IBM Support

Example of using db2audit for database level auditing

Question & Answer


Question

How can I use DB2 audit for database level auditing?

Answer

Below is an example of how to use the db2audit tool to enable database level auditing. See the Related Information section below for documentation on the various commands and how to customize the configuration for your specific needs.


- Connect to your database (sample).
- Create your table (t1).
- Make a directory in which to store the audit files, then go to that directory.

- Create an appropriately sized buffer.
db2 "update dbm cfg using AUDIT_BUF_SZ 64"
- Configure what events you want to track.
db2audit configure scope all status both errortype normal datapath $PWD archivepath $PWD
- Confirm the current configuration.
db2audit describe

- Create the audit policy.
db2 "create audit policy auditPolicy1 categories all status both error type normal"
- Commit the change.
db2 "commit"
- Assign the audit policy to your table.
db2 "audit table t1 using policy auditPolicy1"
db2 "commit"

- Start the audit.
db2audit start

- Now execute a query on the table. For example select from or insert into the table.

- Stop the audit.
db2audit stop
- Flush the captured data from the buffer.
db2audit flush
db2audit archive database sample

- List the database level audit log generated in this directory.
ls db2audit*
- Extract the audit information to a file (audit.aud).
db2audit extract file audit.aud from files <databaseAuditLog>

- If desired, disassociate the policy from the table, then drop the policy.
db2 "audit table t1 remove policy"
db2 "drop audit policy auditPolicy1"


If everything goes without issue, you'll see audit.aud in the current directory. It should document the changes that you just made to your table. Again, this is one of the many configuration of the audit. See the Related Information section for further details.

[{"Product":{"code":"SSEPGG","label":"Db2 for Linux, UNIX and Windows"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Security \/ Plug-Ins - Auditor","Platform":[{"code":"PF016","label":"Linux"}],"Version":"10.5","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]

Document Information

Modified date:
16 June 2018

UID

swg21989857