When you use operating-system-managed auditing on UNIX, onshowaudit calls operating-system utilities to extract from the operating-system audit trail audit records that the Informix DBMS generates.

Important:
It is recommended that the OSA always enable auditing for utilities that extract audit events from the operating-system audit trail.
End of UNIX Only
Home | [ Top of Page | Previous Page | Next Page | Contents | Index ]