|
The database administrator can turn on auditing to add security-related information to the transaction log.
Auditing is off by default. To enable auditing on a database, the DBA must set the value of the auditing public option to On. Auditing then remains enabled until explicitly disabled, by setting the value of the auditing option to OFF. You must have DBA permissions to set this option.
Connect to your database as the DBA.
Execute the following statement:
SET OPTION PUBLIC.auditing = 'On';
Once you have enabled auditing for a database, you can set the temporary conn_auditing database option in the database login procedure to enable connection-specific auditing. You can enable auditing based on information such as the IP address of the client computer or the type of connection.
If you do not set the conn_auditing option in the login procedure, the option is on by default.
The following example shows an excerpt from a login procedure that enables auditing for all connections to the database, except those made by the DBA user:
DECLARE usr VARCHAR(128) SELECT CONNECTION_PROPERTY( 'Userid' ) INTO usr; IF usr != 'DBA' THEN SET TEMPORARY OPTION conn_auditing='On' ELSE SET TEMPORARY OPTION conn_auditing='Off' END IF;
For more information, see login_procedure option [database], and conn_auditing option [database].