Database Administrator's Guide

SYSLOG

SYSLOG <option>

FairCom DB optionally maintains a system event log, SYSLOG. This is maintained in two system files: SYSLOGDT.FCS and SYSLOGIX.FCS. These files comprise a FairCom DB data file and index pair with a record for each recordable system event. Unlike the text based CTSTATUS.FCS, SYSLOG can be encrypted such that entries cannot be added, deleted, or modified with a simple text editor, and vendors can log application specific entries.

The System Event Log contents are controlled by SYSLOG configuration keywords in ctsrvr.cfg, the ctsrvr.set settings file, or from the command line. They are entered as pairs in the form of: SYSLOG <keyword>. As many of these pairs as desired may be used at the discretion of your application vendor.

Current SYSLOG options include:

ADMIN_API	Only allow users in the ADMIN group to use the SystemLog() function to create vendor-defined entries in the log.
CTSTATUS	Log each entry to CTSTATUS.FCS in the System Event Log, except for those entries which occur before or after the system logging monitor is in operation.
DELETE_FILE	Log file deletes and restores.
DISABLE_API	Do not allow any calls to the SystemLog() function for user defined entries.
DYNAMIC_DUMP	Log the beginning and end of dynamic dumps and a result for each file dumped.
ENCRYPT	Encrypt the SYSLOG files.
LOGFAIL_PURGE	Causes an automatic purge of the oldest entries in the log if the system cannot add a record to SYSLOGDT.FCS. All the entries occurring on the oldest day are deleted unless there are only entries for the current day in which case no entries are purged. After a successful purge, an attempt is made to add the new entry that triggered the automatic purge. If this add succeeds, the system log operation continues in its usual fashion.
LOGFAIL_CTSTATUS	If there is no LOGFAIL_PURGE entry in the configuration file, or if the purge fails, the log entries will be rerouted to CTSTATUS.FCS if LOGFAIL_CTSTATUS is in the configuration file. This disables SYSLOG CTSTATUS; i.e, no more entries are made to the system log.
LOGFAIL_TERMINATE	If there is no automatic purge or it fails, and if there is no re-routing to CTSTATUS.FCS, either the system log will stop operation, or if LOGFAIL_TERMINATE is in the configuration file, the FairCom Server will shut down. Note: USE LOGFAIL_TERMINATE WITH CAUTION!
NONE	Used in a settings file to eliminate additional SYSLOG entries in a server configuration file.
RESTORE_POINT	Use RESTORE_POINT to log created restore points, recovery with restore points, and transaction rollback to restore points through utility programs. See SYSLOG Logging of Restore Point A new SYSLOG class has been added: ctSYSLOGrstpnt. The associated configuration file entry is SYSLOG RESTORE_POINT. There are four events associated with the Restore Point class: ctSYSLOGrstpntCREATE - Create a Restore Point. ctSYSLOGrstpntNOKEEP - Create a Restore Point, but KEEP_RESTORE_POINTS is 0. ctSYSLOGrstpntRECOVERY - Automatic recovery with Restore Points. ctSYSLOGrstpntTRANBAK - Transaction rollback (via utility program) with Restore Points. SYSLOG Restore Point Record Format The SYSLOG record associated with a Restore Point event starts with the common SYSLOG record format and is followed by a variable region. The variable region contains the SYSLOG Restore Point information. It is made up of the syslogRP structure defined in ctport.h: #define ctRPbvr 24 /* base variable region / typedef struct rstpntsyslog { ULONG bitmap; / syslog rstpnt bitmap / LONG varlen; / len of var region (may be > ctRPbvr) / LONG8 rstpntsrn; / Restore Point serial number / LONG rstpntlog; / Restore Point log# / ULONG rstpntpos; / Restore Point log position / ULONG rstpnttim; / Restore Point system time / LONG rstpnttim2; / system time extension / LONG skplog; / skip forward log number / ULONG skppos; / skip forward log position / ULONG avail; / available / ULONG temptim; / time event added to temp event file / LONG temptim2; / temptim extension / UCOUNT rstpntver; / Restore Point version / UCOUNT rstpnttyp; / Restore Point type / TEXT var_region[ctRPbvr]; / beginning of var region / } syslogRP; The var_region in the syslogRP structure is the base region for any additional variable-length data. The varlen member of syslogRP indicates how much variable data is in the record and may exceed ctRPbvr as defined above. The most important component of this record for a ctSYSLOGrstpntRECOVERY event is the bitmap member that indicates the details of what happened during a recovery that involves Restore Points and/or rolling back to a Restore Point. ctport.h* has the bitmap values. They are: #define syslogRPname 0x000001 /* RP name in var region / #define syslogRPminlogsync 0x000002 / Deferred LOG SYNC feature on at crash / #define syslogRPrec_to_rstpnt 0x000004 / RECOVER_TO_RESTORE_POINT on / #define syslogRPstart_rolbak 0x000008 / rollback attempted / #define syslogRPpndg_rolbak 0x000010 / rollback to Restore Point pending / #define syslogRPno_rstpnt 0x000020 / NO Restore Points / #define syslogRPno_rolbak_sup 0x000040 / rollback not supported / #define syslogRPno_tran_undo 0x000080 / may be trans not undone / #define syslogRProlbak_err 0x000100 / rollback error / #define syslogRPskipto_err 0x000200 / error inserting skipto info / #define syslogRPdef_not_rstpnt 0x000400 / RECOVER_TO_... NO by default / #define syslogRPskip_pndg 0x000800 / skip pending rollback / #define syslogRPno_tran_to_undo 0x001000 / no trans to undo, skip rolbak / #define syslogRProlbak_rstpnt 0x002000 / rollback to Restore Point / #define syslogRPno_fnd_rstpnt 0x004000 / did not find Restore Point / #define syslogRPskip_pndg_sync 0x008000 / skip pending rollback && MLS / #define syslogRPpndg_rolbak_sync 0x10000 / rollback to Restore Point pending && MLS/ #define syslogRProlbak_not_rqst 0x020000 / rollback to Restore Point not requested / #define syslogRPavailable 0x040000 / available for use / / ** final system state indicators (MLS stands for Deferred/Minimum LOG SYNC feature) / #define syslogRP_FSrolbak 0x0080000 / successful rollback to Restore Point / #define syslogRP_FSno_rolbak_OK 0x0100000 / no rollback to Restore Point. no MLS. / #define syslogRP_FSrolbak_err 0x0200000 / rollback error / #define syslogRP_FSno_rolbak_MLS 0x400000 / no rollback to Restore Point, but MLS / #define syslogRP_FSrolbak_NRP 0x0800000 / rollback did not find Restore Point / #define syslogRP_FSrolbak_chg 0x1000000 / rollback NORP. try explicit RECOVER_TO_RESTORE_POINT NO / #define syslogRP_FSrolbak_chg2 0x2000000 / rollback NORB. try explicit RECOVER_TO_RESTORE_POINT NO or YES / #define syslogRP_FSrolbak_err2 0x4000000 / rollback error on skipto upd / The final system state indicators, of which only one should be defined for each recovery event, indicate the state of the server after recovery. In the case of an error, the error code will be in the common SYSLOG* record header. The ctalog utility section provides more expansive descriptions and the significance of each bitmap value. The final system state indicators provide an overview of the "health" of the server and its data files.
SQL_STATEMENTS	Enables SQL statement logging to the SYSLOG audit logs.This information includes connection information, improved timing, and logging the statement before it is actually executed for a detailed audit trail of all SQL operations.
SYSLOG_EXCLUDE_SQL_USER <name>	Allows specifying a user <name> to be excluded from this logging. All SQL statements are written to the log by default when SQL query logging is enabled by SYSLOG SQL_STATEMENTS,. Multiple users can be excluded by specifying the keyword multiple times. No validation is made that the <name> specified matches an existing user name.
TRUNCATE	Over time the SYSLOGDT.FCS and SYSLOGIX.FCS files can become quite large requiring file maintenance to reduce the size. The SYSLOG() function supports purging records, optionally filtered by time and by event code. However, purging all entries one record at a time is slow, and storage device space is not released until new records are added over time. A better solution is the TRUNCATE capability available with V13. With SYSLOG TRUNCATE in your configuration file, when a complete purge is requested (no filtering by time or event) the file is truncated rather than deleting individual records. This approach is much faster and avoids limitations with space reuse. Any user reading SYSLOG files when they are truncated will encounter the FBLK_ERR error . After receiving this error, the user must close and reopen the files to proceed..
USER_INFO	Log all logons, logoffs (including SQL users as of V12), and changes to user logon profiles.

