Enabling and disabling the Db2 audit facility in Data Virtualization

You can enable and disable auditing in Data Virtualization which uses the Db2 audit facility.

Before you begin

To complete this task, you must have the Data Virtualization Admin role. For more information, see Data Virtualization roles.
To learn how to run SQL statements, see Running SQL in Data Virtualization.

About this task

Auditing is controlled at three levels:

TOGGLEDEFAULTAUDITLOGGINGCOMPLETE: Sets up or removes the entire audit system, including creating or deleting audit policies. This will overwrite any custom changes you have made to those policies.
TOGGLEDEFAULTAUDITLOGGING: Turns existing audit policies on or off without changing the underlying audit setup or modifying the policies themselves.
TOGGLEAUDITLOGGING_STMTS: Controls how the SQL statements that you run are audited. This includes adjusting existing audit policies to enable or disable the CONTEXT and EXECUTE categories needed for statement-level auditing. See Auditing user-initiated SQL statements.

Note: These configurations do not impact non-Db2 audit events documented in Audit events for Data Virtualization.

To learn how to enable and disable auditing, refer to the following table:

Uninstall or reinstall the Db2 audit facility	The Db2 audit facility is enabled by default and does not need to be explicitly installed. You can uninstall and reinstall the audit infrastructure required for capturing Db2 audit events. The following toggle deletes or re-creates all artifacts in the `AUDIT` schema, including configuration and audit policies. Note: This toggle supersedes other toggles. To uninstall Db2 audit facility, run this procedure: `CALL DVSYS.TOGGLEDEFAULTAUDITLOGGINGCOMPLETE('OFF')` To re-install Db2 audit facility, run this procedure: `CALL DVSYS.TOGGLEDEFAULTAUDITLOGGINGCOMPLETE('ON')`
Enable or disable audit policy	You can enable or disable the audit policy that is used in capturing Db2 audit events. This toggle will not modify audit policies but requires Db2 audit facility to be installed. The `DV_AUDIT_DEFAULT` policy is enabled by default. To enable auditing of the `ALL USERS` group with the default audit policy (`DV_AUDIT_DEFAULT`), run this procedure: `CALL DVSYS.TOGGLEDEFAULTAUDITLOGGING('ON')` To remove audit policies from the `ALL USERS` group, run this procedure: `CALL DVSYS.TOGGLEDEFAULTAUDITLOGGING('OFF')`
Enable or disable auditing of SQL statements	This configuration controls whether you want to audit user-initiated SQL statements. Also, adjust the audit polices to enable or disable the CONTEXT and EXECUTE categories that are needed for statement-level auditing. For more details, see Auditing SQL statements in Data Virtualization. Before you begin Ensure the Db2 audit facility is installed. Ensure audit policy is enabled. Procedure To enable or disable the auditing of your SQL statements, run the following procedure. Replace `<TOGGLE>` with one of the following values: `ON` or `BOTH`: This value starts the auditing of SQL statements in both the CONTEXT and EXECUTE categories. That means you'll capture all statements, successful and failed, including those that fail before they reach the execution phase. This option provides the most detailed logging but also has the biggest impact on performance and disk usage. `EXECUTE_ONLY`: This value starts the auditing of statements that only reach the EXECUTE phase. Statements that fail early (for example, due to syntax or authorization errors) are not logged. This option provides a good balance between detail and system impact. `OFF`: This value stops auditing SQL statements in both the EXECUTE and CONTEXT categories. If your audit policy had these enabled before, then this turns them off completely. By default, Data Virtualization does not audit these categories unless you explicitly enable them. Conditional: `<AUDIT_POLICY_NAME>` is an optional parameter that you use when you have more than one policy in the system. If you have a custom audit policy, replace `<AUDIT_POLICY_NAME>` with the audit policy name, otherwise call the procedure with one parameter only i.e. `<TOGGLE>`. `CALL DVSYS.TOGGLEAUDITLOGGING_STMTS('<TOGGLE>', '<AUDIT_POLICY_NAME>');`

Uninstall or reinstall the Db2 audit facility

The Db2 audit facility is enabled by default and does not need to be explicitly installed. You can uninstall and reinstall the audit infrastructure required for capturing Db2 audit events.

The following toggle deletes or re-creates all artifacts in the AUDIT schema, including configuration and audit policies.
Note: This toggle supersedes other toggles.

To uninstall Db2 audit facility, run this procedure:

CALL DVSYS.TOGGLEDEFAULTAUDITLOGGINGCOMPLETE('OFF')

To re-install Db2 audit facility, run this procedure:

 CALL DVSYS.TOGGLEDEFAULTAUDITLOGGINGCOMPLETE('ON')

Enable or disable audit policy

You can enable or disable the audit policy that is used in capturing Db2 audit events. This toggle will not modify audit policies but requires Db2 audit facility to be installed.

The DV_AUDIT_DEFAULT policy is enabled by default.
To enable auditing of the ALL USERS group with the default audit policy (DV_AUDIT_DEFAULT), run this procedure:
```
CALL DVSYS.TOGGLEDEFAULTAUDITLOGGING('ON')
```
To remove audit policies from the ALL USERS group, run this procedure:
```
CALL DVSYS.TOGGLEDEFAULTAUDITLOGGING('OFF')
```

Enable or disable auditing of SQL statements

This configuration controls whether you want to audit user-initiated SQL statements. Also, adjust the audit polices to enable or disable the CONTEXT and EXECUTE categories that are needed for statement-level auditing. For more details, see Auditing SQL statements in Data Virtualization.

Before you begin

Ensure the Db2 audit facility is installed.
Ensure audit policy is enabled.

Procedure

To enable or disable the auditing of your SQL statements, run the following procedure.
- Replace <TOGGLE> with one of the following values:
  - ON or BOTH: This value starts the auditing of SQL statements in both the CONTEXT and EXECUTE categories. That means you'll capture all statements, successful and failed, including those that fail before they reach the execution phase. This option provides the most detailed logging but also has the biggest impact on performance and disk usage.
  - EXECUTE_ONLY: This value starts the auditing of statements that only reach the EXECUTE phase. Statements that fail early (for example, due to syntax or authorization errors) are not logged. This option provides a good balance between detail and system impact.
  - OFF: This value stops auditing SQL statements in both the EXECUTE and CONTEXT categories. If your audit policy had these enabled before, then this turns them off completely. By default, Data Virtualization does not audit these categories unless you explicitly enable them.
- Conditional: <AUDIT_POLICY_NAME> is an optional parameter that you use when you have more than one policy in the system. If you have a custom audit policy, replace <AUDIT_POLICY_NAME> with the audit policy name, otherwise call the procedure with one parameter only i.e. <TOGGLE>.
```
CALL DVSYS.TOGGLEAUDITLOGGING_STMTS('<TOGGLE>', '<AUDIT_POLICY_NAME>');
```