These steps are from my Run notes. This may help one of you who is looking for quick audit set up.
db2audit is changed from V9.5. From V9.5, audit is in two levels. One is at Instance level and another is at DB level.
This is how I configure for any new DB set up.
Instance level
---------------
db2audit configure reset
db2audit configure scope audit status BOTH, CHECKING STATUS FAILURE, OBJMAINT STATUS BOTH, SECMAINT STATUS BOTH, SYSADMIN STATUS FAILURE, VALIDATE STATUS BOTH,CONTEXT STATUS NONE datapath /auditdata/ archivepath /auditarch/
db2audit start
Verify Instance level setting with below command
db2audit describe
DB Level
-----------
db2 "connect to <dbname>"
db2 "CREATE AUDIT POLICY CHECK_AUDIT CATEGORIES VALIDATE STATUS BOTH, CHECKING STATUS NONE, OBJMAINT STATUS BOTH, SECMAINT STATUS BOTH, CONTEXT STATUS NONE, AUDIT STATUS BOTH, SYSADMIN STATUS BOTH ERROR TYPE AUDIT"
db2 "AUDIT DATABASE USING POLICY CHECK_AUDIT"
Verify DB level setting with below command
db2 "select substr(AUDITPOLICYNAME,1,25) policy,OBJECTTYPE,SUBOBJECTTYPE,substr(OBJECTSCHEMA,1,20) schema,substr(OBJECTNAME,1,20) object from syscat.audituse"
db2 "select substr(AUDITPOLICYNAME,1,10) policy,AUDITSTATUS,CONTEXTSTATUS,VALIDATESTATUS,CHECKINGSTATUS,SECMAINTSTATUS,OBJMAINTSTATUS,SYSADMINSTATUS,EXECUTESTATUS,EXECUTEWITHDATA from syscat.auditpolicies"
Hope this helps...
db2audit is changed from V9.5. From V9.5, audit is in two levels. One is at Instance level and another is at DB level.
This is how I configure for any new DB set up.
Instance level
---------------
db2audit configure reset
db2audit configure scope audit status BOTH, CHECKING STATUS FAILURE, OBJMAINT STATUS BOTH, SECMAINT STATUS BOTH, SYSADMIN STATUS FAILURE, VALIDATE STATUS BOTH,CONTEXT STATUS NONE datapath /auditdata/ archivepath /auditarch/
db2audit start
Verify Instance level setting with below command
db2audit describe
DB Level
-----------
db2 "connect to <dbname>"
db2 "CREATE AUDIT POLICY CHECK_AUDIT CATEGORIES VALIDATE STATUS BOTH, CHECKING STATUS NONE, OBJMAINT STATUS BOTH, SECMAINT STATUS BOTH, CONTEXT STATUS NONE, AUDIT STATUS BOTH, SYSADMIN STATUS BOTH ERROR TYPE AUDIT"
db2 "AUDIT DATABASE USING POLICY CHECK_AUDIT"
Verify DB level setting with below command
db2 "select substr(AUDITPOLICYNAME,1,25) policy,OBJECTTYPE,SUBOBJECTTYPE,substr(OBJECTSCHEMA,1,20) schema,substr(OBJECTNAME,1,20) object from syscat.audituse"
db2 "select substr(AUDITPOLICYNAME,1,10) policy,AUDITSTATUS,CONTEXTSTATUS,VALIDATESTATUS,CHECKINGSTATUS,SECMAINTSTATUS,OBJMAINTSTATUS,SYSADMINSTATUS,EXECUTESTATUS,EXECUTEWITHDATA from syscat.auditpolicies"
Hope this helps...
No comments:
Post a Comment