- Review the logging that occurs automatically. See Default Logging.
- Implement logging for permanent database users.
- Set up the DBC.ACCLogRule macro. See Setting Up the DBC.AccLogRule Macro.
- Use the BEGIN LOGGING statement to define logging rules and enable logging. See Enabling Logging with the BEGIN LOGGING Statement.
- Check the DBC.AccLogRuleTbl table after running each BEGIN LOGGING statement to make sure the rule is correct. See Verifying that the Access Log Rule Is Correct.
- If directory-based users have access to the database, you can implement directory user logging. See Using Access Logging for Directory-Based Users.
- If you set up middle-tier applications as trusted users, review Using Access Logging for Proxy Users to understand how the database logs proxy users.
- Review the sample implementation to see a typical setup for access logging. See Sample Implementation of Access Logging.
- Review access logs and investigate suspect entries. See Investigating Database Access Attempts.
- Periodically purge access logs to limit the space devoted to storing log data. See Access Log Maintenance.
For information about logging access to objects protected by row level security, see Using Access Logging with Row Level Security.
Network Encryption Auditing
You may audit the security level used by the client interfaces when communicating with the gateway. This audit shows the security level that client interfaces are using on the network when sending messages to the database. The messages are logged to the gateway log. This feature is enabled from gtwcontrol.
For more information, see Using Network Encryption Auditing.