Audit SMF records to a table?

Tim Hare

Audit SMF records to a table?

Are there tools that will load the SMF type 102 records produced by audit trace into a table? 

Philip Sevetson

Audit SMF records to a table?
(in response to Tim Hare)
Ask the vendors. At least two of the most popular monitoring tools do so. Not, of course, for free.

From: Tim Hare [mailto:[login to unmask email]
Sent: Thursday, March 29, 2018 11:08 AM
To: [login to unmask email]
Subject: [DB2-L] - Audit SMF records to a table?


Are there tools that will load the SMF type 102 records produced by audit trace into a table?

-----End Original Message-----
**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**

Robert Plata

Audit SMF records to a table?
(in response to Tim Hare)
I am using CA SYSVIEW to report Audit Class 5 with their report writer. I have the instructions to load this data into CA’s performance database, but I haven’t had the time to do it yet.

HTH
Robert Plata

From: Tim Hare <[login to unmask email]>
Sent: Thursday, March 29, 2018 8:08 AM
To: [login to unmask email]
Subject: [DB2-L] - Audit SMF records to a table?


Are there tools that will load the SMF type 102 records produced by audit trace into a table?

-----End Original Message-----

J&#248;rn Thyssen

RE: Audit SMF records to a table?
(in response to Tim Hare)

Hi Tim,

As already mentioned most vendors have a tool for formatting SMF records. Contact your favourite vendor - you might already have the tool in your shop. Should your vendor be IBM please feel free to reach out to me off list.

 

You may also want to take a look at DSN1SMFP

https://www.ibm.com/support/knowledgecenter/en/SSEPEK_10.0.0/ugref/src/tpc/db2z_dsn1smfp.html

 

and see see if the output could be useful.

 


In Reply to Tim Hare:

Are there tools that will load the SMF type 102 records produced by audit trace into a table? 



 

Best regards,

Jørn Thyssen

Rocket Software
77 Fourth Avenue • Waltham, MA • 02451 • USA
E: [login to unmask email] • W: www.rocketsoftware.com 

2018 IBM Champion.

Views are personal. 

Roy Boxwell

Audit SMF records to a table?
(in response to Philip Sevetson)
And ours - also not for free....

Roy Boxwell
SOFTWARE ENGINEERING GmbH and SEGUS Inc.
-Product Development-
Heinrichstrasse 83-85
40239 Düsseldorf/Germany
Tel. +49 (0)211 96149-675
Fax +49 (0)211 96149-32
Email: [login to unmask email]<mailto:[login to unmask email]>
http://www.seg.de

Software Engineering GmbH
Amtsgericht Düsseldorf, HRB 37894
Geschäftsführung: Gerhard Schubert

On 29 Mar 2018, at 17:17, Sevetson, Phil <[login to unmask email]<mailto:[login to unmask email]>> wrote:

Ask the vendors. At least two of the most popular monitoring tools do so. Not, of course, for free.

From: Tim Hare [mailto:[login to unmask email]
Sent: Thursday, March 29, 2018 11:08 AM
To: [login to unmask email]<mailto:[login to unmask email]>
Subject: [DB2-L] - Audit SMF records to a table?


Are there tools that will load the SMF type 102 records produced by audit trace into a table?

-----End Original Message-----
**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**
-----End Original Message-----

Tim Hare

RE: Audit SMF records to a table?
(in response to Jørn Thyssen)

We have Omegamon for DB2 - should I be looking there?

Daniel Luksetich

Audit SMF records to a table?
(in response to Tim Hare)
Omegamon for Db2 does capture audit records and can populate several tables with that information. I’ve set it up and it’s pretty easy, but can be a lot of data.

Dan



Daniel L Luksetich

DanL Database Consulting



IBM GOLD Consultant

IBM Champion for Analytics

IDUG Content Committee Past-Chairman

IDUG DB2-L Administrator

IBM Certified Database Adminstrator – DB2 11 DBA for z/OS

IBM Certified System Administrator – DB2 11 for z/OS

IBM Certified Application Developer – DB2 11 for z/OS

IBM Certified Advanced Database Administrator – DB2 10.1 for Linux UNIX and Windows



From: Tim Hare <[login to unmask email]>
Sent: Thursday, March 29, 2018 1:46 PM
To: [login to unmask email]
Subject: [DB2-L] - RE: Audit SMF records to a table?



We have Omegamon for DB2 - should I be looking there?



