Question
· Feb 5, 2021

Need on Audit event functionality

Hi everybody,

Is there any functionality I could use that triggers real time user-defined code on certain audit events? Right now I am interested in triggering such code on a routine modification event, like the one below. I do know how to access this record programmatically, via %SYS.Audit.

Thanks in advance,
Anna

Product version: Caché 2017.1
Discussion (8)2
Log in or sign up to continue

What do you want to achieve?

All audit changes are valid by themselves. For example if I have access to the codebase I can modify it however I want and it would be a valid action. If I delete the code it would be a valid action still, just malicious.

If, on the other hand, the codebase has some classes which I'm allowed to modify and some I'm not (so modifying them would be an invalid action), that should be resolved on the roles stage (by separating the code into two different databases and giving me write access only to the one db I should be able to modify).

Essentially, user should be allowed to perform only valid actions and audit exists to check for malicious actions.

Using audit for additional validity checks is not recommended because audit does not serve this purpose.

Robert, that's what I initially thought too and it's indeed mostly so but not 100%: the old style %RI is actually calling the new style ROUTINE^%R, with Audit classes and all. Just no source control class suspenders smiley . I see no technical reason not to have them in ^%R but they are not there. The ZSAVE implementation is not available.

So this is why I am trying to tackle this problem from the Audit side. Any ideas? I am thinking of a process monitoring the audit trail records but I don't quite like this solution. In any event, is there anything beyond monitoring?