Try OpenEdge Now
skip to main content
Database Administration
Protecting Your Data : Transparent Data Encryption : Running with Transparent Data Encryption enabled : Auditing Transparent Data Encryption
 
Auditing Transparent Data Encryption
To increase the security of your encrypted data, the auditing capabilities of OpenEdge are expanded to record events related to Transparent Data Encryption. The complete set of auditing policies related to Transparent Data Encryption are added to the policies.xml file. There is also a single, incremental audit policy in the file, policies_dbenc.xml, that can be imported into an existing auditing configuration. For more information on auditing, see OpenEdge Getting Started: Core Business Services - Security and Auditing.
The table below lists the audit events related to Transparent Data Encryption.
Table 41. Auditing events for Transparent Data Encryption
Event ID
Event Name
Detects
Operation
11000
_sys.db.enc.enable
Enable encryption
PROUTIL ENABLEENCRYPTION
11001
_sys.db.enc.disable
Disable encryption
PROUTIL DISABLEENCRYPTION
11100
_sys.ks.create
Create a new OpenEdge key store
PROUTIL ENABLEENCRYPTION; PROUTIL EPOLICY MANAGE key store reconstruct
11101
_sys.ks.delete
Delete an existing OpenEdge key store
PROUTIL DISABLEENCRYPTION
11102
_sys.ks.open.pass
Successfully opened an OpenEdge key store
PROUTIL EPOLICY MANAGE;internal ABL and SQL commands
11103
_sys.ks.rekey
Changed OpenEdge key store's encryption key
Not in use for this release
11104
_sys.ks.setcipher
Changed OpenEdge key store encryption cipher
Not in use for this release
11105
_sys.ks.setadmin.pwd
Changed OpenEdge key store's admin passphrase
PROUTIL EPOLICY MANAGE key store adminphrase …
11106
_sys.ks.setuser.pwd
Changed OpenEdge key store's user passphrase
PROUTIL EPOLICY MANAGE key store userphrase …
11107
_sys.ks.ke.create.pass
Successfully created new encryption key entry
PROUTIL ENABLEENCRYPTION; PROUTIL EPOLICY MANAGE key store reconstruct
_sys.ks.ke.update.pass
Successfully changed a key entry's owner, passphrase or state
PROUTIL DISABLEENCRYPTION
11109
_sys.ks.ke.delete.pass
Successfully deleted a key entry
Not in use for this release
11110
_sys.ks.ke.read.pass
Successfully returned a clear-text encryption key
_mprosrv; database utilities; ABL single-user database connection
11111
_sys.ks.open.fail
Failed when attempting to open a OpenEdge key store
_mprosrv; database utilities; ABL single-user database connection
11112
_sys.ks.ke.create.fail
Failed when attempting to create a new key entry
PROUTIL ENABLEENCRYPTION
11113
_sys.ks.ke.update.fail
Failed when attempting to change a key entry's owner, passphrase, or state
PROUTIL DISABLEENCRYPTION
11114
_sys.ks.ke.delete.fail
Failed when attempting to delete a key entry
Not in use for this release
11200
_sys.as.create.pass
Successfully created new autostart credentials (for key store access)
PROUTIL ENABLEENCRYPTION
11201
_sys.as.delete.pass
Successfully deleted existing autostart credentials (for key store access)
PROUTIL DISABLEENCRYPTION
11202
_sys.as.open.pass
Successfully opened autostart credentials and accessed the key store
_mprosrv; database utilities; ABL single-user database connection
11203
_sys.as.recover.pass
Successfully forced new autostart credentials and OpenEdge key store passphrase credentials after lockout condition entered
PROUTIL EPOLICY MANAGE key store reconstruct
11204
_sys.as.update.pass
Successfully updated autostart credentials (for key store access)
PROUTIL EPOLICY MANAGE KEYSTORE [autostart | userphrase | rebind];PROUTIL EPOLICY MANAGE AUTOSTART
11205
_sys.as.open.fail
Successfully opened autostart credentials but failed to access the key store
_mprosrv; database utilities; ABL single-user database connection
11206
_sys.as.update.fail
Failure found when updating autostart credentials
PROUTIL EPOLICY MANAGE KEYSTORE [autostart | userphrase | rebind]PROUTIL EPOLICY MANAGE AUTOSTART
11207
_sys.as.recover.fail
Failed to forced new autostart credentials and OpenEdge key store passphrase credentials after lockout condition entered
PROUTIL EPOLICY MANAGE key store reconstruct
11300
_sys.enc.scan
Started a scan of an encrypted object to determine the # of blocks related to each object security policy
PROUTIL EPOLICY SCAN
11301
_sys.enc.update
Started an update of an encrypted object to re-encrypt previous policy encrypted block with the current policy
PROUTIL EPOLICY UPDATE
11400
_sys.db.dbpolicy.create
Create a new version of a database master key's security policy
PROUTIL ENABLEENCRYPTION
11401
_sys.db.dbpolicy.update
Updated an existing database master key's security policy's information
Not in use for this release
11402
_sys.db.dbpolicy.delete
Deleted an existing database master key's security policy [version]
PROUTIL DISABLEENCRYPTION
11500
_sys.db.objpolicy.create
Create a new version of a database object's security policy
PROUTIL EPOLICY MANAGE;internal ABL and SQL commands
11501
_sys.db.objpolicy.update
Update an existing database object security policy's state
PROUTIL EPOLICY MANAGE;internal ABL and SQL commands
11502
_sys.db.objpolicy.delete
Delete an existing [version] of a database object's encryption policy
Dictionary: delete table/index SQL: DROP table/index … proutil: TBD
11600
_sys.db.pwdpolicy.create
Create a new version of a database passphrase rules policy
PROUTIL ENABLEENCRYPTION
11601
_sys.db.pwdpolicy.update
Update an existing [version] of a database passphrase rules policy
Not in use for this release
11602
_sys.db.pwdpolicy.delete
Delete an existing [version] of a database passphrase rules policy
PROUTIL DISABLEENCRYPTION
Data Admin provides three reports to track audited activities related to transparent data encryption. The reports are as follows:
*Track Encryption Policy Changes Report — Reports any events related to encryption policy maintenance. Events with IDs 11400-11402, 11500-11502, and 11600-11602 are tracked by this report.
*Track Key-store Changes Report — Reports any events related to the key store and autostart. Events with IDs 11100-11114 and 11200-11207 are tracked by this report.
*Database Encryption Administration (Utilities) Report — Reports events such as enabling and disabling encryption for your database, and scan and update utilities. Events with IDs 11000, 11001, 11300, and 11301 are tracked by this report.