Access audit data
You must log into the database as Pat before proceeding with this page.
Audit data is stored in active log files until they are being archived. Once archived, data can be extracted into delimited ASCII file. You can then import the file into tables for analysis.
Operation
The SECADM archives and extracts the audit data to audit tables.
For SECADM to work with audit data collected, DB2 provides the following routines:
- SYSPROC.AUDIT_ARCHIVE - to archive audit logs
- SYSPROC.AUDIT_LIST_LOGS - to locate logs of interest
- SYSPROC.AUDIT_DELIM_EXTRACT - to extract data into delimited files for analysis
On the right pane,click Edit Query to match location that user chose in the previous page
Solution
Example on the right pane shows that Pat:
- uses SYSPROC.AUDIT_ARCHIVE to archive audit logs
- uses SYSPROC.AUDIT_DELIM_EXTRACT to extracts data into delimited ASCII files
- Imports the files into the audit tables accordingly
- Analyzes the audit data using regular SQL statements