Configuring log streaming for Db2

After Db2 audit logging is enabled, you can create a log streaming pod to forward the audit logs to the Cloud Pak for Data audit service.

Before you begin

Enable audit logging for the Db2 service. For more information, see Configuring audit logging for Db2.

Procedure

  1. Create environment variables for your environment.
    1. Run the following command to determine the name of your active db2ucluster: 
      oc get db2ucluster -n ${PROJECT_CPD_INST_OPERANDS}
    2. Set the db2ucluster-name environment variable to the database instance that you want to configure log streaming for: 
      export DB2UCLUSTER=<db2ucluster-name>
    3. Run the following command to determine the TLS secret of your database instance: 
      $ oc get secret -n ${PROJECT_CPD_INST_OPERANDS} | grep tls
    4. Set the INSTANCE_TLS environment variable to the TLS secret for the database instance that you want to configure log streaming for: 
      export INSTANCE_TLS=<instance-tls>
      For the DB2OLTP instance, you can set it to the default secret:
      export INSTANCE_TLS=db2oltp-internal-tls
  2. Run the following command to confirm that audit logging is enabled and that the auditlogs PVC was created for your deployed database. 
    oc get db2u <db2ucluster-name> -oyaml
    Confirm that enableAudit is set to true and auditlogs PVC is added in storage configs.
  3. Create the log stream pod: 
    cat << EOF | oc apply -f -
apiVersion: db2ulog.databases.ibm.com/v1alpha1
kind: Db2uLogStream
metadata:
  name: $DB2UCLUSTER
spec:
  configurations:
    - type: audit
      format: cadf
      connection: cp4d
  connections:
    cp4d:
      endpoint: https://zen-audit-svc.${PROJECT_CPD_INST_OPERANDS}:9880/records
      credentials: $INSTANCE_TLS
      authType: tls
EOF
    The log stream pod is created after applying the yaml file. You can run the following command to verify that the pod is now active: 
    $ oc get pod | grep logstream
    The commanded will generate output similar to the following example:
    c-db2oltp-audit-test-logstream-6fb596cd5f-5r4xd                   1/1     Running     0            43h
  4. Optional: Enable the debugging mod for log streaming.
    The debugging mod returns more details in the output from your log streaming pod.
    1. Run the following command to edit your log streaming pod: 
      oc edit cm c-<instance-name>-logstream -oyaml
    2. Add the following content to the data field in your instance: 
      fluent.conf: "\n        <system>\n            log_level trace\n        </system>\n
    \       <source>\n            @type tail\n            path /var/log/auditlogs/*.del\n
    \           pos_file /tmp/auditlog.pos\n            tag audit.*\n            <parse>\n
    \               @type none\n            </parse>\n        </source>\n\n        <filter
    audit.**>\n            @type audit\n        </filter>\n        <filter audit.**>\n
    \           @type cadf\n        </filter>\n        <match audit.**>\n           @type
    http\n\t\t\t\t\t   endpoint https://zen-audit-svc.zen:9880/records\n\t\t\t\t\t
    \  <format>\n\t\t\t\t\t\t   @type json\n\t\t\t\t\t   </format>\n\t\t\t\t\t   json_array
    true\n\t\t\t\t\t   \n\t\ttls_ca_cert_path /etc/credentials/cp4d/ca.crt\n        tls_client_cert_path
    /etc/credentials/cp4d/tls.crt\n        tls_private_key_path /etc/credentials/cp4d/tls.key\n\t\t\n
    \       </match>\n    "
    3. Delete your log streaming pod by running the following command: 
      oc delete pod c-<instance-name>-logstream-0
      The log streaming pod restarts and applies the new configuration.