Configuring Auditing

You can set up iBase to log each time that a user modifies or accesses a record and to log virtually all user actions with or without user-supplied reasons for performing the actions.

What is recorded?

iBase starts auditing at the lowest possible level of detail when you create a database. You cannot stop this level of auditing but you can choose to start at a higher level, and to modify all auditing options for existing databases.

Attention: The option to record user accesses to records, without change of data, creates large volumes of log data so it is available only with iBase SQL Server databases. Use this option only when strictly required. Your SQL Server administrator can configure the disks to improve performance in this area; for details, see Server machines.

Independently of the audit level of the database (SQL Server format only), you can audit changes to data. The iBase field types that you can audit depend on the SQL Server version.

Where is it recorded?

There are separate audit logs for security files and databases.

Security file logs track the opening of databases, failed logon attempts, and a range of administrative actions such as creating templates, and managing users and groups. They do not record logons and logoffs.

Database logs track the opening and closing of databases, historical data (if logged), and all the requested actions within databases. Actions are recorded regardless of origin: users can request database actions from iBase Designer, iBase, Analyst's Notebook, or third-party mapping applications.

The physical form and location of logs is different for security files, Access databases, and SQL Server databases. The audit viewer handles these differences and can produce archive files in a standard form.

Viewing audit logs

To use the Audit Viewer, a user needs to be a system administrator, a database administrator or an audit administrator.

The Audit Viewer, if installed, is available from the Windows start menu, under, for example, i2 iBase > iBase Audit Viewer. It allows you to view and manage audit logs for databases and security files. You can open multiple windows to inspect logs for several databases provided that those databases are managed through the same security file.

Audit Viewer does not display all the entries in the audit log:

  • Some users generate restricted audit log entries and you need the Audit Administrator role to view these

  • Some audit log entries are hidden if SC codes are used - you can only view the entries for records relating to your security classification

The level of detail in the audit log is determined by the audit level set for the database.

Audit log databases

If you are using iBase and an Access database, the database log is held in the .idl file stored in the same folder as the database file.

In an SQL Server installation of iBase, an audit log database is created alongside the main SQL Server database. The name of the database is the same as the main database name with the suffix _log. For instance, the database User_Guide has an audit log database User_Guide_log.

Your SQL Server administrator must ensure that iBase users can access this audit log database. If a user has no access to the audit log database, iBase attempts to create a new one and fails with a message that says it could not do so successfully

Note: For information on backing up audit log databases, see Database upgrades.