Audit tool for DB2 for Z/OS

Yvonne Wu

Audit tool for DB2 for Z/OS


I am interested to know what tool are you using to audit DB2 activities
on the Z platform and your experience with the tool.
Any feedback would be much appreciated.

Thank you,
Yvonne


********************************************************************************
This e-mail and any files transmitted with it, are confidential to National Grid and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please reply to this message and let the sender know.



______________________________________________________________________

* IDUG 2009 Denver, CO, USA * May 11-15, 2009 * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Rick Weaver

Re: Audit tool for DB2 for Z/OS
(in response to Yvonne Wu)
what activities in particular are you looking for? Several vendors have
tools that can read the DB2 logs and fetch off things like INSERTs,
UPDATEs, DELETEs, DROPs, etc. Is that what you are looking for?


Rick Weaver
Product Manager
DB2 z/OS Solutions
BMC Software



________________________________

From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Wu, Yvonne Y.
Sent: Thursday, January 22, 2009 1:40 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS




I am interested to know what tool are you using to audit DB2 activities
on the Z platform and your experience with the tool.
Any feedback would be much appreciated.

Thank you,
Yvonne

************************************************************************
********
This e-mail and any files transmitted with it, are confidential to
National Grid and are intended solely for the use of the individual or
entity to whom they are addressed. If you have received this e-mail in
error, please reply to this message and let the sender know.


________________________________

IDUG 2009 - Australasia * 18-20 March * Melbourne, Australia
< http://idug.org/lsAU >

IDUG.org < http://www.idug.org > was recently updated requiring members
to use a new password. You should have gotten an e-mail with the
temporary password assigned to your account. Please log in and update
your member profile. If you are not already an IDUG.org member, please
register here. < http://www.idug.org/component/juser/register.html >


______________________________________________________________________

* IDUG 2009 Denver, CO, USA * May 11-15, 2009 * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Yvonne Wu

Re: Audit tool for DB2 for Z/OS
(in response to Rick Weaver)
The SQL activities. We want to know who accessed the sensative data
(including INSERT, UPDATE, DELETE, DROP, ...etc.). We also want the
tool to capture any hecker break-ins. The tool should have minimum or
no impact to the systeem resource, performance.
Could you please let me know the vendors' name and their product names
as well as possible user experience with the tools?

Thanks,
Yvonne

________________________________

From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Weaver, Rick
Sent: Thursday, January 22, 2009 3:48 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS


what activities in particular are you looking for? Several vendors have
tools that can read the DB2 logs and fetch off things like INSERTs,
UPDATEs, DELETEs, DROPs, etc. Is that what you are looking for?


Rick Weaver
Product Manager
DB2 z/OS Solutions
BMC Software



________________________________

From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Wu, Yvonne Y.
Sent: Thursday, January 22, 2009 1:40 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS




I am interested to know what tool are you using to audit DB2 activities
on the Z platform and your experience with the tool.
Any feedback would be much appreciated.

Thank you,
Yvonne

************************************************************************
********
This e-mail and any files transmitted with it, are confidential to
National Grid and are intended solely for the use of the individual or
entity to whom they are addressed. If you have received this e-mail in
error, please reply to this message and let the sender know.


________________________________

IDUG 2009 - Australasia * 18-20 March * Melbourne, Australia
< http://idug.org/lsAU >

IDUG.org < http://www.idug.org > was recently updated requiring members
to use a new password. You should have gotten an e-mail with the
temporary password assigned to your account. Please log in and update
your member profile. If you are not already an IDUG.org member, please
register here. < http://www.idug.org/component/juser/register.html >


________________________________

IDUG 2009 - Australasia * 18-20 March * Melbourne, Australia
< http://idug.org/lsAU >

IDUG.org < http://www.idug.org > was recently updated requiring members
to use a new password. You should have gotten an e-mail with the
temporary password assigned to your account. Please log in and update
your member profile. If you are not already an IDUG.org member, please
register here. < http://www.idug.org/component/juser/register.html >


______________________________________________________________________

* IDUG 2009 Denver, CO, USA * May 11-15, 2009 * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Steen Rasmussen

Re: Audit tool for DB2 for Z/OS
(in response to Yvonne Wu)
Good Sunday Yvonne,



We are a few vendors out there who have a tool you might find
interesting. If you want to discuss details - please contact me offline.




CA has Log Analyzer

BMC has LogMaster

IBM has Log Analysis Tool

There might be others.



