Customizing an audit policy in Db2 audit facility
You can customize default Db2 audit facility configurations.
About this task
Audit logging is enabled by default with a pre-defined audit policy
that is applied to the user group ALL USERS and functional users. If you are an authorized user, you
can customize the built-in audit policy to ensure that it meets your organizational needs in the
following ways:
-
Start and stop recording auditable events within the Watson Query instance.
-
Create an audit policy to identify which events you want monitored and recorded during the audit process.
-
Apply an audit policy to a user group to track activities among user groups with varying levels of risk that is associated with the group’s activities.
-
View all the audit policies created, and that are in use to determine whether the coverage meets your needs.
Procedure
Refer to the following tasks to customize an audit policy:
- Create a policy
- Run the following example command to create an audit policy that covers most events in Watson
Query:
CREATE AUDIT POLICY ${NAME_OF_POLICY} CATEGORIES OBJMAINT STATUS BOTH, VALIDATE STATUS BOTH, CHECKING STATUS BOTH, SECMAINT STATUS BOTH, EXECUTE WITHOUT DATA STATUS BOTH, CONTEXT STATUS BOTH, AUDIT STATUS BOTH ERROR TYPE NORMAL;
- Apply a policy to a user group
- Run the following command to apply a policy to a user group:
AUDIT GROUP ${USER_GROUP} USING POLICY ${NAME_OF_POLICY};
- View all audit policies created
- Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITPOLICIES;
- View all current audit policies in use
- Run the following command to view all the policies that have been created:
select * from SYSCAT.AUDITUSE;
- Remove a policy from a user group
- Run the following command to remove a policy from a user group:
AUDIT GROUP ${NAME_OF_GROUP} REMOVE POLICY;