dpdbadmin partitionaudittables
The dpdbadmin partitionaudittables command is used to partition the existing audit tables (vdsAuditMsg, vdsAuditMsgField). Instead of having all audit data in one big table, it is split up into smaller subsets (partitions). Each partition contains the data for a specified time range (specified with ‑range). This can improve database performance for queries and delete operations.
If you run this command, all historical audit data is split into respective partitions. If you already have a lot of audit data, this can take some time to complete. It is recommended to run this command right after a fresh installation, after audit data has been cleared and optimized, or during a database maintenance window to ensure sufficient downtime.
When you have created the partitions for the existing data on a daily basis, you should run the dpdbadmin scheduleauditpartitioning command to ensure that partitions are created for future data (see dpdbadmin scheduleauditpartitioning).
This command is only supported for MariaDB.
Syntax
dpdbadmin partitionaudittables –d dsn [OPTION]...
where dsn is the ODBC data source name.
Command-line options
| Option | Parameter | Description |
|---|---|---|
| ‑d, ‑dsn | dsn | Required. ODBC data source name (DSN), e.g. "IAS embedded database". |
| ‑force | Usually the command will not re-create the partitions if they already exist, because partitioning is a costly operation. This option forces the command to re-create the partitions, even if they already exist. This can be useful to fill any gaps and create missing partitions, e.g. because no partition procedure has been scheduled at some point. | |
| ‑h, ‑help | Show help and usage information. | |
| ‑l, ‑log | logfile | Write output to logfile. |
| ‑p, ‑password | dbpassword |
Optional. Password of the database administrator. This option can be omitted if the database administrator account has a blank password. |
| ‑q | Quiet mode. Do not output commentary text. | |
| ‑r, ‑range | range |
Optional. Specifies the time range to use for one partition. Possible values:
Default value: daily |
| ‑synctimeout | timeout | The timeout in seconds to synchronize with other dpdbadmin instances. |
| ‑u, ‑user | dbusername | Optional. User name of a database administrator (if required). |
| ‑unlockdb | Unlock a database synchronization lock used to protect the database schema against concurrent schema modifications. | |
| ‑v, ‑verbose | Print verbose output. Can be specified twice to be more verbose. |
Exit codes
| Exit code | Description |
|---|---|
| 0 | The command completed successfully. |
| 1 | The command has been aborted by the user. |
| 2 | The command failed due to an unspecified error. |
| 3 | The specified parameters are invalid. |
| 4 | The command failed due to an error. |
| 5 | The database authentication failed. |
Examples
To partition the existing audit tables in the database connected to using the data source name IAS embedded database and the user credentials digipass and digipassword type:
dpdbadmin partitionaudittables –u digipass –p digipassword –d "IAS embedded database"
Additional considerations
- The OneSpan Authentication Server Installation Wizard prompts you whether you want to create partitions during initial configuration. If you do not consent, you can run dpdbadmin partitionaudittables any time later.
- You can remove the partitions and merge the data back into one big table again using the dpdbadmin removeauditpartitioning command (see dpdbadmin removeauditpartitioning).
- Partitioning can improve database performance for queries and delete operations. At the same time, a lot of partitions put more load on the database server, so you need to provide enough database resources. If you are the database administrator, you should plan to mitigate this issue as part of your routine database maintenance and clean up audit data regularly. For more information about archiving and deleting audit data, refer to the OneSpan Authentication Server Administrator Guide, Section "Auditing".