Monitoring strategy
Make your monitoring and auditing effective and efficient by developing a strategy that recognizes and fulfills your regulatory and other requirements.
After you know what data you need, develop a strategy for collecting it with as little extraneous
data as possible. Monitoring and logging data that you do not need uses up disk space and processing
power, and generates extra network traffic. There are several areas where you can implement your strategy:
- Database monitoring
- The global SQL monitor captures SQL information and puts it into a queue for the S-TAP. You can use
the filtering capabilities of the monitor to control which types of users and objects are queued. By
default, these types of entries are not forwarded from the S-TAP to the Guardium®
system:
SQL Abbreviation Meaning AD ALLOCATE DESCRIPTOR CL CLOSE DA DEALLOCATE DESCRIPTOR DE DESCRIBE EX EXECUTE (the SQL statement executed is audited) FE FETCH FL FREE LOCATOR GD GET DIAGNOSTICS GS GET DESCRIPTOR HL HOLD LOCATOR PR PREPARE (except authorization errors are captured) RE RELEASE RG RESIGNAL SC SET CONNECTION SD SET DESCRIPTOR SG SIGNAL - Audit journal
- You can configure the system audit journal to capture only those entries that concern objects of
interest or users of interest. By default, entries of these types are sent from the S-TAP to the Guardium
system: Only those entries that relate to database objects are forwarded:
SQL Abbreviation Meaning ZR Read object ZC Change object CA Authority change AD Auditing change AF Authority failure CO Create object DO Delete object SV System Value change GR General purpose audit record OM Object moved or renamed PG Primary group change PW Invalid password or user ID OW Change owner OR Object restored RA Restore authority change RO Restore owner change RZ Restore primary group change - *FILE (a table, view, index, logical file, alias, or device file)
- *SQLUDT (an SQL user-defined type)
- *SQLPKG (an SQL package)
- *PGM (a procedure, function, or program)
- *SRVPGM (a procedure, function, global variable, or service program)
- *DTAARA (an SQL sequence)
- On the Guardium system
- You can define policies that control which information that is received from the S-TAP is ignored, and what actions to take based on other items.