Configuring audit logs
You can use IBM® Db2® Data Management Console to configure audit logs.
Procedure
To configure audit logs:
- From the console, click the APIs icon or go to
http://<server>/dbapi/api/index_enterprise.html. The REST API document displays.
- Browse the API document. Choose the API you want to use and refer to the example in the right side pane.
- To view the API to return all current audit settings, go to Connection Profile >
Returns the audit's current settings **ADMIN ONLY** or go to
http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettings. Example:
#!/bin/bash echo -n "Enter the DMC Username: " read DMCUSERID echo -n "Enter the DMC Password: " read -s DMCPASSWD echo "" echo -n "Enter the hostname / ip address for DMC: " read DMCHOST ## GET the token TOKEN=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/auth/tokens \ -H 'content-type: application/json' \ -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \ | jq -r '.token' ) #echo $TOKEN # Get all audit settings GETALLAUDITSETTINGS=$(curl --silent --insecure -X GET \ https://$DMCHOST:11081/dbapi/v4/audit/settings \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json') echo echo "AUDIT SETTINGS for DMC " echo $GETALLAUDITSETTINGS | jq '.' echo
- To view the API to return all current audit settings with security credential, go to
Connection Profile > Returns the audit's current settings with security credential **ADMIN
ONLY** or go to
http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettingsWithCred. Example:
#!/bin/bash echo -n "Enter the DMC Username: " read DMCUSERID echo -n "Enter the DMC Password: " read -s DMCPASSWD echo "" echo -n "Enter the hostname / ip address for DMC: " read DMCHOST echo -n "Enter the security Username: " read SECUSERID echo -n "Enter the security Password: " read -s SECPASSWD echo "" ## GET the token TOKEN=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/auth/tokens \ -H 'content-type: application/json' \ -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \ | jq -r '.token' ) #echo $TOKEN # Get all audit settings with security credential GETALLAUDITSETTINGS=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/audit/settings \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for DMC " echo $GETALLAUDITSETTINGS | jq '.' echo
- To view the API to return all current audit settings, go to Auditing > Update the
audit's settings **ADMIN ONLY** or go to
http://<server>/dbapi/api/index_enterprise.html#operation/UpdateAuditSettings. Note:
Security userid and password are OPTIONAL. It is needed if security credential is required to update the AUDIT_CONFIG table.
The example below will prompt for optional security credential when calling the API:#!/bin/bash echo -n "Enter the DMC Username: " read DMCUSERID echo -n "Enter the DMC Password: " read -s DMCPASSWD echo "" echo -n "Enter the hostname / ip address for DMC: " read DMCHOST echo -n "Enter the security Username: " read SECUSERID echo -n "Enter the security Password: " read -s SECPASSWD echo "" ## GET the token TOKEN=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/auth/tokens \ -H 'content-type: application/json' \ -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \ | jq -r '.token' ) # Get all audit settings GETALLAUDITSETTINGS=$(curl --silent --insecure -X GET \ https://$DMCHOST:11081/dbapi/v4/audit/settings \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json') echo echo "Current AUDIT SETTIGNS for DMC " echo $GETALLAUDITSETTINGS | jq '.' echo # Set all audit settings echo "This API updates all audit config settings at once." echo echo -n "Please enter key value for audit_enable (true/false): " read AUDIT_ENABLE echo -n "Please enter key value for log_method (repository/file): " read LOG_METHOD echo -n "Please enter key value for track_api_response_data (true/false): " read TRACK_API_RESPONSE_DATA echo -n "Please enter key value for track_api_response_error (true/false): " read TRACK_API_RESPONSE_ERROR echo -n "Please enter key value for keep_data_for_days (-1 or >=1): " read KEEP_DATA_FOR_DAYS # Set all audit settings with secuser SETALLAUDITSETTINGS=$(curl --silent --insecure -X PUT \ https://$DMCHOST:11081/dbapi/v4/audit/settings \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"audit_enable":"'$AUDIT_ENABLE'","log_method":"'$LOG_METHOD'","track_api_response_data":"'$TRACK_API_RESPONSE_DATA'","track_api_response_error":"'$TRACK_API_RESPONSE_ERROR'","keep_data_for_days":"'$KEEP_DATA_FOR_DAYS'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo "Set all Audit Settings result using secuser, expected value: $AUDIT_ENABLE $LOG_METHOD $TRACK_API_RESPONSE_DATA $TRACK_API_RESPONSE_ERROR $KEEP_DATA_FOR_DAYS" echo $SETALLAUDITSETTINGS | jq '.' echo
- To view the API to return audit setting by property name, go to Auditing > Return
audit's settings by property name **ADMIN ONLY** or go to
http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettingsByName. Example:
