Audit configuration

You can configure a system for audit logging or query history, but not both. Audit logging provides a superset of the information collected by query history.

Audit configuration is done in the following steps:
  1. Determine the user name of the user on the target system to write the audit. Use a user with no privileges. The nzhistcreatedb command gives the audit-writing user privileges to write to the tables in the audit database, but not to read from them.
  2. If using a remote system as the target system, verify that the security model of the source system matches the target system for level, cohort, and category. A Netezza Performance Server target system can support audit databases that load from several source Netezza Performance Server systems.
  3. Run nzhistcreatedb on the target Netezza Performance Server system.
  4. Define the configuration on the source Netezza Performance Server system.
  5. Set the configuration to be active.
  6. Stop and start the source system by using the nzstop and nzstart commands.
The following information must be specified to configure audit logging:
  • Target database to use for logging.
  • Target database credentials.
  • Maximum disk space to use for buffering audit data.
  • Maximum time between when data is written to the buffer file and when it is loaded into the audit database.

After data is captured, it is signed, even if the data does not get loaded. Signing is done with the history configuration that is current during the capture phase of the operation, not the load phase. For more information, see the CREATE HISTORY CONFIGURATION command in the IBM® Netezza® Database User’s Guide.