When you turn on auditing, the database server generates audit records for every event that the auditing instructions specify, as Figure 3 shows. For UNIX, specify whether the operating system or the database server manages the audit records. For details, see Types of Auditing.
If you use database server-managed auditing, the database server stores the audit records in a file called an audit file, as Figure 3 shows. The collection of audit records makes up the audit trail. (The audit trail might consist of more than one audit file.) When operating-system-managed auditing is used on UNIX, the records are stored in an operating-system audit trail.
An audit administrator needs to specify and maintain the audit configuration, which includes the following information:
Audit files for Extended Parallel Server are stored locally on each coserver in the directory specified by the ADPATH parameter in the ADTCFG file or by the onaudit -p command.
These topics are explained in Audit Configuration.
The database server generates audit records and writes them to the audit file or to an event log regardless of whether the client user that performs the audited action is local or remote. The database server includes both the user login and database server name in every audit record to help pinpoint a specific initiator and action.
In high-availability data replication (HDR), only the primary database server performs secure auditing and produces an audit trail. The onaudit utility runs on the secondary database server but does not audit any of the audit events.