DataSunrise Achieves AWS DevOps Competency Status in AWS DevSecOps and Monitoring, Logging, Performance

Informix Audit Trail

Informix Audit Trail

Introduction

For many businesses using relational databases like IBM Informix that handle sensitive customer data, implementing comprehensive audit trail systems has become a fundamental security requirement. As a result, organizations utilizing these audit capabilities can better meet modern security standards while ensuring compliance for their stored data. So, as organizations track database activities and user interactions, proper audit implementation becomes crucial for accountability.

Furthermore, recent data from Check Point Research highlights the urgency – cyberattacks surged by 30% in Q2 2024 compared to the previous year, marking the highest increase in two years. This therefore underscores the critical importance of implementing robust database audit solutions for Informix and other database systems in order to protect sensitive data and maintain compliance.

This article will help you set up Informix’s native onaudit tool. It will also show how DataSunrise can improve these audit features with advanced monitoring.

What is the Informix Audit Trail?

The Informix Audit Trail creates detailed logs of database operations, including user access, SQL queries, data modifications, and administrative actions. Powered by the built-in onaudit tool, this system helps organizations monitor database activity, protect sensitive data, and investigate potential security concerns. The audit facility can be configured to capture varying levels of detail based on organizational needs.

By default, Informix stores logs in binary audit trail files. To analyze these records, administrators can view these logs in a human-readable, pipe-delimited format using the onshowaudit utility

Event_Type|Timestamp|Username|ProcessID|Database|OSUser|AdditionalInfo

Enabling the Informix Audit Trail with onaudit

To enable the Informix audit trail, you need to configure the onaudit tool. This tool offers flexibility in the types of events you can audit and how detailed the logging will be. Here’s a step-by-step guide on how to enable the audit trail.

Prerequisites

To begin implementing the audit trail, you'll need:

  1. A running Informix instance (you can run informix instance in Docker for testing)
  2. Administrative privileges on your Informix server
  3. Basic database administration knowledge

Step 1: Enable Informix Audit Trail Recording in onaudit

First, in order to configure auditing in Informix, use the onaudit utility. Below are the useful commands for starting and configuring audit settings:

  • Check current audit settings
    onaudit -c

  • Enable auditing for all sessions
    onaudit -L 1

  • Start a new audit log file
    onaudit -n

  • Enable mandatory auditing for DBSSO users
    onaudit -S 1

  • Output current audit configuration onaudit -c

Full Setup Command:

The following command will enable auditing, start a new log file, and enable mandatory auditing for DBSSO users:

onaudit -n -L 1 -S 1 -c
  • -n: Starts a new audit log file.
  • -L 1: Enables auditing for all sessions.
  • -S 1: Enables mandatory auditing for DBSSO users.

This command applies the configuration changes immediately for all new user sessions. You can read more about flags and configuring specific options on this page of the official IBM informix documentation.

Onaudit Utility Example Configuration for Informix
onaudit Utility Example Configuration for Informix

Step 2: Execute Sample Queries for Testing

Execute some test queries to generate logs:

-- Create a sample table with only one column
CREATE TABLE sample (
    full_name VARCHAR(100)
);

-- Insert data into the table
INSERT INTO sample (full_name) VALUES ('John Smith');

-- Select data from the table
SELECT * FROM sample;

-- Update a record in the table
UPDATE sample SET full_name = 'Alice Johnson' WHERE full_name = 'John Smith';

-- Select the updated record
SELECT * FROM sample;

-- Drop the table
DROP TABLE sample;

Additionally, you could try a failed login attempt to capture authorization failures.

Step 3: Review Audit Logs

Use the onshowaudit command to view logs:

Display audit logs:

onshowaudit

Onshowaudit Example of Informix Audit Trail Output
Example of Informix Audit Trail Output with onshowaudit Command

Review the logs for actions such as query executions performed earlier. For more details, see the onaudit utility documentation.

Enhanced Informix Audit Trail with DataSunrise

While Informix's built-in onaudit tool provides basic auditing capabilities, it is limited in scope and flexibility. Therefore, when it comes to organizations that require more advanced auditing and data protection features, DataSunrise offers a comprehensive solution that extends Informix's native capabilities.

Key Features of DataSunrise

Comprehensive Audit Trails: DataSunrise maintains detailed audit logs of all database activities, providing a complete audit trail for forensic analysis and security investigations. With support for extensive Informix data activity history tracking, you can ensure full visibility into who accesses what data, how and when.

Informix Audit Trails Captured in DataSunrise
Informix Audit Trails Captured in DataSunrise

Advanced Security Features: Beyond just tracking activity, DataSunrise offers features like dynamic data masking to protect sensitive data. This means that you can ensure that sensitive information is not exposed in audit logs, which is crucial for compliance with data privacy regulations.

Masking Rule Creation in DataSunrise for Informix
Masking Rule Creation in DataSunrise for Informix

Automated Compliance Reporting): DataSunrise provides automated compliance reporting, therefore allowing you to detect suspicious behavior as it happens. With automated compliance reporting, you can simplify your regulatory tasks. You can create detailed reports for GDPR, HIPAA, PCI DSS, SOX, and other regulations.

Multiple Supported Security Standards in DataSunrise for Informix
Multiple Supported Security Standards in DataSunrise for Informix

Conclusion

In summary, Informix's native audit trail functionality, powered by the onaudit tool, provides a solid foundation for tracking database activities. On the other hand, for those organizations that require advanced auditing capabilities and robust security features, DataSunrise offers a comprehensive solution that improves upon and goes beyond just basic auditing. Ultimately, with its centralized control, dynamic data masking, real-time monitoring, and detailed reporting, DataSunrise significantly enhances Informix’s audit capabilities.

If you're ready to take your Informix database security to the next level, try DataSunrise today. Experience the benefits of an integrated audit trail, advanced data protection, and a user-friendly web interface.

Next

Informix Data Audit Trail

Informix Data Audit Trail

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]