I can only speak for CA's Log Analyzer, but it does capture who did
what, where and when by reading the archive and/or active logs, so there
isn't really any systems impact. You can also capture any activity
against the catalog and directory - such as who altered/dropped an
object, who did rebinds against which packages, who did grant/revoke.
Pretty much all the details you need in order to stay compliant or play
"Sherlock Holmes" J

Beside auditing - another interesting aspect is the ability to backout
certain applications or execute data replication either for another DB2
system or RDBMS's on other platforms.



Steen Rasmussen
CA

Sr Engineering Services Architect

IBM Certified Database Associate - DB2 9 Fundamentals

IBM Certified Database Administrator - DB2 9 DBA for z/OS

Tel : +1-630-505-6673 (US direct)
Tel : +1-815-274-9589 (US mobile)

Tel : +45-22 15 44 98 (Europe mobile)
[login to unmask email]
< http://www.ca.com/ >



From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Wu, Yvonne Y.
Sent: Sunday, January 25, 2009 1:24 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS



The SQL activities. We want to know who accessed the sensative data
(including INSERT, UPDATE, DELETE, DROP, ...etc.). We also want the
tool to capture any hecker break-ins. The tool should have minimum or
no impact to the systeem resource, performance.

Could you please let me know the vendors' name and their product names
as well as possible user experience with the tools?



Thanks,

Yvonne




______________________________________________________________________

* IDUG 2009 Denver, CO, USA * May 11-15, 2009 * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Yvonne Wu

Re: Audit tool for DB2 for Z/OS
(in response to Steen Rasmussen)
Thank you for the information, Steen.

________________________________

From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Rasmussen, Steen
Sent: Sunday, January 25, 2009 2:46 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS



Good Sunday Yvonne,



We are a few vendors out there who have a tool you might find
interesting. If you want to discuss details - please contact me offline.




CA has Log Analyzer

BMC has LogMaster

IBM has Log Analysis Tool

There might be others.



I can only speak for CA's Log Analyzer, but it does capture who did
what, where and when by reading the archive and/or active logs, so there
isn't really any systems impact. You can also capture any activity
against the catalog and directory - such as who altered/dropped an
object, who did rebinds against which packages, who did grant/revoke.
Pretty much all the details you need in order to stay compliant or play
"Sherlock Holmes" J

Beside auditing - another interesting aspect is the ability to backout
certain applications or execute data replication either for another DB2
system or RDBMS's on other platforms.



Steen Rasmussen
CA

Sr Engineering Services Architect

IBM Certified Database Associate - DB2 9 Fundamentals

IBM Certified Database Administrator - DB2 9 DBA for z/OS

Tel : +1-630-505-6673 (US direct)
Tel : +1-815-274-9589 (US mobile)

Tel : +45-22 15 44 98 (Europe mobile)
[login to unmask email]
< http://www.ca.com/ >



From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Wu, Yvonne Y.
Sent: Sunday, January 25, 2009 1:24 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS



The SQL activities. We want to know who accessed the sensative data
(including INSERT, UPDATE, DELETE, DROP, ...etc.). We also want the
tool to capture any hecker break-ins. The tool should have minimum or
no impact to the systeem resource, performance.

Could you please let me know the vendors' name and their product names
as well as possible user experience with the tools?



Thanks,

Yvonne




________________________________

IDUG 2009 - Europe * 5-9 October * Rome, Italy < http://idug.org/lseu >

IDUG.org < http://www.idug.org > was recently updated requiring members
to use a new password. You should have gotten an e-mail with the
temporary password assigned to your account. Please log in and update
your member profile. If you are not already an IDUG.org member, please
register here. < http://www.idug.org/component/juser/register.html >



********************************************************************************
This e-mail and any files transmitted with it, are confidential to National Grid and are intended solely for the use of the individual or entity to whom they are addressed. If you have received this e-mail in error, please reply to this message and let the sender know.



______________________________________________________________________

* IDUG 2009 Melbourne, Australia * 18-20 March * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Antoon Vekeman

Re: Audit tool for DB2 for Z/OS
(in response to Yvonne Wu)
Yvonne,

You might want to look at our DBARS product
(www.sprdb2.com/DBARS/summary.htm).

The product can be used to audit both read and write database access.

Antoon Vekeman
Software Product Research

On Thu, 22 Jan 2009 14:40:27 -0500, Wu, Yvonne Y.
<[login to unmask email]> wrote:

>

I am interested to know what tool are you using to audit DB2 activities
on the Z platform and your experience with the tool.
Any feedback would be much appreciated.

Thank you,
Yvonne


**********************************************************
**********************
This e-mail and any files transmitted with it, are confidential to National Grid
and are intended solely for the use of the individual or entity to whom they
are addressed. If you have received this e-mail in error, please reply to this
message and let the sender know.