Note: Build 210901 and earlier had a 4GB limit to the SYSLOG files. It is highly recommended to limit information recorded in this file in high volume systems, and include the LOGFAIL_PURGE option to clear data as the file grows. To disable the creation of huge system log files, add SYSLOG NONHUGE to the server configuration file. Builds after 210901 no longer have a 4GB file size limit.

History

V11.8 and later support SQL_STATEMENTS for detailed statement logging.
V11.8. and later support auditing SQL logon/logoff events with USER_INFO.

SYSLOG SQL_STATEMENTS Configuration Keyword

This configuration keyword logs executed SQL statements in SYSLOG:

SYSLOG SQL_STATEMENTS

A SYSLOG SQL_STATEMENTS (SYSLOG, SYSLOG) log entry is written after statement execution so it can also include the error code (if any).

The variable part of the SYSLOG entry contains statement information in JSON format similar to SQL_DEBUG LOG_STMT.

Below is a sample showing how it is displayed by the ctalog utility:

Class = 16 (SQL)

Event = 1 (SQL statement)

Date = 09/24/2020

Time = 17:40:11

Sequence number = 37

Error code = -20005

User ID = 'admin'

Node name = 'isql'

Variable-length information:

---------------------------------------------------

{"timestamp":"Tue Sep 24 17:40:27 2020","ipaddr":"127.0.0.1","db":"CTREESQL","user":"admin","thread":29,"statement":"select * from missingtable"}

---------------------------------------------------