Database Audit Log Archiving

This section talks about how you can manage the sequence number capacity and archive the data. See the following topics for more information:
aa9
This section talks about how you can manage the sequence number capacity and archive the data. See the following topics for more information:
CA Strong Authentication (SA)
Sequence Number Capacity
All transactions have an associated sequence number that the product generates, these sequence numbers would accumulate over time and affect the performance of your database.
Note the following information to manage 
Sequence Number Capacity: 
  • Sequence number capacity has a maximum value of 2^31-1.
  • You are advised to constantly monitor the sequence number capacity.
  • To optimally manage the transaction IDs range, follow the best practices to reset and archive the data as explained in Proactive advisory documentation
  • In case you hit the max limit, transaction ID sequence numbers for the CA Strong Authentication product would
    reset
    after highest available sequence number is used. The arcotwebfort.log file records when this reset occurs. However, you must archive the audit log data
    manually.
How to Know Current Sequence Value for SA
One of the sequences ARWFTXNIDSEQ in ARWFSEQUENCE table reaches the maximum limit. Use a health check monitor to verify the current value with respect to the maximum possible value. You can know the current sequence value and whether it is near maximum limit (MAX: 2147483647) with the help of the following query:
For MSSQL and Oracle:
(For 7.x and 8.x releases) select USEDVALUE from ARWFSEQUENCE where SEQUENCENAME='ARWFTXNIDSEQ'; (For 9.x releases) select USEDVALUE from ARWFSEQUENCE where SEQUENCENAME like 'ARWFINSTANCETXNIDSEQ' and INSTANCENAME= 'hostname';
CA User Data Service (UDS)
Sequence Number Max Limit
All the UDS transactions have an associated sequence number that the product generates, these sequence numbers would increase over time and affect the performance of your database.
Note the following information to manage
CA Sequence Number Capacity: 
  • Sequence number capacity has a maximum value of 2^31-1.
  • You are advised to constantly monitor the sequence number capacity.
  • To optimally manage the transaction IDs range, follow the best practices to reset and archive the data as explained in Proactive advisory documentation
  • In case you hit the max limit, transaction ID sequence numbers for the CA UDS product would
    not
    reset
    after highest available sequence number is used. CA Strong Authentication (arcotwebfort.log) and CA Risk Authentication (arcotriskfort.log) log files record when this reset occurs. However, you must archive the audit log data
    manually.
How to Know Current Sequence Value for UDS
ARUDSUSERAUDITREFIDSEQ contains the information related to the UDS Audit sequences. Use a health check monitor to verify the current value with respect to the maximum possible value. You can know the current sequence value and whether it is near maximum limit (MAX: 2147483647) with the help of the following query:
For Oracle: select LAST_NUMBER from dba_sequences where sequence_name ='ARUDSUSERAUDITREFIDSEQ' and sequence_owner = '<databaseusername>'; For MSSQL : select curr_val from ARSEQUENCETABLE where sequence_id like 'ARUDSUSERAUDITREFIDSEQ';
See the sample example for Oracle,
select LAST_NUMBER from dba_sequences where sequence_name ='ARUDSUSERAUDITREFIDSEQ' and sequence_owner = 'AMRM8X';
For more information, see the following topics:
Database Audit Log Archiving
Data is copied from its current table to a corresponding table with _AR appended to its name. For example, records from the ARWFAUTHAUDITLOG table are copied to ARWFAUTHAUDITLOG_AR table. After the records are copied, the original records are deleted from the ARWFAUTHAUDITLOG table. You may archive the following Strong Authentication and UDS audit log tables to improve the performance of your database.
ARWFISSUANCEAUDITLOG ARWFAUTHAUDITLOG ARWFADMINAUDITLOG ARWFSVRMGMTAUDITLOG ARUDSUSERAUDITLOG
The product does
not
automatically manage the size of the _AR tables in your database. Work with your database administrator to determine a maintenance method that complies with the data retention policy of your organization.
When you expect large spikes of activity in your system, consider changing these database settings.
  1. Open the following file using a text editor:
    $ARCOT_HOME
    /conf/arcotcommon.ini
  2. Locate the following section:
    [db/logtrimming]
    RetainDays = 90
    MaxRetainedRows = 1000000
    RunFrequencyMins = 1440 # run daily
  3. Review the following settings:
    • RetainDays
      Specifies the number of days for which the data is retained.
      Default
      : 90
    • MaxRetainedRows
      The maximum number of rows that are retained. Change this value if you expect large spikes of activity in your system.
      Default
      : 1000000
    • RunFrequencyMins
      Specifies how often the archiving process repeats in minutes.
      Default
      : 1440 (Daily)
    • NoArchive
      Specifies if records are not archived (copied to the corresponding _AR table). Changing this value to true deletes records without archiving them first. We recommend leaving this value at false when your organization has a data retention policy.
      Default
      : False
    • Disabled
      Turns 
      off
       the archiving function. Log files are 
      not
       copied or deleted. Your database size grows. We recommend leaving this value at false.
      Default
      : False
  4. Change any of the previous settings. Save the file, and then close the text editor.