Configuring audit logs

You can use IBM® Db2® Data Management Console to configure audit logs.

Procedure

To configure audit logs:

  1. From the console, click the APIs icon or go to http://<server>/dbapi/api/index_enterprise.html.
    The REST API document displays.
  2. Browse the API document. Choose the API you want to use and refer to the example in the right side pane.
  3. To view the API to return all current audit settings, go to Connection Profile > Returns the audit's current settings **ADMIN ONLY** or go to http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettings.
    Example:
    #!/bin/bash
    
    
    echo -n "Enter the DMC Username: "
    read DMCUSERID
    
    
    echo -n "Enter the DMC Password: "
    read -s DMCPASSWD
    echo ""
    
    
    echo -n "Enter the hostname / ip address for DMC: "
    read DMCHOST
    
    
    ## GET the token 
    TOKEN=$(curl --silent --insecure -X POST \
      https://$DMCHOST:11081/dbapi/v4/auth/tokens \
      -H 'content-type: application/json' \
      -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \
      | jq -r '.token'
    )
    #echo $TOKEN
    
    
    # Get all audit settings
    GETALLAUDITSETTINGS=$(curl --silent --insecure -X GET \
      https://$DMCHOST:11081/dbapi/v4/audit/settings \
      -H 'authorization: Bearer '$TOKEN \
      -H 'content-type: application/json')
    
    
    echo
    echo "AUDIT SETTINGS for DMC "
    echo $GETALLAUDITSETTINGS | jq '.'
    echo
  4. To view the API to return all current audit settings with security credential, go to Connection Profile > Returns the audit's current settings with security credential **ADMIN ONLY** or go to http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettingsWithCred.
    Example:
    #!/bin/bash
    
    
    echo -n "Enter the DMC Username: "
    read DMCUSERID
    
    
    echo -n "Enter the DMC Password: "
    read -s DMCPASSWD
    echo ""
    
    
    echo -n "Enter the hostname / ip address for DMC: "
    read DMCHOST
    
    
    echo -n "Enter the security Username: "
    read SECUSERID
    
    
    echo -n "Enter the security Password: "
    read -s SECPASSWD
    echo ""
    
    
    ## GET the token 
    TOKEN=$(curl --silent --insecure -X POST \
      https://$DMCHOST:11081/dbapi/v4/auth/tokens \
      -H 'content-type: application/json' \
      -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \
      | jq -r '.token'
    )
    #echo $TOKEN
    
    
    # Get all audit settings with security credential
    GETALLAUDITSETTINGS=$(curl --silent --insecure -X POST \
      https://$DMCHOST:11081/dbapi/v4/audit/settings \
      -H 'authorization: Bearer '$TOKEN \
      -H 'content-type: application/json' \
      -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
    echo
    echo "AUDIT SETTINGS for DMC "
    echo $GETALLAUDITSETTINGS | jq '.'
    echo
  5. To view the API to return all current audit settings, go to Auditing > Update the audit's settings **ADMIN ONLY** or go to http://<server>/dbapi/api/index_enterprise.html#operation/UpdateAuditSettings.
    Note:

    Security userid and password are OPTIONAL. It is needed if security credential is required to update the AUDIT_CONFIG table.

    The example below will prompt for optional security credential when calling the API:
    #!/bin/bash
    
    
    echo -n "Enter the DMC Username: "
    read DMCUSERID
    
    
    echo -n "Enter the DMC Password: "
    read -s DMCPASSWD
    echo ""
    
    
    echo -n "Enter the hostname / ip address for DMC: "
    read DMCHOST
    
    
    echo -n "Enter the security Username: "
    read SECUSERID
    
    
    echo -n "Enter the security Password: "
    read -s SECPASSWD
    echo ""
    
    
    ## GET the token 
    TOKEN=$(curl --silent --insecure -X POST \
      https://$DMCHOST:11081/dbapi/v4/auth/tokens \
      -H 'content-type: application/json' \
      -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \
      | jq -r '.token'
    )
    
    
    # Get all audit settings
    GETALLAUDITSETTINGS=$(curl --silent --insecure -X GET \
      https://$DMCHOST:11081/dbapi/v4/audit/settings \
      -H 'authorization: Bearer '$TOKEN \
      -H 'content-type: application/json')
    
    
    echo
    echo "Current AUDIT SETTIGNS for DMC "
    echo $GETALLAUDITSETTINGS | jq '.'
    echo
    