#!/bin/bash echo -n "Enter the DMC Username: " read DMCUSERID echo -n "Enter the DMC Password: " read -s DMCPASSWD echo "" echo -n "Enter the hostname / ip address for DMC: " read DMCHOST ## GET the token TOKEN=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/auth/tokens \ -H 'content-type: application/json' \ -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \ | jq -r '.token' ) ### echo $TOKEN echo "ENTER '1' to display key value for: audit_enable" echo "ENTER '2' to display key value for: log_method" echo "ENTER '3' to display key value for: track_api_response_data" echo "ENTER '4' to display key value for: track_api_response_error" echo "ENTER '5' to display key value for: keep_data_for_days" echo -n "Please enter your choice: " read INPUT case $INPUT in "1") # "audit_enable" echo "You chose: audit_enable" GETAUDITSETTINGS_AUDIT_ENABLE=$(curl --silent --insecure -X GET \ https://$DMCHOST:11081/dbapi/v4/audit/settings/audit_enable \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json') echo echo "AUDIT SETTINGS for key: audit_enable" echo $GETAUDITSETTINGS_AUDIT_ENABLE | jq '.' echo ;; "2") # "log_method" echo "You chose: log_method" GETAUDITSETTINGS_LOG_METHOD=$(curl --silent --insecure -X GET \ https://$DMCHOST:11081/dbapi/v4/audit/settings/log_method \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json') echo echo "AUDIT SETTINGS for key: log_method" echo $GETAUDITSETTINGS_LOG_METHOD | jq '.' echo ;; "3") # "track_api_response_data" echo "You chose: track_api_response_data" GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA=$(curl --silent --insecure -X GET \ https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_data \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json') echo echo "AUDIT SETTINGS for key: track_api_response_data" echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA | jq '.' echo ;; "4") # "track_api_response_error" echo "You chose: track_api_response_error" GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR=$(curl --silent --insecure -X GET \ https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_error \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json') echo echo "AUDIT SETTINGS for key: track_api_response_error" echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR | jq '.' echo ;; "5") # "keep_data_for_days" echo "You chose: keep_data_for_days" GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS=$(curl --silent --insecure -X GET \ https://$DMCHOST:11081/dbapi/v4/audit/settings/keep_data_for_days \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json') echo echo "AUDIT SETTINGS for key: keep_data_for_days" echo $GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS | jq '.' echo ;; *) echo "Invalid input key" ;; esac
- To view the API to return audit setting by property name with security credential, go to
Auditing > Return audit's setting by property name with security credential **ADMIN ONLY**
or go to
http://<server>/dbapi/api/index_enterprise.html#operation/GetAuditSettingsByNameWithCred. Example:
#!/bin/bash echo -n "Enter the DMC Username: " read DMCUSERID echo -n "Enter the DMC Password: " read -s DMCPASSWD echo "" echo -n "Enter the hostname / ip address for DMC: " read DMCHOST echo -n "Enter the security Username: " read SECUSERID echo -n "Enter the security Password: " read -s SECPASSWD echo "" ## GET the token TOKEN=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/auth/tokens \ -H 'content-type: application/json' \ -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \ | jq -r '.token' ) ### echo $TOKEN echo "ENTER '1' to display key value for: audit_enable" echo "ENTER '2' to display key value for: log_method" echo "ENTER '3' to display key value for: track_api_response_data" echo "ENTER '4' to display key value for: track_api_response_error" echo "ENTER '5' to display key value for: keep_data_for_days" echo -n "Please enter your choice: " read INPUT case $INPUT in "1") # "audit_enable" echo "You chose: audit_enable" GETAUDITSETTINGS_AUDIT_ENABLE=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/audit/settings/audit_enable \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: audit_enable" echo $GETAUDITSETTINGS_AUDIT_ENABLE | jq '.' echo ;; "2") # "log_method" echo "You chose: log_method" GETAUDITSETTINGS_LOG_METHOD=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/audit/settings/log_method \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: log_method" echo $GETAUDITSETTINGS_LOG_METHOD | jq '.' echo ;; "3") # "track_api_response_data" echo "You chose: track_api_response_data" GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_data \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: track_api_response_data" echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_DATA | jq '.' echo ;; "4") # "track_api_response_error" echo "You chose: track_api_response_error" GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_error \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: track_api_response_error" echo $GETAUDITSETTINGS_TRACK_API_RESPONSE_ERROR | jq '.' echo ;; "5") # "keep_data_for_days" echo "You chose: keep_data_for_days" GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/audit/settings/keep_data_for_days \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: keep_data_for_days" echo $GETAUDITSETTINGS_KEEP_DATA_FOR_DAYS | jq '.' echo ;; *) echo -n "Invalid input key" ;; esac
- To view the API to update audit setting by property name, go to Auditing > Update the
audit's settings by property name **ADMIN ONLY** or go to
http://<server>/dbapi/api/index_enterprise.html#operation/UpdateAuditSettingByName. Note: Security userid and password are OPTIONAL. It is needed if security credential is required to update the AUDIT_CONFIG table.The example below will prompt for optional security credential when calling the API.
