Monitoring strategy

Make your monitoring and auditing effective and efficient by developing a strategy that recognizes and fulfills your regulatory and other requirements.

After you know what data you need, develop a strategy for collecting it with as little extraneous data as possible. Monitoring and logging data that you do not need uses up disk space and processing power, and generates extra network traffic. There are several areas where you can implement your strategy:
Database monitoring
The global SQL monitor captures SQL information and puts it into a queue for the S-TAP. You can use the filtering capabilities of the monitor to control which types of users and objects are queued. By default, these types of entries are not forwarded from the S-TAP to the Guardium® system:
SQL Abbreviation Meaning
AD ALLOCATE DESCRIPTOR
CL CLOSE
DA DEALLOCATE DESCRIPTOR
DE DESCRIBE
EX EXECUTE (the SQL statement executed is audited)
FE FETCH
FL FREE LOCATOR
GD GET DIAGNOSTICS
GS GET DESCRIPTOR
HL HOLD LOCATOR
PR PREPARE (except authorization errors are captured)
RE RELEASE
RG RESIGNAL
SC SET CONNECTION
SD SET DESCRIPTOR
SG SIGNAL
Audit journal
You can configure the system audit journal to capture only those entries that concern objects of interest or users of interest. By default, entries of these types are sent from the S-TAP to the Guardium system:
SQL Abbreviation Meaning
ZR Read object
ZC Change object
CA Authority change
AD Auditing change
AF Authority failure
CO Create object
DO Delete object
SV System Value change
GR General purpose audit record
OM Object moved or renamed
PG Primary group change
PW Invalid password or user ID
OW Change owner
OR Object restored
RA Restore authority change
RO Restore owner change
RZ Restore primary group change
Only those entries that relate to database objects are forwarded:
  • *FILE (a table, view, index, logical file, alias, or device file)
  • *SQLUDT (an SQL user-defined type)
  • *SQLPKG (an SQL package)
  • *PGM (a procedure, function, or program)
  • *SRVPGM (a procedure, function, global variable, or service program)
  • *DTAARA (an SQL sequence)
On the Guardium system
You can define policies that control which information that is received from the S-TAP is ignored, and what actions to take based on other items.
Ignoring data after it has been sent over the network is inefficient. Wherever possible, filter out information that you do not need before it is queued for the S-TAP.