>
>_________________________________________________________________
_____
>
>* IDUG 2009 Denver, CO, USA * May 11-15, 2009 * http://IDUG.ORG/Events
*
>_________________________________________________________________
_____
>
>
>
>
>IDUG.org was recently updated requiring members to use a new password.
You should have gotten an e-mail with the temporary password assigned to
your account. Please log in and update your member profile. If you are not
already an IDUG.org member, please register at
http://www.idug.org/component/juser/register.html

______________________________________________________________________

* IDUG 2009 Melbourne, Australia * 18-20 March * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Nick Smith

Re: Audit tool for DB2 for Z/OS
(in response to Antoon Vekeman)
Yvonne,

We have just started using BMC Log Master in our shop. As of now, we find
this tool to be acceptable. We can read the log on a periodic basis, and it
is giving the information regarding INSERT, UPDATE and DELETE operations.

As we are very new to this product, I am not in a position to comment in
detail about this product, yet.

Hope, this helps.

Nick


On Thu, Jan 22, 2009 at 12:40 PM, Wu, Yvonne Y. <[login to unmask email]>wrote:

>
>
> I am interested to know what tool are you using to audit DB2 activities on
> the Z platform and your experience with the tool.
> Any feedback would be much appreciated.
>
> Thank you,
> Yvonne
>
>
> ********************************************************************************
> This e-mail and any files transmitted with it, are confidential to National
> Grid and are intended solely for the use of the individual or entity to whom
> they are addressed. If you have received this e-mail in error, please reply
> to this message and let the sender know.
>
> ------------------------------
>
> *IDUG 2009 - Australasia * 18-20 March * Melbourne, Australia* < http://idug.org/lsAU >
>
> *IDUG.org* < http://www.idug.org/ > was recently updated requiring members
> to use a new password. You should have gotten an e-mail with the temporary
> password assigned to your account. Please log in and update your member
> profile. If you are not already an IDUG.org member, please register here. < http://www.idug.org/component/juser/register.html >
>

______________________________________________________________________

* IDUG 2009 Melbourne, Australia * 18-20 March * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Adam Baldwin

Re: Audit tool for DB2 for Z/OS
(in response to Nick Smith)
Yvonne, when you say that you want an audit tool that will also capture
hacker break-ins, do you mean that you're looking for something that will do
real time policing? It's one thing being able to find out who did something
when you know what you're looking for, and another thing trying to prevent
something from happening. Any audit tool is only a part of an overall security
strategy. The most important aspect of security is control and prevention.
Doing detective work after the event is always second best.

Cheers, Adam.

______________________________________________________________________

* IDUG 2009 Melbourne, Australia * 18-20 March * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Roger Miller

Re: Audit tool for DB2 for Z/OS
(in response to Adam Baldwin)
Here are a couple more:
http://www.ibm.com/software/tivoli/products/zsecure/
http://www.ibm.com/software/data/db2imstools/db2tools/db2ame/

Roger Miller, DB2 for z/OS

On Mon, 26 Jan 2009 10:19:46 -0500, Wu, Yvonne Y.
<[login to unmask email]> wrote:

>Thank you for the information, Steen.

________________________________

From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Rasmussen, Steen
Sent: Sunday, January 25, 2009 2:46 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS


Good Sunday Yvonne,



We are a few vendors out there who have a tool you might find
interesting. If you want to discuss details - please contact me offline.


CA has Log Analyzer

BMC has LogMaster

IBM has Log Analysis Tool

There might be others.



I can only speak for CA's Log Analyzer, but it does capture who did
what, where and when by reading the archive and/or active logs, so there
isn't really any systems impact. You can also capture any activity
against the catalog and directory - such as who altered/dropped an
object, who did rebinds against which packages, who did grant/revoke.
Pretty much all the details you need in order to stay compliant or play
"Sherlock Holmes" J

Beside auditing - another interesting aspect is the ability to backout
certain applications or execute data replication either for another DB2
system or RDBMS's on other platforms.



Steen Rasmussen
CA

Sr Engineering Services Architect

IBM Certified Database Associate - DB2 9 Fundamentals

IBM Certified Database Administrator - DB2 9 DBA for z/OS

Tel : +1-630-505-6673 (US direct)
Tel : +1-815-274-9589 (US mobile)

Tel : +45-22 15 44 98 (Europe mobile)
[login to unmask email]
< http://www.ca.com/ >



From: DB2 Data Base Discussion List [mailto:[login to unmask email] On
Behalf Of Wu, Yvonne Y.
Sent: Sunday, January 25, 2009 1:24 PM
To: [login to unmask email]
Subject: Re: [DB2-L] Audit tool for DB2 for Z/OS



The SQL activities. We want to know who accessed the sensative data
(including INSERT, UPDATE, DELETE, DROP, ...etc.). We also want the
tool to capture any hecker break-ins. The tool should have minimum or
no impact to the systeem resource, performance.

