Auditing process

The process can be described as follows:

The audit selector, which is the database client layer of the bshell, checks whether each change on the source database meets the audit selections. If so, the audit selector sends a change to be audited (ipc message) to the audit server.

The audit server writes each change it receives to the audit trail (files). The audit server writes all changes for a transaction and then prepares the commit. The audit server requests a transaction ID from the sequence generator. Because the audit server requests a sequence ID, all audit servers must be running on the same application server.

After receiving the transaction ID, the audit server returns an acknowledgement to the audit selector, including the transaction ID and information on where the data is stored in the audit trail.

The audit selector waits until the audit server has logged all changes and acknowledged the prepare commit. Next, the audit server creates a transaction notification (database insert). The user transaction and the transaction notification are committed within the same transaction scope.

A transaction notification consists of:

  • The transaction ID
  • User name
  • Session name
  • The commit time of the transaction
  • A list of tables that are updated by the transaction
  • For each table: An index to where the first log data of the first database action on that table is stored.

The transaction notifications are physically stored in a relational database table.

By default, audit notifications are stored in the Tools company. If the transaction involved updates to more than one table or company, the audit selector creates more than one transaction notification row.

The diagram provides a technical overview of the various components.

Note: To configure the audit setup, prior releases used the tabledef6.2 file, the table data dictionary files and the audit_set file. This setup is still supported by the Enterprise Server 7 release for backward compatibility. For a description of this former setup, see the Infor Baan 5.2a Tools Technical Manual.

To use this former setup, the directory $BSE/lib/ will not contain the audit_cols file:

The DB-client part of the bshell reads the audit_cols file with audit selections. The DB-client part sends the contents of the audit_cols file to the audit server. The audit server reads the auditdef and audit_spec file.

The audit_cols file specifies whether a column of a table must be audited. The audit_spec file specifies how the audit trail is organized and handles permission issues. The auditdef file specifies where the audit server must store the audit information.

The bshell sends the database actions or transaction data to the database driver. If a database action meets the audit selection criteria, the action is also sent to the audit server.

At commit time, the audit server writes the audit-data to the audit trail and returns the transaction information and a transaction ID to the audit client.

To create this transaction ID, the sequence generator creates a sequence number. Then the bshell writes a transaction notification within the user transaction scope.