Audit data flow

Components which generate audit log information are on the host. The data flow is as follows:
  1. Host processes send log information to the audit capture process.
  2. The audit capture process stores the log information in buffers, and periodically sends the data to disk.
  3. The disk files are read by a separate audit loader process.
  4. The data is loaded into a database. This database can be on the same or a different Netezza Performance Server system, but if different, both systems must have an identical security configuration of security levels, cohorts, and categories.

Since loading requires that the Netezza Performance Server database to be online and available, loading is separate from the capture function.

Important: If the size of staged audit data exceeds the set limit, the audit capture server cannot write more log data, and returns errors. All new activity that requires audit logging fails until the audit data can be loaded and disk space freed. If audit logging fails, the Netezza Performance Server system goes offline. Excessive loading of auditing information can affect performance.