    
    # Set all audit settings
    echo "This API updates all audit config settings at once."
    echo
    
    
    echo -n "Please enter key value for audit_enable (true/false): "
    read AUDIT_ENABLE
    
    
    echo -n "Please enter key value for log_method (repository/file): "
    read LOG_METHOD
    
    
    echo -n "Please enter key value for track_api_response_data (true/false): "
    read TRACK_API_RESPONSE_DATA
    
    
    echo -n "Please enter key value for track_api_response_error (true/false): "
    read TRACK_API_RESPONSE_ERROR
    
    
    echo -n "Please enter key value for keep_data_for_days (-1 or >=1): "
    read KEEP_DATA_FOR_DAYS
    
    
    # Set all audit settings with secuser
    SETALLAUDITSETTINGS=$(curl --silent --insecure -X PUT \
      https://$DMCHOST:11081/dbapi/v4/audit/settings \
      -H 'authorization: Bearer '$TOKEN \
      -H 'content-type: application/json' \
      -d '{"audit_enable":"'$AUDIT_ENABLE'","log_method":"'$LOG_METHOD'","track_api_response_data":"'$TRACK_API_RESPONSE_DATA'","track_api_response_error":"'$TRACK_API_RESPONSE_ERROR'","keep_data_for_days":"'$KEEP_DATA_FOR_DAYS'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
      
    echo "Set all Audit Settings result using secuser, expected value: $AUDIT_ENABLE $LOG_METHOD $TRACK_API_RESPONSE_DATA $TRACK_API_RESPONSE_ERROR $KEEP_DATA_FOR_DAYS"
    echo $SETALLAUDITSETTINGS | jq '.'
    echo
  6. To view the API to return audit setting by property name, go to Auditing > Return audit's settings by property name **ADMIN ONLY** or go to http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettingsByName.
    Example:
    #!/bin/bash
    
    
    echo -n "Enter the DMC Username: "
    read DMCUSERID
    
    
    echo -n "Enter the DMC Password: "
    read -s DMCPASSWD
    echo ""
    
    
    echo -n "Enter the hostname / ip address for DMC: "
    read DMCHOST
    
    
    ## GET the token 
    TOKEN=$(curl --silent --insecure -X POST \
      https://$DMCHOST:11081/dbapi/v4/auth/tokens \
      -H 'content-type: application/json' \
      -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \
      | jq -r '.token'
    )
    ### echo $TOKEN
    
    
    echo "ENTER '1' to display key value for: audit_enable"
    echo "ENTER '2' to display key value for: log_method"
    echo "ENTER '3' to display key value for: track_api_response_data"
    echo "ENTER '4' to display key value for: track_api_response_error"
    echo "ENTER '5' to display key value for: keep_data_for_days"
    echo -n "Please enter your choice: "
    read INPUT
    
    
    case $INPUT in
    
    
      "1")
        # "audit_enable"
        echo "You chose: audit_enable"
        GETAUDITSETTINGS_AUDIT_ENABLE=$(curl --silent --insecure -X GET \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/audit_enable \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json')
    
    
        echo
        echo "AUDIT SETTINGS for key: audit_enable"
        echo $GETAUDITSETTINGS_AUDIT_ENABLE | jq '.'
        echo
        ;;
    
    
      "2")
        # "log_method"
        echo "You chose: log_method"
        GETAUDITSETTINGS_LOG_METHOD=$(curl --silent --insecure -X GET \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/log_method \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json')
    
    
        echo
        echo "AUDIT SETTINGS for key: log_method"
        echo $GETAUDITSETTINGS_LOG_METHOD | jq '.'
        echo
        ;;
    
    
      "3")
        # "track_api_response_data"
        echo "You chose: track_api_response_data"
        GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA=$(curl --silent --insecure -X GET \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_data \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json')
    
    
        echo
        echo "AUDIT SETTINGS for key: track_api_response_data"
        echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA | jq '.'
        echo
        ;;
    
