
Informix Audit Trail

Introduction
For many businesses using relational databases like IBM Informix that handle sensitive customer data, implementing comprehensive audit trail systems has become a fundamental security requirement. As a result, organizations utilizing these audit capabilities can better meet modern security standards while ensuring compliance for their stored data. So, as organizations track database activities and user interactions, proper audit implementation becomes crucial for accountability.
Furthermore, recent data from Check Point Research highlights the urgency – cyberattacks surged by 30% in Q2 2024 compared to the previous year, marking the highest increase in two years. This therefore underscores the critical importance of implementing robust database audit solutions for Informix and other database systems in order to protect sensitive data and maintain compliance.
This article will help you set up Informix’s native onaudit
tool. It will also show how DataSunrise can improve these audit features with advanced monitoring.
What is the Informix Audit Trail?
The Informix Audit Trail creates detailed logs of database operations, including user access, SQL queries, data modifications, and administrative actions. Powered by the built-in onaudit
tool, this system helps organizations monitor database activity, protect sensitive data, and investigate potential security concerns. The audit facility can be configured to capture varying levels of detail based on organizational needs.
By default, Informix stores logs in binary audit trail files. To analyze these records, administrators can view these logs in a human-readable, pipe-delimited format using the onshowaudit
utility
Event_Type|Timestamp|Username|ProcessID|Database|OSUser|AdditionalInfo
Enabling the Informix Audit Trail with onaudit
To enable the Informix audit trail, you need to configure the onaudit
tool. This tool offers flexibility in the types of events you can audit and how detailed the logging will be. Here’s a step-by-step guide on how to enable the audit trail.
Prerequisites
To begin implementing the audit trail, you'll need:
- A running Informix instance (you can run informix instance in Docker for testing)
- Administrative privileges on your Informix server
- Basic database administration knowledge
Step 1: Enable Informix Audit Trail Recording in onaudit
First, in order to configure auditing in Informix, use the onaudit
utility. Below are the useful commands for starting and configuring audit settings:
Check current audit settings
onaudit -c
Enable auditing for all sessions
onaudit -L 1
Start a new audit log file
onaudit -n
Enable mandatory auditing for DBSSO users
onaudit -S 1
Output current audit configuration
onaudit -c
Full Setup Command:
The following command will enable auditing, start a new log file, and enable mandatory auditing for DBSSO users:
onaudit -n -L 1 -S 1 -c
-n
: Starts a new audit log file.-L 1
: Enables auditing for all sessions.-S 1
: Enables mandatory auditing for DBSSO users.
This command applies the configuration changes immediately for all new user sessions. You can read more about flags and configuring specific options on this page of the official IBM informix documentation.

Step 2: Execute Sample Queries for Testing
Execute some test queries to generate logs:
-- Create a sample table with only one column
CREATE TABLE sample (
full_name VARCHAR(100)
);
-- Insert data into the table
INSERT INTO sample (full_name) VALUES ('John Smith');
-- Select data from the table
SELECT * FROM sample;
-- Update a record in the table
UPDATE sample SET full_name = 'Alice Johnson' WHERE full_name = 'John Smith';
-- Select the updated record
SELECT * FROM sample;
-- Drop the table
DROP TABLE sample;
Additionally, you could try a failed login attempt to capture authorization failures.
Step 3: Review Audit Logs
Use the onshowaudit
command to view logs:
Display audit logs:
onshowaudit

Review the logs for actions such as query executions performed earlier. For more details, see the onaudit utility documentation.
Enhanced Informix Audit Trail with DataSunrise
While Informix's built-in onaudit
tool provides basic auditing capabilities, it is limited in scope and flexibility. Therefore, when it comes to organizations that require more advanced auditing and data protection features, DataSunrise offers a comprehensive solution that extends Informix's native capabilities.
Key Features of DataSunrise
Comprehensive Audit Trails: DataSunrise maintains detailed audit logs of all database activities, providing a complete audit trail for forensic analysis and security investigations. With support for extensive Informix data activity history tracking, you can ensure full visibility into who accesses what data, how and when.

Advanced Security Features: Beyond just tracking activity, DataSunrise offers features like dynamic data masking to protect sensitive data. This means that you can ensure that sensitive information is not exposed in audit logs, which is crucial for compliance with data privacy regulations.

Automated Compliance Reporting): DataSunrise provides automated compliance reporting, therefore allowing you to detect suspicious behavior as it happens. With automated compliance reporting, you can simplify your regulatory tasks. You can create detailed reports for GDPR, HIPAA, PCI DSS, SOX, and other regulations.

Conclusion
In summary, Informix's native audit trail functionality, powered by the onaudit
tool, provides a solid foundation for tracking database activities. On the other hand, for those organizations that require advanced auditing capabilities and robust security features, DataSunrise offers a comprehensive solution that improves upon and goes beyond just basic auditing. Ultimately, with its centralized control, dynamic data masking, real-time monitoring, and detailed reporting, DataSunrise significantly enhances Informix’s audit capabilities.
If you're ready to take your Informix database security to the next level, try DataSunrise today. Experience the benefits of an integrated audit trail, advanced data protection, and a user-friendly web interface.