Specifies the type and location of the audit log.
[ TRANSLOG | SYSLOG | FILE ( filename_prefix='path-and-filename'; [ target-parameter [;...] ]) ] target-parameter : target-parameter-name = target-parameter-value[;...] target-parameter-name { | max_size; | num_files; | flush_on_write; | compressed; }
Parameter name | Value |
---|---|
filename_prefix |
A log file name prefix with or without a path. All log files have the extension .etd. If a full path is not specified, then the directory where the database is located is used as the root directory. This parameter is required. |
max_size |
The maximum size of the file in bytes. The default is 0, which means there is no limit on the file size, and the file grows as long as disk space is available. Once the specified size is reached, a new file is started. |
num_files |
The number of files where event tracing information is written. This setting is used only if max_size is set. If all the files reach the maximum specified size, then the database server overwrites the oldest file. |
flush_on_write |
A Boolean value that controls whether disk buffers are flushed for each event that is logged. The default is ON. When this parameter is turned on, the performance of the database server may be reduced if many trace events are being logged. |
compressed |
A Boolean value that controls compression of the log file to conserve disk space. The default is OFF. |
Empty string
PUBLIC role | For current user | For other users | |
---|---|---|---|
Allowed to set permanently? | Yes, with SET ANY SECURITY OPTION | No | No |
Allowed to set temporarily? | Yes, with SET ANY SECURITY OPTION | No | No |
This option specifies where to write auditing events. If the audit_log option is not specified, or if an empty string is specified, then auditing events are logged to the transaction log (TRANSLOG) by default.
To turn off the transaction log while auditing is enabled, audit_log must be set to FILE or SYSLOG. If audit_log is set to the transaction log, then the transaction log cannot be turned off (until a file is specified).
If audit_log is set to SYSLOG, then events are logged to your operating system's event tracing log. The event tracing log differs between Windows and Unix:
Duplicate target names are not allowed. If FILE, TRANSLOG, or SYSLOG is specified twice, then an error is returned.
When disk sandboxing is enabled, any file referenced in the audit_log option must be in an accessible location.
If the value of audit_log is invalid, or if any audit log target cannot be started, then an error is returned and the previous value of audit_log is restored. If the previous value cannot be restored, then the audit_log option defaults to the transaction log, and a message appears in the database server messages window. However, the previous value of the audit_log option is maintained.
If an attempt to log in to the file fails, then audit events may be missing from a FILE target. If a logging failure occurs, then a message appears in the database server messages window to indicate the earliest occurrence of a failure.
For the audit_log option to work, set the auditing option to On, and also specify which types of information you want to audit by using the sa_enable_auditing_type system procedure.
If a FILE target is specified, then the database uses an internal trace event session named audit to log auditing events to the specified file. The internal trace event session cannot be modified by the user. The trace event session used for auditing differs from user trace event sessions in the following ways:
The following statement sets the audit log to the database's transaction log.
SET OPTION PUBLIC.audit_log = 'TRANSLOG'
The following statement sets the audit log to a file target.
SET OPTION PUBLIC.audit_log = 'FILE(filename_prefix=c:\audit)'