    
      "4")
        # "track_api_response_error"
        echo "You chose: track_api_response_error"
        GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR=$(curl --silent --insecure -X GET \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_error \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json')
    
    
        echo
        echo "AUDIT SETTINGS for key: track_api_response_error"
        echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR | jq '.'
        echo
        ;;
    
    
      "5")
        # "keep_data_for_days"
        echo "You chose: keep_data_for_days"
        GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS=$(curl --silent --insecure -X GET \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/keep_data_for_days \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json')
    
    
        echo
        echo "AUDIT SETTINGS for key: keep_data_for_days"
        echo $GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS | jq '.'
        echo
        ;;
    
    
      *)
        echo "Invalid input key"
        ;;
    esac
    
    
  7. To view the API to return audit setting by property name with security credential, go to Auditing > Return audit's setting by property name with security credential **ADMIN ONLY** or go to http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettingsByNameWithCred.
    Example:
    #!/bin/bash
    
    
    echo -n "Enter the DMC Username: "
    read DMCUSERID
    
    
    echo -n "Enter the DMC Password: "
    read -s DMCPASSWD
    echo ""
    
    
    echo -n "Enter the hostname / ip address for DMC: "
    read DMCHOST
    
    
    echo -n "Enter the security Username: "
    read SECUSERID
    
    
    echo -n "Enter the security Password: "
    read -s SECPASSWD
    echo ""
    
    
    ## GET the token 
    TOKEN=$(curl --silent --insecure -X POST \
      https://$DMCHOST:11081/dbapi/v4/auth/tokens \
      -H 'content-type: application/json' \
      -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \
      | jq -r '.token'
    )
    ### echo $TOKEN
    
    
    echo "ENTER '1' to display key value for: audit_enable"
    echo "ENTER '2' to display key value for: log_method"
    echo "ENTER '3' to display key value for: track_api_response_data"
    echo "ENTER '4' to display key value for: track_api_response_error"
    echo "ENTER '5' to display key value for: keep_data_for_days"
    echo -n "Please enter your choice: "
    read INPUT
    
    
    case $INPUT in
    
    
      "1")
        # "audit_enable"
        echo "You chose: audit_enable"
        GETAUDITSETTINGS_AUDIT_ENABLE=$(curl --silent --insecure -X POST \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/audit_enable \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: audit_enable"
        echo $GETAUDITSETTINGS_AUDIT_ENABLE | jq '.'
        echo
        ;;
    
    
      "2")
        # "log_method"
        echo "You chose: log_method"
        GETAUDITSETTINGS_LOG_METHOD=$(curl --silent --insecure -X POST \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/log_method \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: log_method"
        echo $GETAUDITSETTINGS_LOG_METHOD | jq '.'
        echo
        ;;
    
    
      "3")
        # "track_api_response_data"
        echo "You chose: track_api_response_data"
        GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA=$(curl --silent --insecure -X POST \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_data \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: track_api_response_data"
        echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA | jq '.'
        echo
        ;;
    
    
      "4")
        # "track_api_response_error"
        echo "You chose: track_api_response_error"
        GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR=$(curl --silent --insecure -X POST \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_error \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: track_api_response_error"
        echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR | jq '.'
        echo
        ;;
    
    
      "5")
        # "keep_data_for_days"
        echo "You chose: keep_data_for_days"
        GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS=$(curl --silent --insecure -X POST \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/keep_data_for_days \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: keep_data_for_days"
        echo $GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS | jq '.'
        echo
        ;;
    
    
      *)
        echo -n "Invalid input key"
        ;;
    esac
  8. To view the API to update audit setting by property name, go to Auditing > Update the audit's settings by property name **ADMIN ONLY** or go to http://<server>/dbapi/api/index_enterprise.html#operation/UpdateAuditSettingByName.
    Note: Security userid and password are OPTIONAL. It is needed if security credential is required to update the AUDIT_CONFIG table.
    The example below will prompt for optional security credential when calling the API.
    #!/bin/bash
    
    
    echo -n "Enter the DMC Username: "
    read DMCUSERID
    
    
    echo -n "Enter the DMC Password: "
    read -s DMCPASSWD
    echo ""
    
    
    echo -n "Enter the hostname / ip address for DMC: "
    read DMCHOST
    
    
    echo -n "Enter the security Username: "
    read SECUSERID
    
    
    echo -n "Enter the security Password: "
    read -s SECPASSWD
    echo ""
    
