Message Image  

View Entry

IBM Support: How to enable auditing on IIAS system? 

Fri December 13, 2019 12:04 PM

https://www.ibm.com/support/pages/node/1000568?myns=swgimgmt&mynp=OCSSHRBY&mync=E&cm_sp=swgimgmt-_-OCSSHRBY-_-E

How to enable auditing on IIAS system?

How To


Summary

Please follow the steps below to enable auditing on your IIAS system. Login to IIAS as root user.

Steps

1. On IIAS head node, login to the Db2wh container, connect to bludb and execute following script

docker exec -it Db2Wh bash

As root run the script

     /opt/ibm/dashdb-security/installaudit 

Note: User 'bluadmin' or dbinst1 does not have permission to execute 'installaudit' script.  

2. Script defines AUDIT_ALL policy. It can be enabled by executing following SQL command.

AUDIT DATABASE USING POLICY AUDIT_ALL

Note: At present setting up policy at schema level is not supported. If you want to capture everything in your audit, defining a policy at database level will have a noticeable performance impact. Hence it is best to apply it to individual tables. You can define policies with different granularity for different tables to suit your needs.

3. Setup a Db2 task to frequently offload the data collected in the log files to the audit tables using following SQL command:

CALL SYSPROC.ADMIN_TASK_ADD( ‘<TASK_NAME>’, NULL, NULL, NULL, '<CRON-JOB like Frequency>', ‘<SCHEMA-NAME>’,‘<PROCEDURE>’ , NULL, NULL, ‘<comments>’ )

In our case the AUDIT.UPDATE() is the procedure created to load the tables

with the audit data. The following example will call it every 5 min.

CALL SYSPROC.ADMIN_TASK_ADD( 'AUDIT_UPDATE', NULL, NULL, NULL, '*/5 * * * *', 'AUDIT', 'UPDATE', NULL,              NULL, 'Periodically update to audit tables' );

You will find more information on this here:

https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.sql.rtn.doc/doc/r0054371.html

4. Check if the task is added successfully using following SQL command.

SELECT * from SYSTOOLS.ADMIN_TASK_LIST WHERE NAME=’<name>’

5. Verify the audit policies in effect using following SQL command:

SELECT * FROM SYSCAT.AUDITUSE WHERE AUDITPOLICYNAME = ‘<policy_name>’

6. Check if the task is working fine using following SQL command.

SELECT * FROM SYSTOOLS.ADMIN_TASK_STATUS WHERE NAME=’<name>

Document Information

More support for:
IBM Integrated Analytics System

Component:
Auditing

Software version:
All Versions

Operating system(s):
Linux

Document number:
1000568

Modified date:
13 December 2019


#IIAS
#IntegratedAnalyticsSystem

Statistics

0 Favorited
7 Views
0 Files
0 Shares
0 Downloads