IBM Security QRadar

Hello there,

The DSM guide does not mention on how to integrate DB2 logs when running in Windows/AIX? the DSM guide only mentioned about DB2 on Mainframe. 
IBM DB2
The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure.
PAGE 512.

If anyone has integrated DB2 before can you please share the steps.
T&R
Arjun Kumar

In the latest DSM Guide MAY 2019
IBM DB2  512
Create a log source for near real-time event feed 513
Creating a log source for Log File protocol .. 514
Integrating IBM DB2 Audit Events ..... 517
Extracting audit data for DB2 v8.x to v9.4 ... 517
Extracting audit data for DB2 v9.5 ..... 518

------------------------------
Richard Gingras
QRadar SME
IBM Security
Cambridge MA
------------------------------

Original Message:
Sent: Mon May 20, 2019 10:27 AM
From: Arjun Kumar
Subject: DB2 on Windows/AIX

Hello there,

The DSM guide does not mention on how to integrate DB2 logs when running in Windows/AIX? the DSM guide only mentioned about DB2 on Mainframe. 
IBM DB2
The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure.
PAGE 512.

If anyone has integrated DB2 before can you please share the steps.
T&R
Arjun Kumar

Dear Richard,

Thank you for the response, but page 512 clearly says : The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure and it does not mention anywhere about Windows/AIX, this is the confusion i am trying to clear.

Many of our customers do not have a full time DB2 admins and rely on Vendors to do configurations, they request us to provide with correct guides on how to enable the logs and at times the DSM guide is very confusing and not clear. 

T&R
Arjun


------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Original Message:
Sent: Tue May 21, 2019 10:11 AM
From: Richard Gingras
Subject: DB2 on Windows/AIX

In the latest DSM Guide MAY 2019
IBM DB2  512
Create a log source for near real-time event feed 513
Creating a log source for Log File protocol .. 514
Integrating IBM DB2 Audit Events ..... 517
Extracting audit data for DB2 v8.x to v9.4 ... 517
Extracting audit data for DB2 v9.5 ..... 518

------------------------------
Richard Gingras
QRadar SME
IBM Security
Cambridge MA

Original Message:
Sent: Mon May 20, 2019 10:27 AM
From: Arjun Kumar
Subject: DB2 on Windows/AIX

Hello there,

The DSM guide does not mention on how to integrate DB2 logs when running in Windows/AIX? the DSM guide only mentioned about DB2 on Mainframe. 
IBM DB2
The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure.
PAGE 512.

If anyone has integrated DB2 before can you please share the steps.
T&R
Arjun Kumar

Hi Arjun,
if you don't have zsecure, the only solution is to extract the audit logs from the database, therefore you'll need a db2 admin to configure this job. We did this in 2016, and it worked fine.
So, you'll need to extract your audit data to a .del file on the server as describe in the dsm guide, and you'll have to create your log source with the log file protocol. This is also mentionned in the guide.
Last thing, the best way to connect to your db2 server is using a ssh key. If you're lucky, your admin will accept to run the job a few times per hour to allow you to have near real time logs. You'll be able to configure the recurrence in your log source configurations to grab the file as many times it's created per hour/day.

Good Luck!
Regards,

------------------------------
Anthony Gayadeen
Analyst
Videotron
QC
------------------------------

Original Message:
Sent: Tue May 21, 2019 01:51 PM
From: Arjun Kumar
Subject: DB2 on Windows/AIX

Dear Richard,

Thank you for the response, but page 512 clearly says : The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure and it does not mention anywhere about Windows/AIX, this is the confusion i am trying to clear.

Many of our customers do not have a full time DB2 admins and rely on Vendors to do configurations, they request us to provide with correct guides on how to enable the logs and at times the DSM guide is very confusing and not clear. 

T&R
Arjun


------------------------------
Arjun Kumar Network & Security Engineer

Original Message:
Sent: Tue May 21, 2019 10:11 AM
From: Richard Gingras
Subject: DB2 on Windows/AIX

In the latest DSM Guide MAY 2019
IBM DB2  512
Create a log source for near real-time event feed 513
Creating a log source for Log File protocol .. 514
Integrating IBM DB2 Audit Events ..... 517
Extracting audit data for DB2 v8.x to v9.4 ... 517
Extracting audit data for DB2 v9.5 ..... 518

------------------------------
Richard Gingras
QRadar SME
IBM Security
Cambridge MA

Original Message:
Sent: Mon May 20, 2019 10:27 AM
From: Arjun Kumar
Subject: DB2 on Windows/AIX

Hello there,

The DSM guide does not mention on how to integrate DB2 logs when running in Windows/AIX? the DSM guide only mentioned about DB2 on Mainframe. 
IBM DB2
The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure.
PAGE 512.

If anyone has integrated DB2 before can you please share the steps.
T&R
Arjun Kumar

Dear Anthony
Thank you very much for the response, we will try this next week and will post an update.

T&R
Arjun

------------------------------
Arjun Kumar Network & Security Engineer
------------------------------

Original Message:
Sent: Wed May 22, 2019 06:51 AM
From: Anthony Gayadeen
Subject: DB2 on Windows/AIX

Hi Arjun,
if you don't have zsecure, the only solution is to extract the audit logs from the database, therefore you'll need a db2 admin to configure this job. We did this in 2016, and it worked fine.
So, you'll need to extract your audit data to a .del file on the server as describe in the dsm guide, and you'll have to create your log source with the log file protocol. This is also mentionned in the guide.
Last thing, the best way to connect to your db2 server is using a ssh key. If you're lucky, your admin will accept to run the job a few times per hour to allow you to have near real time logs. You'll be able to configure the recurrence in your log source configurations to grab the file as many times it's created per hour/day.

Good Luck!
Regards,

------------------------------
Anthony Gayadeen
Analyst
Videotron
QC

Original Message:
Sent: Tue May 21, 2019 01:51 PM
From: Arjun Kumar
Subject: DB2 on Windows/AIX

Dear Richard,

Thank you for the response, but page 512 clearly says : The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure and it does not mention anywhere about Windows/AIX, this is the confusion i am trying to clear.

Many of our customers do not have a full time DB2 admins and rely on Vendors to do configurations, they request us to provide with correct guides on how to enable the logs and at times the DSM guide is very confusing and not clear. 

T&R
Arjun


------------------------------
Arjun Kumar Network & Security Engineer

Original Message:
Sent: Tue May 21, 2019 10:11 AM
From: Richard Gingras
Subject: DB2 on Windows/AIX

In the latest DSM Guide MAY 2019
IBM DB2  512
Create a log source for near real-time event feed 513
Creating a log source for Log File protocol .. 514
Integrating IBM DB2 Audit Events ..... 517
Extracting audit data for DB2 v8.x to v9.4 ... 517
Extracting audit data for DB2 v9.5 ..... 518

------------------------------
Richard Gingras
QRadar SME
IBM Security
Cambridge MA

Original Message:
Sent: Mon May 20, 2019 10:27 AM
From: Arjun Kumar
Subject: DB2 on Windows/AIX

Hello there,

The DSM guide does not mention on how to integrate DB2 logs when running in Windows/AIX? the DSM guide only mentioned about DB2 on Mainframe. 
IBM DB2
The IBM DB2 DSM collects events from an IBM DB2 mainframe that uses IBM Security zSecure.
PAGE 512.

If anyone has integrated DB2 before can you please share the steps.
T&R
Arjun Kumar