cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

dbtran and extracting login audit data

Former Member

on ‎04-28-2015 7:19 PM

0 Kudos

Hello, I am trying to set up login auditing on IQ15.2 and 16 servers. I can set it up easily enough, but I am having trouble using dbtran to extract only the login audit information, I keep getting enormous output full of transactions. How do I use dbtran to extract only the login audit data?

Thanks,

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

c_baker
Employee
Employee
‎04-28-2015 9:11 PM
0 Kudos

What about using the -zr server option to log the connects/disconnects to the .iqmsg file or a log file specified by -zo option?

You can then use the sa_get_request_profile and sa_get_request_times and the associated satmp_request_profile and satmp_request_time tables to analyze the requests.

Chris

Show replies
Show replies
saroj_bagai
Contributor
‎04-28-2015 8:32 PM
0 Kudos

You can't just extract auditing records,  but you can use -d and -g switches with dbtran for auditing records

-d

Specifies that transactions are written in order from earliest to latest. This

feature is intended for auditing database activity: do not apply dbtran output against a database

-g :

Adds auditing information to the transaction log if the auditing database option

is turned on.

SyBooks Online

Thanks

Show replies
Show replies
Former Member
‎04-28-2015 8:58 PM
0 Kudos

Thanks, I have tried this:

dbtran -g -d -c "uid=xxx;pwd=xxx;DSN=MYDB;eng=MYDB;dbn=MYDB" -nMYDB_audit.txt

And I am getting an enormous file which is not very workable. I miss the sybsecurity database I have in ASE.

saroj_bagai
Contributor
‎04-28-2015 9:00 PM
0 Kudos

Are you running against running server,  output will depend on size of your transaction log. you can specify -j to retrict transaction from the last checkpoint

-j
date/time		Translates only transactions from the most recent checkpoint prior to
the given date or time. The user-provided argument can be a date, time, or date
and time, enclosed in quotes. you omit a time, the default is 00:00. If you omit
a date, the current day is the default. The acceptable format for the date and
time is: "YYYY/MMM/DD HH:NN".

Message was edited by: Saroj Bagai

Ask a Question