Could you please let me know the vendors' name and their product names
as well as possible user experience with the tools?



Thanks,

Yvonne




**********************************************************
**********************
This e-mail and any files transmitted with it, are confidential to National Grid
and are intended solely for the use of the individual or entity to whom they
are addressed. If you have received this e-mail in error, please reply to this
message and let the sender know.

______________________________________________________________________

* IDUG 2009 Denver, CO, USA * May 11-15, 2009 * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Craig Mullins

Audit tool for DB2 for Z/OS
(in response to Roger Miller)
Anyone looking for a database auditing tool should be aware of the
different techniques that can be deployed for auditing access.

The first technique is trace-based auditing. This technique is usually
built directly into the native capabilities of the DBMS (this is the
case for DB2 for z/OS). Commands or parameters are set to turn on
auditing and the DBMS begins to write trace records when activity occurs
against audited objects. The problems with this technique include a high
potential for performance degradation when audit tracing is enabled. For
example, the IBM manuals indicate up to a 10% performance hit when DB2
audit traces are started. Additional problems include the need to modify
the database schema to turn auditing on and insufficient granularity of
audit control, especially for reads.



Another technique is to scan and parse the database transaction logs.
Every DBMS uses transaction logs to capture database modifications for
recovery purposes. An auditing tool can interpret these logs and
identify what data was changed and by which users. The drawbacks to this
technique include no capture of read-only accesses (because reads are
not captured on transaction logs); there are ways to disable logging
that will cause modifications to be lost; performance issues scanning
volumes and volumes of log files looking for only specific information
to audit; and the difficulty of retaining logs over long periods for
auditing when they were designed for short-term retention for database
recovery.



The third technique is to sniff packets for database requests as they
cross the network. By capturing the SQL statements as they cross the
network an audit trail of all database requests that go over the network
can be produced. Of course, the problem here is that not every request
goes across the network. This is especially the case for mainframe
transactions. For example, a DB2-CICS application where all of the work
is mainframe-resident does not require TCP/IP and therefore this work
cannot be captured by packet sniffing. Same thing goes for IMS/TM and
TSO requests, or any other work done right on the mainframe.



The fourth data access auditing technique is proactive monitoring of
operations at the database server level. This technique captures all
database requests as they are made. It is important that all database
access can be audited, not just network calls. This is the only
technique that works well for mainframe auditing because most mainframe
database requests do not go out over the network. Proactive audit
monitoring does not require transaction logs, does not require database
schema modification, and will be highly granular in terms of specifying
what to audit.



Regardless of the technique deployed, you should also strive for
separation of duties. In other words, the audited should not be doing
the auditing. And the audit trail should not be stored in DB2 tables
because then you'd have to audit access to the audit trail.



Database auditng tools for DB2 for z/OS (and the technique they use)
include:

Guardium for Mainframes (Guardium, NEON Enterprise Software) - server

DB2 Audit Management Expert (IBM) - trace

Log Analyzer (CA) - log

Log Master (BMC) - log

DBARS (SPR) - ??

Imperva - network



I've written a couple articles on database auditing, too. If anyone is
interested, here are the links:



What Every Good CIO Needs to Know About Mainframe Database Auditing -
http://www.mainframe-exec.com/articles/?p=68



Database Auditing Capabilities for Compliance and Security -
http://www.tdan.com/view-special-features/8135



Consider Data Access Auditing to Classify Data -
http://www.craigsmullins.com/dbta_084.htm



Cheers,

Craig S. Mullins

http://www.CraigSMullins.com




______________________________________________________________________

* IDUG 2009 Melbourne, Australia * 18-20 March * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Antoon Vekeman

Re: Audit tool for DB2 for Z/OS
(in response to Craig Mullins)
DBARS screens the database access requests at the DB2 server level by
software uniquely. The DB2 log or DB2 trace are not used. DBARS falls under
Craig Mullin's category "proactive monitoring of operations at the database
server level".

