How to filter DB2 error codes in Guardium policies

Question & Answer

Question

We need to filter out some DB2 error codes, as they are filling up the Guardium DB. However, adding the error code to a group in the policy rule does not work. For example for error SQL20445N, we tried setting the group member to 20445 and SQL20445N, but does not work. How do we specify the filters for DB2 error codes?

Answer

Upon an error condition, DB2 sends SQLSTATE-SQLERRP:SQLCODE. In this string, the last part following ":" is the error code.

For example, to specify the filter for the following error:

DB21034E The command was processed as an SQL statement because it was not a valid Command Line Processor command. During SQL processing it returned: SQL20445N The security label name "MYLABEL" is not valid as specified. SQLSTATE=42704

DB2 returns "42704-sqlnqa29:20445". In this case, to filter error code 20445, the specification must be "%:20445".

Since the wild card and the actual error code are separated by a colon, this will match only the specified error code and the wild card will not impact other error codes

[{"Product":{"code":"SSMPHH","label":"IBM Security Guardium"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"8.0.1;8.1;8.2;9.0;9.1","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

How to filter DB2 error codes in Guardium policies

Question & Answer

Question

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?