DB2 LUW Security -- DB2 Audit Log Olympics


Posted by bond on February 17, 2010, 9:40 pm
in DB2 Auditing ( DB2 Security)

In keeping with the Olympic theme, I have decided to hold my own Audit Log
Olympic event.
In keeping with the Olympic theme, I have decided to hold my own Audit Log
Olympic event.



I have two new environments to set up and want to make the work fun.


Both databases are in their own separate instance. One database is a
single partition database. The other is a DPF database with 4 partitions
on one host.


Since most Olympic events are about moving faster for the best performance, I want to
make my DB2 Active Audit Logs move and perform at their peak.


With DB2 9.5 (and 9.7), I think I can make that happen. I'm
excited. I want my audit logs to go for the Gold !


I'll start with the smaller, single partition database. First, I'm
going to bribe my storage guru with some snickerdoodle cookies. I'll be
right back.


That worked. She will configure a storage location for the active audit
logs so that they will exist on some super fast disks.


When she completes her work, I can use this command to re-configure the
location of the active audit logs:


db2audit configure datapath
/myspeedydisklocation


For my DPF database, I guess I could use a shared drive and let all my DPF active audit logs write to it. But, I'm going for the best possible
performance, so I think I will use a unique path for each node instead so that each node will write its active audit log to a unique disk to avoid
contention.

Although the same datapath must be used for each
separate partition, I can use database partition expressions to reach my
goal.


I have four nodes (partitions 0 - 3). My db2nodes.cfg file looks
something like this:


0 machine1 0
1 machine1 1
2 machine1 2
3 machine1
3


My storage guru says for this shot at the gold medal, I want my datapath for
my active audit logs to be on:


face=Courier>/Lockit/SpeedyAud0
/Lockit/SpeedyAud1
/Lockit/SpeedyAud2
/Lockit/Spe
edyAud3


She's already created these for me (thanks Beth). I'm logged on as the
instance owner and I have write permissions, so I am ready to use the database
partition expression shortcut


db2audit configure datapath '/Lockit/SpeedyAud
$N' (make sure to keep the space before the $N)


To avoid any contention for the top medals, I will avoid using these same
speedy disks for any other instances. (Besides, I don't want to deal with
battling audit logs, I have enough other battles to fight.)


I'll complete the remainder of my security set up work, do a db2stop/db2start
and open the environments to my users.


My work is done. Now I can sit back and enjoy the event.
Wonder what kind of shoes I should wear to the awards ceremony?


But, what about the audit archive logs, you ask? For the answer, send
me an email with your favorite security tip or fact and I'll
respond.



IDUG NA registration is now open:

IDUG North America Conference



My column on Database Journal.
Database Journal - DB2Locksmith's Column



I WELCOME YOUR EMAILS TO: face=Arial>db2locksmith at securedb2.com


Post from : http://www.dbisoftware.com/blog/db2_security.php
Printed from : http://www.dbisoftware.com/blog/db2_security.php?id=185