Planning for SQL audit analysis

When you plan audit analysis with the database server, consider that the audit-analysis process itself might generate audit records, depending on how the audit is configured. One way to avoid generating unwanted audit records as a result of audit analysis is to use a separate unaudited instance of the database server.

To perform audit analysis with SQL, you must use a program to access the database and table that you created. Use the DB-Access utility to construct and execute SQL statements or develop an application with HCL® OneDB® application development tools or an SQL API, such as .

Whether you perform analysis with DB-Access or build a customized application, remember the advice given for audit review in Audit analysis overview. To view audit events for specific objects, select rows based on their value in the dbname, tabid, or row_num column.

If you discover suspicious activity based on initial analysis of the audit table in the database server, you might increase the scope of your collection of audit events to pinpoint the problem. If you feel certain you have a security problem, see DBMS security threats.