Configuring log streaming for Db2 Warehouse

After Db2 Warehouse audit logging is enabled, you can create a log streaming pod to forward the audit logs to the Cloud Pak for Data audit service.

Before you begin

Enable audit logging for the Db2 Warehouse service. For more information, see Configuring audit logging for Db2 Warehouse.

Procedure

  1. Create environment variables for your environment.
    1. Run the following command to determine the name of your active db2ucluster:
      oc get db2ucluster -n ${PROJECT_CPD_INST_OPERANDS}
    2. Set the db2ucluster-name environment variable to the database instance you want to configure log streaming for:
      export DB2UCLUSTER=<db2ucluster-name>
    3. Run the following command to determine the TLS secret of your database instance:
      $ oc get secret -n ${PROJECT_CPD_INST_OPERANDS} | grep tls
    4. Set the INSTANCE_TLS environment variable to the TLS secret for the database instance that you want to configure log streaming for:
      export INSTANCE_TLS=<instance-tls>
      For example, for the DB2WH instance, you can set it to the default secret:
      export INSTANCE_TLS=db2wh-internal-tls
  2. Run the following command to confirm that audit logging is enabled and the auditlogs PVC has been created for your deployed database.
    oc get db2u <db2ucluster-name> -oyaml
    Confirm that enableAudit is set to true and auditlogs PVC is added in storage configs.
  3. Create the log stream pod:
    cat << EOF | oc apply -f -
    apiVersion: db2ulog.databases.ibm.com/v1alpha1
    kind: Db2uLogStream
    metadata:
      name: $DB2UCLUSTER
    spec:
      configurations:
        - type: audit
          format: cadf
          connection: cp4d
      connections:
        cp4d:
          endpoint: https://zen-audit-svc.${PROJECT_CPD_INST_OPERANDS}:9880/records
          credentials: $INSTANCE_TLS
          authType: tls
    EOF
    The log stream pod is created after applying the yaml file. You can run the following commanded to verify that the pod is now active:
    $ oc get pod | grep logstream
    The commanded will generate output similar to the following example:
    c-db2wh-audit-test-logstream-6fb596cd5f-5r4xd                   1/1     Running     0            43h