How To Setup Auditing in DB2

Syed Naveed Raza

6 years ago

First, check audit parameter in DB2 LUW; as you can see “audit active” is FALSE, which shows that currently auditing is not enabled on your instance.

db2audit describe
DB2 AUDIT SETTINGS:

Audit active: "FALSE "
Log audit events: "FAILURE"
Log checking events: "FAILURE"
Log object maintenance events: "FAILURE"
Log security maintenance events: "FAILURE"
Log system administrator events: "FAILURE"
Log validate events: "FAILURE"
Log context events: "NONE"
Return SQLCA on audit error: "FALSE "
Audit Data Path: ""
Audit Archive Path: ""

AUD0000I  Operation succeeded.

db2audit describe

DB2 AUDIT SETTINGS:

Audit active: "FALSE "

Log audit events: "FAILURE"

Log checking events: "FAILURE"

Log object maintenance events: "FAILURE"

Log security maintenance events: "FAILURE"

Log system administrator events: "FAILURE"

Log validate events: "FAILURE"

Log context events: "NONE"

Return SQLCA on audit error: "FALSE "

Audit Data Path: ""

Audit Archive Path: ""

AUD0000I Operation succeeded.

Let’s start to configure;

Update audit_buf_sz parameter.

db2 update dbm cfg using audit_buf_sz 64

1	db2 update dbm cfg using audit_buf_sz 64

Two paths parameters.

One where audit main file will be created.
Second where it will be archived.

db2audit configure scope audit status both archivepath /dbawork/audit/
db2audit configure scope audit status both datapath /dbawork/audit/archive

1 2	db2audit configure scope audit status both archivepath /dbawork/audit/ db2audit configure scope audit status both datapath /dbawork/audit/archive

Now lets create policy, you can create multiple policies in db2. you can even create policy for single table, for detail you can visit IBM page

https://www.ibm.com/support/knowledgecenter/SSEPGG_11.1.0/com.ibm.db2.luw.admin.sec.doc/doc/c0005483.html

I am creating generic audit policy for all database objects in my database.

db2 connect to COREDB
db2 "CREATE AUDIT POLICY BANKAUDIT CATEGORIES AUDIT STATUS BOTH,SECMAINT STATUS BOTH,OBJMAINT STATUS BOTH,CHECKING STATUS BOTH,VALIDATE STATUS BOTH ERROR TYPE AUDIT CREATE AUDIT POLICY BANKAUDIT CATEGORIES AUDIT STATUS BOTH,OBJMAINT STATUS BOTH,CHECKING STATUS BOTH,VALIDATE STATUS BOTH ERROR TYPE AUDIT"

db2 connect to COREDB

db2 "CREATE AUDIT POLICY BANKAUDIT CATEGORIES AUDIT STATUS BOTH,SECMAINT STATUS BOTH,OBJMAINT STATUS BOTH,CHECKING STATUS BOTH,VALIDATE STATUS BOTH ERROR TYPE AUDIT CREATE AUDIT POLICY BANKAUDIT CATEGORIES AUDIT STATUS BOTH,OBJMAINT STATUS BOTH,CHECKING STATUS BOTH,VALIDATE STATUS BOTH ERROR TYPE AUDIT"

The audit facility acts at both the instance and database levels, independently recording all activities in separate logs based on either the instance or the database.

db2audit describe
DB2 AUDIT SETTINGS:

Audit active: "TRUE "
Log audit events: "BOTH"
Log checking events: "BOTH"
Log object maintenance events: "BOTH"
Log security maintenance events: "BOTH"
Log system administrator events: "BOTH"
Log validate events: "BOTH"
Log context events: "BOTH"
Return SQLCA on audit error: "FALSE "
Audit Data Path: "/dbawork/audit/"
Audit Archive Path: "/dbawork/audit/archive"

AUD0000I Operation succeeded.

db2audit describe

DB2 AUDIT SETTINGS:

Audit active: "TRUE "

Log audit events: "BOTH"

Log checking events: "BOTH"

Log object maintenance events: "BOTH"

Log security maintenance events: "BOTH"

Log system administrator events: "BOTH"

Log validate events: "BOTH"

Log context events: "BOTH"

Return SQLCA on audit error: "FALSE "

Audit Data Path: "/dbawork/audit/"

Audit Archive Path: "/dbawork/audit/archive"

AUD0000I Operation succeeded.