March 31, 2012
Extreme Auditing with Transaction History
Ever wonder about additional advanced auditing of your database activity? Consider financial accounting and health care records and the compliance standards required for today’s applications. For example:
- HIPAA
- PCI/DSS
- Sarbanes-Oxley
Auditing of database activity has been with computing history since the earliest days in the form of audit logs and trails. Most applications take responsibility to build and maintain their proprietary secure set of change logs. c‑treeACE provides built-in capabilities to track changes at their source as an additional level of security.
c‑treeACE Transaction Logging
For transaction controlled files, c‑treeACE maintains a complete history of events for every record update. The following types of information can be gathered from the transaction logs:
- A particular record position of a specified data file.
- A particular, unique key value of a specified index.
- All updates to a specified file.
- Updates from a particular user ID and/or node name.
- Some combination of the above.
When these transaction logs are retained, the Transaction History feature allows complete browsing of changes providing valuable historical information to applications. As c‑treeACE transaction logs should always be stored on secured devices and are critical to server operation, they are highly secure sources of data history and not prone to tampering.
Transaction History
Transaction History is a complete single-function API to access the audit logs of transaction controlled files for the purpose of providing valuable historical information to any application. Determine who deleted a record; page back through all the changes to a specific record; see who performed write operations to a specific file during a qualified time frame. These are but a few examples of this powerful feature.
The history function, TransactionHistory(), permits an application to scan backward or forward through transaction logs, returning either key values or data records and optionally the user ID and node name of the process which performed the update.
TransactionHistory() can be used on-line, interrogating current files and transaction logs as part of an active application. It can also be used off-line, examining a set of data, index, and log files saved from a single-user or client-server application. When scanning backward, TransactionHistory() looks for both active log files, ending with .FCS, and for inactive log files, ending with FCA.
The output of a TransactionHistory() call contains the following information after a successful first search call or subsequent search call:
- A 40-byte history header.
- An optional record header for variable length data records, superfile member data records, and resources in fixed or variable length data files.
- The key value or data record entry.
- A null terminated string with the user ID and node name of the process which made the log entry, when requested using ctHISTinfo.
- A null terminated file name, when filno equals 1.
Each log entry is assigned a transaction type. This type number determines how to interpret the contents of the transaction log entries. A listing of common types relevant to TransactionHistory() is below.
|
Transaction Type |
Description |
|
LADDKEY |
add key value |
|
LDELKEY |
delete key value |
|
NEWLINK |
delete stack link |
|
NEWIMAGE |
new record image |
|
OLDFILL |
old image ff filled |
|
OLDIMAGE |
old record image |
|
DIFIMAGE |
old/new difference image |
|
LOGEXTFIL |
extend file |
|
NODEXTFIL |
extend file |
A complete listing of all transaction types is found in ctopt2.h.
Advanced Multiple History Sets
Multiple history sets are possible. These are analogous to multiple sequential sets, contexts and batches. ChangeHistory() permits an application to maintain any number of history sets, where a set is defined to exist when either a first search call or preliminary log call returns successfully. Refer to the TransactionHistory() documentation for complete details.
Example
Refer to the <platform>\sdk\Xtras\ctree.samples\special\utils rnhis.c example in your c‑treeACE Professional installation for a detailed example using TransactionHistory().
Enhance Your Security Arsenal
Transaction History is a unique and powerful database-level auditing tool enhancing your security arsenal. Taking advantage of transaction log information provides a detailed accounting of all database activity and presents a near tamper-proof source of audit trail information to advanced applications requiring secure accountability.