Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Auditing : Configuring OpenEdge Auditing : Getting started : Enabling an OpenEdge database for auditing
 
Enabling an OpenEdge database for auditing
When enabling a database for auditing, you must specify a Type II database area for the audit tables. Do not place the auditing tables in the schema area. It is best to create a new, separate Type II area exclusively for the auditing data tables and another new, separate Type II area for the audit table indexes, particularly if you anticipate generating large volumes of audit data. Creating the separate areas might provide improved performance.
For example, you might create the following structure file (which you then add by using PROSTRCT ADD):
#
# Add audit areas
#
d "Audit Data Area":13,32;512 . f 512000
d "Audit Data Area":13,32;512 .
#
d "Audit Index Area":14,32;512 . f 512000
d "Audit Index Area":14,32;512 .
You can also choose to deactivate the nonunique auditing indexes. This could provide you with a performance boost. Deactivated indexes can be activated at a later time using PROUTIL IDXBUILD.
For more information about Type II areas, see OpenEdge Getting Started: Database Essentials.
To enable a database for auditing:
1. Create a database structure file (.st) that defines a Type II area for your audit tables and another Type II area for your audit indexes. Be sure to:
a. Give the new structure file a different name from the existing structure file for the database, so the existing one is not overwritten.
b. Assign one of the following values to the blocks Per Cluster token when defining the audit table area and audit index area to create the areas as Type II: 8, 64, or 512.
In the example structure file shown, the blocks Per Cluster token value used is 512 (marked in bold).
2. Add the areas to your database using PROSTRCT ADD. Then use PROSTRCT LIST to generate a new structure file that contains both the original structure and the newly added audit data and audit index areas.
For more information about creating or adding to an existing structure file and using PROSTRCT, see OpenEdge Data Management: Database Administration.
3. Upgrade the clients and the database to the current OpenEdge release (10.1 or later).
4. Enable auditing on the database, as shown:
proutil <database-name> -C enableauditing area <"area-name"> [indexarea "area-name2"] [deactivateidx]
When you do this, the audit tables, which are hidden, are created in the database.
5. Connect to the database as the database administrator.
6. Use Data Administration or the Data Dictionary (character version) to:
a. Set up any internal accounts (_User) necessary to define audit administrators and audit data archivers
b. Set up audit security
c. Create a database pass phrase so you can verify that audit data has not been tampered with
For more information, see the Data Administration Help or OpenEdge Development: Basic Database Tools.
7. Run Audit Policy Maintenance and load and enable the preconfigured OpenEdge database audit policies (if needed). For more information, see the Audit Policy Maintenance Help.
For a description of the preconfigured policies, see Preconfigured Audit Policies.
You can now connect to the database and assign audit-related privileges.