DB2 LUW Security -- DB2 Audit Log Olympics

In keeping with the Olympic theme, I have decided to hold my own Audit Log Olympic event.

I have two new environments to set up and want to make the work fun.

Both databases are in their own separate instance. One database is a single partition database. The other is a DPF database with 4 partitions on one host.

Since most Olympic events are about moving faster for the best performance, I want to make my DB2 Active Audit Logs move and perform at their peak.

With DB2 9.5 (and 9.7), I think I can make that happen. I'm excited. I want my audit logs to go for the Gold !

I'll start with the smaller, single partition database. First, I'm going to bribe my storage guru with some snickerdoodle cookies. I'll be right back.

That worked. She will configure a storage location for the active audit logs so that they will exist on some super fast disks.

When she completes her work, I can use this command to re-configure the location of the active audit logs:

db2audit configure datapath /myspeedydisklocation

For my DPF database, I guess I could use a shared drive and let all my DPF active audit logs write to it. But, I'm going for the best possible performance, so I think I will use a unique path for each node instead so that each node will write its active audit log to a unique disk to avoid contention.

Although the same datapath must be used for each separate partition, I can use database partition expressions to reach my goal.

I have four nodes (partitions 0 - 3). My db2nodes.cfg file looks something like this:

0 machine1 0
1 machine1 1
2 machine1 2
3 machine1 3

My storage guru says for this shot at the gold medal, I want my datapath for my active audit logs to be on:

/Lockit/SpeedyAud0
/Lockit/SpeedyAud1
/Lockit/SpeedyAud2
/Lockit/SpeedyAud3

She's already created these for me (thanks Beth). I'm logged on as the instance owner and I have write permissions, so I am ready to use the database partition expression shortcut

db2audit configure datapath '/Lockit/SpeedyAud $N' (make sure to keep the space before the $N)

To avoid any contention for the top medals, I will avoid using these same speedy disks for any other instances. (Besides, I don't want to deal with battling audit logs, I have enough other battles to fight.)

I'll complete the remainder of my security set up work, do a db2stop/db2start and open the environments to my users.

My work is done. Now I can sit back and enjoy the event. Wonder what kind of shoes I should wear to the awards ceremony?


But, what about the audit archive logs, you ask? For the answer, send me an email with your favorite security tip or fact and I'll respond.


IDUG NA registration is now open: IDUG North America Conference

My column on Database Journal. Database Journal - DB2Locksmith's Column

I WELCOME YOUR EMAILS TO: db2locksmith at securedb2.com