Calculating the Optimal Log Stream Size

Filtering by using the IMS POLICY from the Guardium appliance occurs in the IMS Control region, therefore only DLI calls that are to be audited are written to the log stream(s).

For most users, the size of the log stream that is provided with the LS_SIZE parameter of the AUILSTR2/3 log stream definition member (LS_SIZE(100)) is appropriate to use when auditing accesses to sensitive data or when auditing DLI calls performed by a group, or groups, of users who have access to all databases for diagnostic purposes.

There might be instances where an LS_SIZE parameter value of 13500 (LS_SIZE(13500)) might be used, such as:
  • during product testing, or
  • when the number of audited DLI calls exceed twenty-five thousand DLI calls per second, or
  • when the audited DLI calls include large concatenated key or large segment fields, which can occur when the IMS POLICY includes the +DATA keyword in the TARGET/DB INCLUDE filter statement
Note: Log stream sizing can be an iterative process. When attempting to audit many DLI calls, the CPU, memory, and disk storage capacity of the Guardium appliance should be considered.