将应用程序审计跟踪与数据库日志链接
[英]Linking Application Audit Trail with DB Logs
问题描述
I'm working on an application that logs every business transaction to an audit trail, and I have a requirement to be able to correlate events in this audit trail with records in the Journal of an IBM System i (AS400) that is used as an RDBMS by that application. 
我正在开发一个将每个业务交易记录到审计跟踪中的应用程序,并且我要求能够将该审计跟踪中的事件与IBM System i期刊(AS400)中用作记录的记录相关联。该应用程序的RDBMS。 Any idea how can this be achieved? 知道如何实现吗?
I was thinking if there is a way for the application to pass some sort of business transaction ID to the database and have it stored with it's corresponding journal entries. 我在想,应用程序是否可以通过某种方式将某种业务交易ID传递给数据库,并将其与相应的日记帐分录一起存储。 Is this possible? 这可能吗?
2 个解决方案
解决方案1
1 已采纳 2014-03-11 13:18:00
The journal entries carry every column of the journalled table, so if there is a transaction ID in the row, it will be in the journal. 日记帐分录包含日记帐表的每一列,因此,如果该行中有交易ID,则它将在日记帐中。 It is very rare to encounter a business system without a transaction ID; 没有交易ID的业务系统很少见。 it may be an invoice number, a purchase order number, a requisition number and so on. 它可以是发票号,采购订单号,请购单号等。 If you have come across one, there is almost always a primary / foreign key pair that identifies the transaction. 如果碰到一个,几乎总是有一个主/外键对来标识交易。 Think customer number, item number for a sale, vendor number, check number for accounts payable, etc. 考虑客户编号,销售商品编号,供应商编号,应付帐款支票编号等。
Frankly, the journal tends to be a better audit trail than any application-generated audit trail because the journal will catch 'fix it' situations like a programmer using an SQL UPDATE to repair rows incorrectly updated due to a program bug and the like. 坦白说,与任何应用程序生成的审计跟踪相比,该日志往往是更好的审计跟踪,因为该日志将捕获“修复”情况,例如程序员使用SQL UPDATE来修复由于程序错误等导致错误更新的行。
解决方案2
0 2014-03-18 07:49:35
I agree journaling is likely to be a significantly better solution. 我同意日记功能可能是一种更好的解决方案。 There have been sites that are concerned about journal performance hits; 已经有一些网站关注期刊的表现。 but those concerns often ignore the performance hits of bolting on procedures that also do disk writes. 但是这些问题通常会忽略在执行磁盘写操作的过程中对性能的影响。 It's a near certainty that built-in system journal routines will be more efficient than any routines written in a HLL. 几乎可以肯定的是,内置系统日志例程将比用HLL编写的任何例程更加高效。
It seems bizarre to create a physically separate "audit trail" that needs to be "correlated" with existing journal entries. 创建需要与现有日记帐分录“关联”的物理上分开的“审核线索”似乎很奇怪。 The journal IS the audit trail. 日记帐是审计跟踪。
However, your question isn't clear. 但是,您的问题尚不清楚。 Are you simply asking how to read a journal? 您是否只是问问如何阅读日记?
If so, there are two general approaches. 如果是这样,则有两种通用方法。 You can either output a selected set of journal entries to an temporary work table or use system commands or APIs to retrieve journal entries into program buffers. 您可以将一组选定的日记帐分录输出到临时工作表,也可以使用系统命令或API将日记帐分录检索到程序缓冲区中。 If you retrieve into a program's memory, you can do anything with the data you might want, eg, query your "audit trail" to find a matching data element. 如果检索到程序的内存,则可以对所需的数据执行任何操作,例如,查询“审计跟踪”以查找匹配的数据元素。
Can you give a little more detail on the process you have in mind? 您能否详细介绍您所考虑的过程?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.