SESAM/SQL logs security-relevant events using the component SAT (Security Audit Trail) of the software product SECOS (Security Control System).

To do this, SESAM/SQL transfers log records (SATLOG records) to SAT (provided that the SAT logging in SESAM/SQL is enabled). SAT stores these log records into a protected logging file (SATLOG file). The SATLOG file can be analyzed with the help of the SAT evaluation routine SATUT. SATUT creates usefully edited SAT log files and/or result lists.For more information about SAT and the SAT evaluation routine SATUT, refer to the “ Security Control System - Audit” manual.

SESAM/SQL provides the SESAM system administrator with the following options for enabling and disabling SAT logging in SESAM/SQL:

• DBH option SECURITY, refer to the “ Database Operation” manual, chapter “DBH start statements and options”.

• Administration statement SET-SAT-SUPPORT or OPT, SAT, see the “ Database Operation” manual, chapter “DBH and SESDCN administration”.

In order to log SESAM events, both the SAT logging in SESAM/SQL and the SESAM events of the SAT preselection in SAT must be enabled.

If SAT logging is enabled, SESAM/SQL transfers SATLOG records to SAT for the following events:

• Start or end of a SESAM-DBH task or a service task

• End of a process

• Intervention by administration in a DBH session

• Manipulation of the database structure with DDL or SSL

• Execution of utility statements

• Changes in user accesses and access rights

DML accesses are not logged with SAT.

The SATLOG records of SESAM/SQL are described in the appendix to the “ Database Operation” manual, in the section “Layout of the log records for SAT”.