Db2 LUW 11.1.2 audit logging (SOLVED)

Daniel Luksetich

Db2 LUW 11.1.2 audit logging (SOLVED)
Here is an update in case there is an interested party out there (hopefully
you people are auditing).



The issue was with the SYSPROC.AUDIT_DELIM_EXTRACT stored procedure. I was
pointing it at a directory in Windows which contained a single archived
audit log file. The problem was that at the end of my script I move the
archived audit log file to a subdirectory under the directory that I am
pointing to when I call the procedure. Apparently the procedure looks for
all logs under all subdirectories. Moving my archived logs to a completely
different directory solved the problem.



e.g.

/auditlogs

/auditlogs/archive



Specifying SYSPROC.AUDIT_DELIM_EXTRACT with a parameter for "/auditlogs"
will find all logs in /auditlogs and /auditlogs/archive.



Cheers,

Dan



Daniel L Luksetich

DanL Database Consulting



IBM GOLD Consultant

IBM Champion for Analytics

IDUG Content Committee Past-Chairman

IBM Certified Database Adminstrator - DB2 11 DBA for z/OS

IBM Certified System Administrator - DB2 11 for z/OS

IBM Certified Application Developer - DB2 11 for z/OS

IBM Certified Advanced Database Administrator - DB2 10.1 for Linux UNIX and
Windows



From: Daniel L Luksetich [mailto:[login to unmask email]
Sent: Monday, October 2, 2017 1:19 PM
To: [login to unmask email]
Subject: [DB2-L] - Db2 LUW 11.1.2 audit logging



Folks,

I am auditing several tables on Db2 11.1.2 and have an issue with the audit
log. It seems that the audit log is accumulating information about events
continuously. In other words, audit_buf_size is 0 and yet whenever there is
some activity that generates audit information it produces ALL audit
information from when the instance was started. I archive the audit log on a
daily basis and yet every time some happens that is audited I get the entire
history in my audit log. Just to be perfectly clear, the audit log doesn't
exist, then an audited event happens, then I get an audit lob but the log
has all the events since the instance was started. So, my audit reports get
accumulated audit information every day until I cycle the instance. I almost
never cycle the instance. Any advice?

Thanks,

Dan



Daniel L Luksetich

DanL Database Consulting



IBM GOLD Consultant

IBM Champion for Analytics

IDUG Content Committee Past-Chairman

IBM Certified Database Adminstrator - DB2 11 DBA for z/OS

IBM Certified System Administrator - DB2 11 for z/OS

IBM Certified Application Developer - DB2 11 for z/OS

IBM Certified Advanced Database Administrator - DB2 10.1 for Linux UNIX and
Windows





-----End Original Message-----