Antoon Vekeman
Software Product Research
www.sprdb2.com


______________________________________________________________________

* IDUG 2009 Rome, Italy * 5-9 October * http://IDUG.ORG/Events *
______________________________________________________________________



IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html

Roger Miller

Re: Audit tool for DB2 for Z/OS
(in response to Antoon Vekeman)
I'll add a twist or two with my bias. I worry about the products which
connect to DB2 without using an external interface. There are always some
problems with the ones that chase control blocks, as the process is not
designed or documented. It works until it breaks. We often work to resolve
problems with such products, and they take a very long time. So I'd always
give points to use of clean, reliable interfaces instead of hooks inside DB2.
They are more likely to keep working. DB2 Audit Management Expert does
have a server option or a trace option, so I'd change one line and add one line.

DB2 Audit Management Expert (IBM) - trace or server option
DB2 Log Analyzer (IBM) - log

Roger Miller, DB2 for z/OS (IBM)

On Thu, 29 Jan 2009 14:09:15 -0600, Craig Mullins
<[login to unmask email]> wrote:

>Anyone looking for a database auditing tool should be aware of the
>different techniques that can be deployed for auditing access.
>
>The first technique is trace-based auditing. This technique is usually
>built directly into the native capabilities of the DBMS (this is the
>case for DB2 for z/OS). Commands or parameters are set to turn on
>auditing and the DBMS begins to write trace records when activity occurs
>against audited objects. The problems with this technique include a high
>potential for performance degradation when audit tracing is enabled. For
>example, the IBM manuals indicate up to a 10% performance hit when DB2
>audit traces are started. Additional problems include the need to modify
>the database schema to turn auditing on and insufficient granularity of
>audit control, especially for reads.
>
>
>
>Another technique is to scan and parse the database transaction logs.
>Every DBMS uses transaction logs to capture database modifications for
>recovery purposes. An auditing tool can interpret these logs and
>identify what data was changed and by which users. The drawbacks to this
>technique include no capture of read-only accesses (because reads are
>not captured on transaction logs); there are ways to disable logging
>that will cause modifications to be lost; performance issues scanning
>volumes and volumes of log files looking for only specific information
>to audit; and the difficulty of retaining logs over long periods for
>auditing when they were designed for short-term retention for database
>recovery.
>
>
>
>The third technique is to sniff packets for database requests as they
>cross the network. By capturing the SQL statements as they cross the
>network an audit trail of all database requests that go over the network
>can be produced. Of course, the problem here is that not every request
>goes across the network. This is especially the case for mainframe
>transactions. For example, a DB2-CICS application where all of the work
>is mainframe-resident does not require TCP/IP and therefore this work
>cannot be captured by packet sniffing. Same thing goes for IMS/TM and
>TSO requests, or any other work done right on the mainframe.
>
>
>
>The fourth data access auditing technique is proactive monitoring of
>operations at the database server level. This technique captures all
>database requests as they are made. It is important that all database
>access can be audited, not just network calls. This is the only
>technique that works well for mainframe auditing because most mainframe
>database requests do not go out over the network. Proactive audit
>monitoring does not require transaction logs, does not require database
>schema modification, and will be highly granular in terms of specifying
>what to audit.
>
>
>
>Regardless of the technique deployed, you should also strive for
>separation of duties. In other words, the audited should not be doing
>the auditing. And the audit trail should not be stored in DB2 tables
>because then you'd have to audit access to the audit trail.
>
>
>
>Database auditng tools for DB2 for z/OS (and the technique they use)
>include:
>
>Guardium for Mainframes (Guardium, NEON Enterprise Software) - server
>
>DB2 Audit Management Expert (IBM) - trace
>
>Log Analyzer (CA) - log
>
>Log Master (BMC) - log
>
>DBARS (SPR) - ??
>
>Imperva - network
>
>
>
>I've written a couple articles on database auditing, too. If anyone is
>interested, here are the links:
>
>
>
>What Every Good CIO Needs to Know About Mainframe Database Auditing -
>http://www.mainframe-exec.com/articles/?p=68
>
>
>
>Database Auditing Capabilities for Compliance and Security -
>http://www.tdan.com/view-special-features/8135
>
>
>
>Consider Data Access Auditing to Classify Data -
>http://www.craigsmullins.com/dbta_084.htm
>
>
>
>Cheers,
>
>Craig S. Mullins
>
>http://www.CraigSMullins.com
>
>

______________________________________________________________________

* IDUG 2009 Denver, CO, USA * May 11-15, 2009 * http://IDUG.ORG/Events *
______________________________________________________________________




IDUG.org was recently updated requiring members to use a new password. You should have gotten an e-mail with the temporary password assigned to your account. Please log in and update your member profile. If you are not already an IDUG.org member, please register at http://www.idug.org/component/juser/register.html