#!/bin/bash echo -n "Enter the DMC Username: " read DMCUSERID echo -n "Enter the DMC Password: " read -s DMCPASSWD echo "" echo -n "Enter the hostname / ip address for DMC: " read DMCHOST echo -n "Enter the security Username: " read SECUSERID echo -n "Enter the security Password: " read -s SECPASSWD echo "" ## GET the token TOKEN=$(curl --silent --insecure -X POST \ https://$DMCHOST:11081/dbapi/v4/auth/tokens \ -H 'content-type: application/json' \ -d '{"userid":"'$DMCUSERID'","password":"'$DMCPASSWD'"}' \ | jq -r '.token' ) ### echo $TOKEN echo "ENTER '1' to update key value for: audit_enable" echo "ENTER '2' to update key value for: log_method" echo "ENTER '3' to update key value for: track_api_response_data" echo "ENTER '4' to update key value for: track_api_response_error" echo "ENTER '5' to update key value for: keep_data_for_days" echo -n "Please enter your choice: " read INPUT echo case $INPUT in "1") # "audit_enable" echo "You chose: audit_enable" echo -n "Please enter key value for audit_enable (true/false): " read INPUT AUDIT_ENABLE=$INPUT PUTAUDITSETTINGS_AUDIT_ENABLE=$(curl --silent --insecure -X PUT \ https://$DMCHOST:11081/dbapi/v4/audit/settings/audit_enable \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"value":"'$AUDIT_ENABLE'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: audit_enable, expected value: $AUDIT_ENABLE" echo $PUTAUDITSETTINGS_AUDIT_ENABLE | jq '.' echo ;; "2") # "log_method" echo "You chose: log_method" echo -n "Please enter key value for log_method (repository/file): " read INPUT LOG_METHOD=$INPUT PUTAUDITSETTINGS_LOG_METHOD=$(curl --silent --insecure -X PUT \ https://$DMCHOST:11081/dbapi/v4/audit/settings/log_method \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"value":"'$LOG_METHOD'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: log_method, expected value: $LOG_METHOD" echo $PUTAUDITSETTINGS_LOG_METHOD | jq '.' echo ;; "3") # "track_api_response_data" echo "You chose: track_api_response_data" echo -n "Please enter key value for track_api_response_data (true/false): " read INPUT TRACK_API_RESPONSE_DATA=$INPUT PUTAUDITSETTINGS_TRACK_API_RESPONSE_DATA=$(curl --silent --insecure -X PUT \ https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_data \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"value":"'$TRACK_API_RESPONSE_DATA'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: track_api_response_data, expected value: $TRACK_API_RESPONSE_DATA" echo $PUTAUDITSETTINGS_TRACK_API_RESPONSE_DATA | jq '.' echo ;; "4") # "track_api_response_error" echo -n "Please enter key value for track_api_response_error (true/false): " read INPUT TRACK_API_RESPONSE_ERROR=$INPUT PUTAUDITSETTINGS_TRACK_API_RESPONSE_ERROR=$(curl --silent --insecure -X PUT \ https://$DMCHOST:11081/dbapi/v4/audit/settings/track_api_response_error \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"value":"'$TRACK_API_RESPONSE_ERROR'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: track_api_response_error, expected value: $TRACK_API_RESPONSE_ERROR" echo $PUTAUDITSETTINGS_TRACK_API_RESPONSE_ERROR | jq '.' echo ;; "5") # "keep_data_for_days" echo "You chose: keep_data_for_days" echo -n "Please enter key value for keep_data_for_days (-1 or >=1): " read INPUT KEEP_DATA_FOR_DAYS=$INPUT PUTAUDITSETTINGS_KEEP_DATA_FOR_DAYS=$(curl --silent --insecure -X PUT \ https://$DMCHOST:11081/dbapi/v4/audit/settings/keep_data_for_days \ -H 'authorization: Bearer '$TOKEN \ -H 'content-type: application/json' \ -d '{"value":"'$KEEP_DATA_FOR_DAYS'","userid":"'$SECUSERID'","password":"'$SECPASSWD'"}') echo echo "AUDIT SETTINGS for key: keep_data_for_days, expected value: $KEEP_DATA_FOR_DAYS" echo $PUTAUDITSETTINGS_KEEP_DATA_FOR_DAYS | jq '.' echo ;; *) echo "Invalid input key" ;; esac