    
    ## GET the token 
    TOKEN=$(curl --silent --insecure -X POST \
      https://$DMCHOST:11081/dbapi/v4/auth/tokens \
      -H 'content-type: application/json' \
      -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \
      | jq -r '.token'
    )
    ### echo $TOKEN
    
    
    echo "ENTER '1' to update key value for: audit_enable"
    echo "ENTER '2' to update key value for: log_method"
    echo "ENTER '3' to update key value for: track_api_response_data"
    echo "ENTER '4' to update key value for: track_api_response_error"
    echo "ENTER '5' to update key value for: keep_data_for_days"
    echo -n "Please enter your choice: "
    read INPUT
    echo
    
    
    case $INPUT in
    
    
      "1")
        # "audit_enable"
        echo "You chose: audit_enable"
    
    
        echo -n "Please enter key value for audit_enable (true/false): "
        read INPUT
        AUDIT_ENABLE=$INPUT
        PUTAUDITSETTINGS_AUDIT_ENABLE=$(curl --silent --insecure -X PUT \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/audit_enable \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"value":"'$AUDIT_ENABLE'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: audit_enable, expected value: $AUDIT_ENABLE"
        echo $PUTAUDITSETTINGS_AUDIT_ENABLE | jq '.'
        echo
        ;;
    
    
      "2")
        # "log_method"
        echo "You chose: log_method"
    
    
        echo -n "Please enter key value for log_method (repository/file): "
        read INPUT
        LOG_METHOD=$INPUT
        PUTAUDITSETTINGS_LOG_METHOD=$(curl --silent --insecure -X PUT \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/log_method \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"value":"'$LOG_METHOD'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: log_method, expected value: $LOG_METHOD"
        echo $PUTAUDITSETTINGS_LOG_METHOD | jq '.'
        echo
        ;;
    
    
      "3")
        # "track_api_response_data"
        echo "You chose: track_api_response_data"
    
    
        echo -n "Please enter key value for track_api_response_data (true/false): "
        read INPUT
        TRACK_API_RESPONSE_DATA=$INPUT
        PUTAUDITSETTINGS_TRACK_API_RESPONSE_DATA=$(curl --silent --insecure -X PUT \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_data \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"value":"'$TRACK_API_RESPONSE_DATA'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: track_api_response_data, expected value: $TRACK_API_RESPONSE_DATA"
        echo $PUTAUDITSETTINGS_TRACK_API_RESPONSE_DATA | jq '.'
        echo
        ;;
    
    
      "4")
        # "track_api_response_error"
    
    
        echo -n "Please enter key value for track_api_response_error (true/false): "
        read INPUT
        TRACK_API_RESPONSE_ERROR=$INPUT
        PUTAUDITSETTINGS_TRACK_API_RESPONSE_ERROR=$(curl --silent --insecure -X PUT \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_error \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"value":"'$TRACK_API_RESPONSE_ERROR'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: track_api_response_error, expected value: $TRACK_API_RESPONSE_ERROR"
        echo $PUTAUDITSETTINGS_TRACK_API_RESPONSE_ERROR | jq '.'
        echo
        ;;
    
    
      "5")
        # "keep_data_for_days"
        echo "You chose: keep_data_for_days"
    
    
        echo -n "Please enter key value for keep_data_for_days (-1 or >=1): "
        read INPUT
        KEEP_DATA_FOR_DAYS=$INPUT
        PUTAUDITSETTINGS_KEEP_DATA_FOR_DAYS=$(curl --silent --insecure -X PUT \
          https://$DMCHOST:11081/dbapi/v4/audit/settings/keep_data_for_days \
          -H 'authorization: Bearer '$TOKEN \
          -H 'content-type: application/json' \
          -d '{"value":"'$KEEP_DATA_FOR_DAYS'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}')
    
    
        echo
        echo "AUDIT SETTINGS for key: keep_data_for_days, expected value: $KEEP_DATA_FOR_DAYS"
        echo $PUTAUDITSETTINGS_KEEP_DATA_FOR_DAYS | jq '.'
        echo
        ;;
    
    
      *)
        echo "Invalid input key"
        ;;
    esac