When PROUTIL -C DISABLEAUDITNG is run against an Audit Enabled database, it is important to consider the following:
- Disabling Auditing does not remove audit data, the action of using PROUTIL -C AUDITARCHIVE command without the –nodelete option, will remove audit data.
- Prior to OpenEdge 11.3 The Audit Storage Areas (eg "Audit Data" and "Audit Indexes") cannot be truncated or removed after audit data is exported or Auditing disabled. This is because audit tables are classified internally by the database as 'Schema' tables just like _file, _field, metaschema. OpenEdge utilities will not allow the truncation of areas holding schema tables nor move schema tables to another area. In effect, the Auditing structure cannot be deleted and truncation of an audit area is not an option in these versions. Auditing may be disabled but the auditing schema will remain unless the database is dumped and loaded.
A new feature introduced in OpenEdge 11.3: "PROUTIL -C AUDITRECONFIG" allows Audit Data Areas to be reconfigured and physical disk space associated with audit trails to be recovered. Apart from being able to purge all data from existing Audit Areas, it can also be used to split or combine index and data areas and set new records per block and blocks per cluster values by moving existing audit data and indexes to new Storage Areas. For further clarification on the AUDITRECONFIG functionality, refer to the documentation: OpenEdge Data Management: Database Administration, Auditing, Reconfiguring Audit Areas - It is not possible to disable auditing on a database that has been enabled for OpenEdge Replication.
Replication needs to be disabled first and then auditing disabled. - To disable auditing against a database, the user must have Audit Administrator privilege.
- Is the intent to disable or merely deactivate Auditing? When Auditing is only deactivated, then the _aud-audit-data and _aud-audit-data-value tables still exist in the Audit Areas. For further clarification on these Audting States, refer to the documentation: OpenEdge Data Management: Database Administration, Auditing, Auditing States
After running PROUTIL -C DISABLEAUDITING, the following messages on successful execution will confirm the difference:
Auditing is disabled when:
Auditing has been disabled for database <dbname>. (12490)
Auditing is deactivated when:
Auditing was not fully disabled because auditing data tables are not empty. (13647)
Auditing has been deactivated, no additional auditing records will be recorded. (13649)
Another way to determine the current “Auditing” status of a database (Since OpenEdge 10.1B) is to run: PROUTIL -C DESCRIBE, the output of which will show under the "Database Features" section:
- If ID 6 Database Auditing shows Active = NO; then Auditing is deactivate
- If ID 6 Database Auditing is completely not there; then Auditing is disabled.
To fully disable Auditing:
- Audit Policies need to be disabled through the Audit Maintenance Utility, so that audit archiving does not create records.
- Audit records need to be removed with PROUTIL -C AUDITARCHIVE to empty the _aud-audit-data and _aud-audit-data-value tables. Not all audit records are deleted by this step if for example, if the audit policies audit the execution of AUDITARCHIVE. These need to first be deleted single user through ABL before disabling auditing.
- Finally, disable auditing with PROUTIL -C DISABLEAUDITING
STEPS:1. Confirm if Auditing is currently : ACTIVE or DEACTIVATED. If Auditing is still
active start with Step 3:
2. To disable auditing on an Audit deactivated database, first re-activate auditing.
$ proutil db-name -C enableauditing area Area-Name [indexarea Index-Area-Name ] [deactivateidx ]
3. Disable all active Audit Policies using the
Audit Policy Maintenance Tool (GUI only). Commit the changes and exit.
Alternative for CHUI,
How to programmatically de-activate and activate Audit Policies?4. Empty Audit Data tables.
Use the audit archiving tool to remove the data from the _aud-audit-data and _aud-audit-data-value tables (do not use the -nodelete parameter, the intent is to remove this data).
$ proutil db-name -C auditarchive [date-range] [-recs num-recs] [-checkseal] [-directory directory-name] [-userid user-id [-password passwd] ] [ -Cipher 6]
If for example, the audit policies audit the execution of AUDITARCHIVE, another method will need to be used to remove all the data from the audit data tables.
For example through the following ABL (single-user)
FOR EACH _aud-audit-data : /* _aud-audit-data-value */
DELETE _aud-audit-data.
END.
Note: Run code for both tables.
5. In order to reclaim the disk space used by the audit area use the following commands to associate the audit tables with a new area:
- Create or use an existing Type II Storage Area to associate the audit tables with:
$ proutil <dbname> -C auditreconfig tablearea "new area"
$ proutil <dbname> -C truncate bi
- Delete the extents on the old area until all extents are deleted. Extents will be removed from the last extent to the first extent in the area.
$ prostrct remove <dbname> d <old area>
6. Disable Auditing:
$ proutil db-name -C disableauditing [-userid username [-password passwd ] ]
Now that the Audit Data tables are empty, auditing has been completely disabled. When auditing is successfully disabled, the following message is displayed:
Auditing has been disabled for database dbname. (12490)
