1. On IIAS head node, login to the Db2wh container, connect to bludb and execute following script
docker exec -it Db2Wh bash
As root run the script
/opt/ibm/dashdb-security/installaudit
Note: User 'bluadmin' or dbinst1 does not have permission to execute 'installaudit' script.
2. Script defines AUDIT_ALL policy. It can be enabled by executing following SQL command.
AUDIT DATABASE USING POLICY AUDIT_ALL
Note: At present setting up policy at schema level is not supported. If you want to capture everything in your audit, defining a policy at database level will have a noticeable performance impact. Hence it is best to apply it to individual tables. You can define policies with different granularity for different tables to suit your needs.
3. Setup a Db2 task to frequently offload the data collected in the log files to the audit tables using following SQL command:
CALL SYSPROC.ADMIN_TASK_ADD( ‘<TASK_NAME>’, NULL, NULL, NULL, '<CRON-JOB like Frequency>', ‘<SCHEMA-NAME>’,‘<PROCEDURE>’ , NULL, NULL, ‘<comments>’ )
In our case the AUDIT.UPDATE() is the procedure created to load the tables
with the audit data. The following example will call it every 5 min.
CALL
SYSPROC.ADMIN_TASK_ADD( 'AUDIT_UPDATE', NULL, NULL, NULL, '*/5 * * *
*', 'AUDIT', 'UPDATE', NULL, NULL, 'Periodically update to
audit tables' );
You will find more information on this here:
https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.sql.rtn.doc/doc/r0054371.html
4. Check if the task is added successfully using following SQL command.
SELECT * from SYSTOOLS.ADMIN_TASK_LIST WHERE NAME=’<name>’
5. Verify the audit policies in effect using following SQL command:
SELECT * FROM SYSCAT.AUDITUSE WHERE AUDITPOLICYNAME = ‘<policy_name>’
6. Check if the task is working fine using following SQL command.
SELECT * FROM SYSTOOLS.ADMIN_TASK_STATUS WHERE NAME=’<name>’