Product Documentation

Database Administrator's Guide

Previous Topic

Next Topic

SYSLOG

SYSLOG <option>

FairCom DB optionally maintains a system event log, SYSLOG. This is maintained in two system files: SYSLOGDT.FCS and SYSLOGIX.FCS. These files comprise a FairCom DB data file and index pair with a record for each recordable system event. Unlike the text based CTSTATUS.FCS, SYSLOG can be encrypted such that entries cannot be added, deleted, or modified with a simple text editor, and vendors can log application specific entries.

The System Event Log contents are controlled by SYSLOG configuration keywords in ctsrvr.cfg, the ctsrvr.set settings file, or from the command line. They are entered as pairs in the form of: SYSLOG <keyword>. As many of these pairs as desired may be used at the discretion of your application vendor.

Current SYSLOG options include:

ADMIN_API

Only allow users in the ADMIN group to use the SystemLog() function to create vendor-defined entries in the log.

CTSTATUS

Log each entry to CTSTATUS.FCS in the System Event Log, except for those entries which occur before or after the system logging monitor is in operation.

DELETE_FILE

Log file deletes and restores.

DISABLE_API

Do not allow any calls to the SystemLog() function for user defined entries.

DYNAMIC_DUMP

Log the beginning and end of dynamic dumps and a result for each file dumped.

ENCRYPT

Encrypt the SYSLOG files.

LOGFAIL_PURGE

Causes an automatic purge of the oldest entries in the log if the system cannot add a record to SYSLOGDT.FCS. All the entries occurring on the oldest day are deleted unless there are only entries for the current day in which case no entries are purged. After a successful purge, an attempt is made to add the new entry that triggered the automatic purge. If this add succeeds, the system log operation continues in its usual fashion.

LOGFAIL_CTSTATUS

If there is no LOGFAIL_PURGE entry in the configuration file, or if the purge fails, the log entries will be rerouted to CTSTATUS.FCS if LOGFAIL_CTSTATUS is in the configuration file. This disables SYSLOG CTSTATUS; i.e, no more entries are made to the system log.

LOGFAIL_TERMINATE

If there is no automatic purge or it fails, and if there is no re-routing to CTSTATUS.FCS, either the system log will stop operation, or if LOGFAIL_TERMINATE is in the configuration file, the FairCom Server will shut down.

Note: USE LOGFAIL_TERMINATE WITH CAUTION!

NONE

Used in a settings file to eliminate additional SYSLOG entries in a server configuration file.

RESTORE_POINT

Use RESTORE_POINT to log created restore points, recovery with restore points, and transaction rollback to restore points through utility programs.

See SYSLOG Logging of Restore Point

SQL_STATEMENTS

Enables SQL statement logging to the SYSLOG audit logs.This information includes connection information, improved timing, and logging the statement before it is actually executed for a detailed audit trail of all SQL operations.

SYSLOG_EXCLUDE_SQL_USER <name>

Allows specifying a user <name> to be excluded from this logging.

All SQL statements are written to the log by default when SQL query logging is enabled by SYSLOG SQL_STATEMENTS,.

Multiple users can be excluded by specifying the keyword multiple times. No validation is made that the <name> specified matches an existing user name.

TRUNCATE

Over time the SYSLOGDT.FCS and SYSLOGIX.FCS files can become quite large requiring file maintenance to reduce the size. The SYSLOG() function supports purging records, optionally filtered by time and by event code. However, purging all entries one record at a time is slow, and storage device space is not released until new records are added over time. A better solution is the TRUNCATE capability available with V13.

With SYSLOG TRUNCATE in your configuration file, when a complete purge is requested (no filtering by time or event) the file is truncated rather than deleting individual records. This approach is much faster and avoids limitations with space reuse. Any user reading SYSLOG files when they are truncated will encounter the FBLK_ERR error . After receiving this error, the user must close and reopen the files to proceed..

USER_INFO

Log all logons, logoffs (including SQL users as of V12), and changes to user logon profiles.

Note: Build 210901 and earlier had a 4GB limit to the SYSLOG files. It is highly recommended to limit information recorded in this file in high volume systems, and include the LOGFAIL_PURGE option to clear data as the file grows. To disable the creation of huge system log files, add SYSLOG NONHUGE to the server configuration file. Builds after 210901 no longer have a 4GB file size limit.

History

  • V11.8 and later support SQL_STATEMENTS for detailed statement logging.
  • V11.8. and later support auditing SQL logon/logoff events with USER_INFO.

Previous Topic

Next Topic

SYSLOG SQL_STATEMENTS Configuration Keyword

This configuration keyword logs executed SQL statements in SYSLOG:

SYSLOG SQL_STATEMENTS

A SYSLOG SQL_STATEMENTS (SYSLOG, SYSLOG) log entry is written after statement execution so it can also include the error code (if any).

The variable part of the SYSLOG entry contains statement information in JSON format similar to SQL_DEBUG LOG_STMT.

Below is a sample showing how it is displayed by the ctalog utility:

Class = 16 (SQL)

Event = 1 (SQL statement)

Date = 09/24/2020

Time = 17:40:11

Sequence number = 37

Error code = -20005

User ID = 'admin'

Node name = 'isql'

Variable-length information:

---------------------------------------------------

{"timestamp":"Tue Sep 24 17:40:27 2020","ipaddr":"127.0.0.1","db":"CTREESQL","user":"admin","thread":29,"statement":"select * from missingtable"}

---------------------------------------------------

TOCIndex