After Db2
Warehouse audit logging is enabled, you can create a log streaming pod
to forward the audit logs to the Cloud Pak for Data audit
service.
Procedure
- Create environment variables for your environment.
- Run the following command to determine the name of your active
db2ucluster
:
oc get db2ucluster -n ${PROJECT_CPD_INST_OPERANDS}
- Set the db2ucluster-name environment variable to the database
instance you want to configure log streaming for:
export DB2UCLUSTER=<db2ucluster-name>
- Run the following command to determine the TLS secret of your database instance:
$ oc get secret -n ${PROJECT_CPD_INST_OPERANDS} | grep tls
- Set the INSTANCE_TLS environment variable to the TLS secret for the
database instance that you want to configure log streaming for:
export INSTANCE_TLS=<instance-tls>
For example, for the
DB2WH
instance, you can set it to the
default
secret:
export INSTANCE_TLS=db2wh-internal-tls
-
Run the following command to confirm that audit logging is enabled and the
auditlogs
PVC
has been created for your deployed
database. oc get db2u <db2ucluster-name> -oyaml
Confirm
that
enableAudit
is set to
true
and
auditlogs PVC
is added in
storage configs
.
- Create the log stream
pod:
cat << EOF | oc apply -f -
apiVersion: db2ulog.databases.ibm.com/v1alpha1
kind: Db2uLogStream
metadata:
name: $DB2UCLUSTER
spec:
configurations:
- type: audit
format: cadf
connection: cp4d
connections:
cp4d:
endpoint: https://zen-audit-svc.${PROJECT_CPD_INST_OPERANDS}:9880/records
credentials: $INSTANCE_TLS
authType: tls
EOF
The log stream pod is created after applying the
yaml
file. You can
run the following commanded to verify that the pod is now active:
$ oc get pod | grep logstream
The
commanded will generate output similar to the following
example:
c-db2wh-audit-test-logstream-6fb596cd5f-5r4xd 1/1 Running 0 43h