Manage the OpenEdge Database

PROUTIL AUDITARCHIVE qualifier

Save PDF

Table of Contents

PROUTIL AUDITARCHIVE qualifier

Save PDF

Last Updated: February 11, 2026
4 minute read

OpenEdge
Version 13.0
Documentation

PROUTIL AUDITARCHIVE qualifier

Archives records from your audit data tables to a binary file.

Syntax


`proutil db-name -C auditarchive [date-range] [-recs num-recs] [-nodelete] [-checkseal] [-directory directory-name] [-userid user-id[-password passwd]] [-upgradeMD5Seal] [ -Cipher cipher-id]`

Parameters

db-name

Specifies the database whose audit data you are archiving.

date-range

When specified, date-range limits the archived records as shown in the following table:


If your date range is . . .	Then the data archived is . . .
Blank	All audit data records in the database at the time the archive process begins.
One date	All audit data records in the database with a date equal to or earlier than the specified date.
Two dates, separated by a space	All audit data records in the database with times that fall between the two dates specified, inclusively. You must first specify the earlier date, followed by the later date.

Specify date-range with the format "mm-dd-yyyy hh:mm:ss.sss+hh:mm". You must include the quotation marks. For example, to specify 5:00 P.M. on September 7, 2005 EDT, enter "09-07-2005 17:00:00.000-04:00".

-recs num-recs

Specifies the number of records to delete in a single transaction. AUDITARCHIVE executes a transaction for every num-recs records it deletes. The default for num-recs is 100, and the maximum is your current Lock Table Entries (-L) setting. The multi-user default for -L is 8192.

-nodelete

Specifies that AUDITARCHIVE copy the audit data records to the archive file, leaving the audit data in the database. If not specified, AUDITARCHIVE will delete the audit data records as they are archived.

-checkseal

Specifies that AUDITARCHIVE verify that the seal of each audit data record matches the database MAC key prior to writing it to the audit archive file. This option requires that the audit policies in effect when writing the audit data records have specified a Data Security Level of DB Passkey. For more information on creating audit policies and data security, see OpenEdge Getting Started: Core Business Services - Security and Auditing.

-directory directory-name

Specifies the directory where the audit archive file is written. If you do not specify a value for directory-name, the file is written to your current working directory. If an audit data archive file for your database already exists in the output directory, you are prompted to confirm if you wish to proceed and overwrite the existing file, or exit the utility.

If you are purging your audit data and do not want the data written to the archive file, you must explicitly specify the "bit bucket" (/dev/null) as the output destination in directory-name.

-userid username

Specifies the user name of the privileged user. If you are using the _User table, username must be defined there, and you must include the -userid parameter to identify the user. If you are not using the _User table, use of -userid is optional; in this scenario, username specifies a local operating system login ID. Regardless of the source, username must have the Audit Data Archiver privilege in order to run AUDITARCHIVE.

-password passwd

Specifies the password for username. If you are using the _User table, passwd is the password defined for the user there. The value of passwd can be clear text or encrypted. If you are not using the _User table, and have specified a local operating system ID with -userid, passwd must be the encrypted value of the DB Pass key. See OpenEdge Getting Started: Core Business Services - Security and Auditing or the Data Administration online Help for information on the DB Pass Key. For information on encrypting a password, see the description of the genpassword utility in OpenEdge Getting Started: Installation and Configuration.

If you do not supply a password corresponding to username, the utility will prompt for it.

-upgradeMD5Seal

Specifies that AUDITLOAD reseal auditing records if both of the following conditions are met:

The existing seal is MD5.
The record’s existing seal is valid.

The new seal is upgraded to SHA-256 security. If the record was originally sealed with a MAC key, the new seal will also be sealed with the same MAC key.

Enabling this parameter forces enablement of -checkseal.

-Cipher cipher-id

For an Enterprise database enabled for Transparent Data Encryption, specify -Cipher 11 or

-Cipher
              12

to encrypt the output of the PROUTIL AUDITARCHIVE with a password-based encryption cipher (PBE). You are prompted to enter the passphrase for the cipher. You must remember this passphrase; you will be prompted to enter the passphrase when loading the audit archive.

OpenEdge versions prior to Version 12.0 permitted the use of -Cipher 6 for an Enterprise database enabled for Transparent Data Encryption. In Version 12.0, if AUDITARCHIVE specifies -Cipher 6, the command will continue with a warning:


`Warning: The minimum allowed cipher for this operation is AES128_CBC_PBE.(19384) Substituting cipher AES128_CBC_PBE for requested DES_CBC_PBE. (19385)`

AUDITARCHIVE archives audit data from the _aud_audit-data and _aud-audit-data-value tables. It also copies data from the _db-detail, _client-session, and _aud-event tables. The data archived is written to one file, named db-name.abd so that the data from all the tables is treated as a unit. The file is sealed with a time stamp and the MAC seal currently stored in the database.

Archiving audit data is an auditable event. If your active audit policy is configured to audit the execution of AUDITARCHIVE, then every time it runs an audit event will be generated. The audit data record that audits the archive event will not be deleted from the database when AUDITARCHIVE runs.

Notes

The Audit Archive privilege is required to run AUDITARCHIVE.
AUDITARCHIVE runs against a database that is online or offline.
Multiple instances of AUDITARCHIVE can simultaneously run against the same database, however their output destinations must be unique directory specifications. If the data from multiple archives contains duplicate records, AUDITLOAD ignores the duplicates and continues to load the data without error.
If an archive file exists in the specified output directory, AUDITARCHIVE will not overwrite it. AUDITARCHIVE issues a warning message and provides you with the choice of overwriting the existing file or exiting.
If your archive file reaches the maximum file size for your operating system, a second file, db-name2.abd, will be written.
When archiving audit data encrypted with Transparent Data Encryption, the output of the audit archive is not encrypted by default. Encrypt the archive file (container security) by specifying -Cipher 11 or -Cipher 12and entering a passphrase for the PBE cipher. You will be prompted to enter the passphrase when loading the contents of the archive file.