Creating a record of actions for your database
You can set up iBase to log virtually all user actions with or without user-supplied reasons the actions. Different auditing levels can be set depending on the requirements of your environment.
What is recorded?
Where is it recorded?
Separate audit logs are created for security files and databases.
Security file logs track the opening of databases, failed logon attempts, and a range of administrative actions such as creating templates, and managing users and groups.
Database logs track the opening and closing of databases, historical data (if logged), and all the requested actions within databases. Actions are recorded regardless of origin: users can request database actions from iBase Designer, iBase, Analyst’s Notebook, or third-party mapping applications.
The physical form and location of logs is different for security files, Access databases, and SQL Server databases. The audit viewer handles these differences and can produce archive files in a standard form.
Viewing audit logs
To use the Audit Viewer, a user needs to be a system administrator, a database administrator, or an audit administrator.
The Audit Viewer, if installed, is available from the IBM i2 iBase section of the Windows start menu. You can view and manage audit logs for databases and security files. You can open multiple windows to inspect logs for several databases if those databases are managed through the same security file.
- Some users generate restricted audit log entries that you need the Audit Administrator role to view.
- Some audit log entries are hidden if SC codes are used (you can only view the entries for records that match your security classification).
Audit log databases
If you are using iBase and an Access database, the database log is held in the .idl file that is stored in the same folder as the database file.
In an SQL Server installation of iBase, an audit log database is created alongside the main SQL Server database. The name of the database is the same as the main database name with the suffix _log. For instance, the database User_Guide has an audit log database User_Guide_log.
Your SQL Server administrator must ensure that iBase users can access this audit log database. For more information, see Access control.
For information on backing up audit log databases, see Archiving audit logs.