Firebird – Problem Enabling System Audit (Trace and Audit Services)

auditconfigurationfirebirdquerytrace

I would like to enable System Audit on my Firebird 2.5.9.27139 (x64) database (Windows 10), to inspect all queries performed on it.

I've already read some docs about what the configuration file should look like, but most likely I have some trivial problem with setting up all the paths and entries.

I would be very grateful if someone could have a glance at my settings and point out what should I change.

My database is located in: C:\KSBAZA\KS-APW\WAPTEKA.FDB

I would like to store all logs and trace config file in the directory: C:\DB_trace

In the main Firebird directory, I uncommented and set the line of firebird.conf file to:

AuditTraceConfigFile = C:\DB_trace\apw_trace.conf

Content of C:\DB_trace\apw_trace.conf:

<database WAPTEKA.FDB>
  enable true
  log_filename C:\DB_trace\audit_trace_database.log
  max_log_size 0
  include_filter %(INSERT|UPDATE|DELETE)%
  log_connection true
  connection_id 0
  log_transaction true
  log_statement_prepare true
  log_statement_free true
  log_statement_start true
  log_statement_finish true
  log_procedure_start true
  log_procedure_finish true
  log_trigger_start true
  log_trigger_finish true
  log_errors true
  log_warnings true
  log_initfini true
  log_sweep true
  time_threshold 0
  max_sql_length 65536
</database>

<services>
  enabled true
  log_filename C:\DB_trace\audit_trace_services.log
  max_log_size 0
  log_services true
  log_errors true
  log_warnings true
  log_initfini true
</services>

After saving the changes to the firebird.conf file, I completely rebooted the machine (the editing was performed while the Firebird service was down.)

Moreover, I tried to place the apw_trace.conf file in the same dir as the firebird.conf one (now AuditTraceConfigFile = apw_trace.conf), but without any result – they're no log files created in the C:\DB_trace dir (should I touch these empty *.log files?).

Thank you in advance for your help.

Best Answer

There are a number of things wrong with your config file:

enable true should be enabled true
log_filename C:\DB_trace\audit_trace_database.log should be log_filename C:\\DB_trace\\audit_trace_database.log
log_connection true should be log_connections true
log_transaction true should be log_transactions true

Most of these errors could have been detected by inspecting the firebird.log file.

And although the documentation in fbtrace.conf says:

Pattern is either database name without path or "SIMILAR TO"-based regular expression which is matched against fully qualified database path name.

It looks like you always need to actually specify a SIMILAR TO pattern matching the path of the database, for example %[\\/]WAPTEKA.FDB.

The corrected entry, which works on my machine, is:

<database %[\\/]WAPTEKA.FDB>
  enabled true
  log_filename C:\\DB_trace\\audit_trace_database.log
  max_log_size 0
  include_filter %(INSERT|UPDATE|DELETE)%
  log_connections true
  connection_id 0
  log_transactions true
  log_statement_prepare true
  log_statement_free true
  log_statement_start true
  log_statement_finish true
  log_procedure_start true
  log_procedure_finish true
  log_trigger_start true
  log_trigger_finish true
  log_errors true
  log_warnings true
  log_initfini true
  log_sweep true
  time_threshold 0
  max_sql_length 65536
</database>

The syntax in Firebird 3 is slightly bit different, check the Firebird 3 release notes for details

Best Answer

Related Solutions

Sql-server – Create an Audit trail on SQL Server 2008 to trace all privilege users

Sql-server – SQL Server Trace – Filter on System Processes

Related Question