-----End Original Message-----

Philip Sevetson

Audit SMF records to a table?
(in response to Tim Hare)
Tim,

Yes, you should be looking at Omegamon. OM/DB2 is one of the products which has the means to create and load tables to analyze DB2 SMF data.

However, _what_ gets loaded into those tables, and _how long_ it stays there, are in your control. To Dan’s comment about SMF 102s generating a lot of data: once you’ve set up the tables, figure out how much data you need (and what traces need to be turned on or turned off!!) in order to do what you’re being told to do. If you’ve got tens of millions of records there and need to do non-simple SQL to get your answers, you’re going to be waiting a while after you hit ENTER.

This is both a question of what _duration_ of data you need in the tables, and what classes/IFCIDs (“Instrumentation Facility Class IDs,” the record subtypes within SMF’s 101 and 102 records) you want to look at. Also, it’s possible to add a heavy burden of measurement if you turn on a lot of trace type/classes and a lot of IFCIDs, and then don’t limit them in ways which restrict measurement to what’s important to you.

So, in short: look at the IFCIDs and Classes and figure out what you need to measure. Then don’t keep it around after you’ve gotten the analysis done, and clear out the old data from your Omegamon-built tables.

--Phil

From: Tim Hare [mailto:[login to unmask email]
Sent: Thursday, March 29, 2018 2:46 PM
To: [login to unmask email]
Subject: [DB2-L] - RE: Audit SMF records to a table?


We have Omegamon for DB2 - should I be looking there?

**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**

J&#248;rn Thyssen

RE: Audit SMF records to a table?
(in response to Tim Hare)

Yes, you can use Omegamon Db2 to load audit records into Db2 tables (“Performance database”)

See more details here:

https://www.ibm.com/support/knowledgecenter/SSUSPA_5.4.0/com.ibm.omegamon.xe.pm_db2.doc_5.4.0/ko2ru/ko2ru00303.htm


In Reply to Tim Hare:

We have Omegamon for DB2 - should I be looking there?



 

Best regards,

Jørn Thyssen

Rocket Software
77 Fourth Avenue • Waltham, MA • 02451 • USA
E: [login to unmask email] • W: www.rocketsoftware.com 

2018 IBM Champion.

Views are personal. 

J&#248;rn Thyssen

RE: Audit SMF records to a table?
(in response to Philip Sevetson)

Hi Phil,

FWIW, many customers use the IBM Db2 Analytics Accelerator to store SMF records.

This will mitigate most storage concerns and runtime issues for any queries against the Omegamon performance database.

In Reply to Philip Sevetson:

Tim,

Yes, you should be looking at Omegamon. OM/DB2 is one of the products which has the means to create and load tables to analyze DB2 SMF data.

However, _what_ gets loaded into those tables, and _how long_ it stays there, are in your control. To Dan’s comment about SMF 102s generating a lot of data: once you’ve set up the tables, figure out how much data you need (and what traces need to be turned on or turned off!!) in order to do what you’re being told to do. If you’ve got tens of millions of records there and need to do non-simple SQL to get your answers, you’re going to be waiting a while after you hit ENTER.

This is both a question of what _duration_ of data you need in the tables, and what classes/IFCIDs (“Instrumentation Facility Class IDs,” the record subtypes within SMF’s 101 and 102 records) you want to look at. Also, it’s possible to add a heavy burden of measurement if you turn on a lot of trace type/classes and a lot of IFCIDs, and then don’t limit them in ways which restrict measurement to what’s important to you.

So, in short: look at the IFCIDs and Classes and figure out what you need to measure. Then don’t keep it around after you’ve gotten the analysis done, and clear out the old data from your Omegamon-built tables.

--Phil

From: Tim Hare [mailto:[login to unmask email]
Sent: Thursday, March 29, 2018 2:46 PM
To: [login to unmask email]
Subject: [DB2-L] - RE: Audit SMF records to a table?


We have Omegamon for DB2 - should I be looking there?

**This e-mail, including any attachments, may be confidential, privileged, or otherwise legally protected. It is intended only for the addressee. If you received this e-mail in error or from someone who was not authorized to send it to you, do not disseminate, copy, or otherwise use this e-mail or its attachments. Please notify the sender immediately by reply e-mail and delete the e-mail from your system.**



 

Best regards,

Jørn Thyssen

Rocket Software
77 Fourth Avenue • Waltham, MA • 02451 • USA
E: [login to unmask email] • W: www.rocketsoftware.com 

2018 IBM Champion.

Views are personal.