Hi Chiara,
DB2 can write IFCID 140s to audit on violations if you have started an Audit trace for it.
https://www.ibm.com/docs/en/db2-for-zos/12?topic=db2-audit-tracethese are writen as SMF 102's. Alert can collect these but mind that we cannot collect on specific IFCID's. So you could get a lot of them (and mostly irrelevant) which are all fed to the CARLa engine and that might be costly in term of CPU usage.
by using an audit trace for other classes you might be able to report on other things too. Using option EV.4 can show you what kind of info we can display.
cheers
rene
------------------------------
RENE van TIL
------------------------------
Original Message:
Sent: Mon February 21, 2022 02:15 AM
From: Chiara Baldan
Subject: zSecure alert for DB2 Audit
Hello Jeroen,
I am trying to help out a customer, he is interested in monitoring violations.
Something like receiving an alert after a number of access attempts to a resource in db2.
He is also open to understand what kind of alerts could be build on Db2.
Regards
Chiara
------------------------------
Chiara Baldan
Original Message:
Sent: Mon February 21, 2022 01:59 AM
From: Jeroen Tiggelman
Subject: zSecure alert for DB2 Audit
Hi Chiara,
What kind of Db2 auditing are you trying to achieve?
Regards,
------------------------------
Jeroen Tiggelman
Software Development and Level 3 Support Manager IBM Security zSecure Suite
IBM
Delft
Original Message:
Sent: Sun February 20, 2022 06:59 AM
From: Chiara Baldan
Subject: zSecure alert for DB2 Audit
Hello
Does anyone has created a zSecure alert for DB2 audit.
Did not find documentation on how to write those kind of alerts
Very appreciated if someone could help.
Regards Chiara
------------------------------
Chiara Baldan
------------------------------