IBM Support

Guardium and Db2 for i - technical resources



Guardium and Db2 for i - technical resources


You are in: IBM i Technology Updates > Db2 for i - Technology UpdatesDb2 for i Security Enhancements > Guardium and Db2 for i - technical resources

IBM Security Guardium is an enterprise information database audit and protection solution. It helps enterprises protect and audit information across a diverse set of relational and non-relational data sources.

With Guardium V9.x or V10, Db2 for IBM i can be included as a data source, enabling the monitoring of accesses from native interfaces as well as through SQL.

Audit information provided includes:

  • SQL accesses whether initiated on a client or the IBM i server
  • Native database access that is captured in the audit journal
  • Both SQL access and native access are sent to the Guardium collector in real time
  • Extending the information available in the audit journal, Guardium captures more details regarding SQL statements, variable values, client special registers, interface information, users, jobs, TCP/IP addresses, and ports

Filtering can be specified on the IBM i server to capture only that information which is required by auditors. For example, it is quite simple to set up auditing of any SQL or native access performed by privileged users.

Service Level Requirements

To use Guardium Database Activity Monitor (DAM) with Db2 for i S-TAP, the recommended service level is:

  • IBM i 7.4
  • IBM i 7.3 - Db2 PTF Group SF99703 Level 8
  • IBM i 7.2 - Db2 PTF Group SF99702 Level 20
  • IBM i 7.1 - Db2 PTF Group SF99701 Level 43
    and apply IBM i 7.1, individual PTFs: 
    PTF 5770SS1 SI65735
    PTF 5770SS1 SI66511
    PTF 5770SS1 SI67316
  • Refer to Db2 for IBM i Group PTF Schedule to review the Db2 for IBM i PTF group schedule and availability.
  • License program 5722SS1-33 Portable App Solutions Environment (PASE) for i is a free of charge, optionally installable component of the operating system. Verify that PASE is installed on your IBM i server. If not, refer to IBM PASE for i in the IBM i Knowledge Center.
  • IBM InfoSphere Guardium V9.0 (or higher) appliance (configured as a collector) and the Standard Activity Monitoring for Databases software entitlement.

Education Resources

IBM i developerWorks article: "Using IBM InfoSphere Guardium for monitoring and auditing IBM Db2 for i database activity"

Guardium Activity Monitor & Db2 for i Serviceability Guide:

Guardium Activity Monitor & DB2 for i Serviceability Guide - Version 3.3.pdf

Guardium V10 overview: 

Guardium V10 S-TAP configuration:

        V10 S-TAP Details

Guardium IBM i Advanced S-TAP Filtering document:

        IBM i Advanced S-TAP Filtering

 Introductory Video: "InfoSphere Guardium Data Activity Monitoring for IBM i"

Figure 1. Guardium V10 - IBM i Features


[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"Component":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]

Document Information

Modified date:
10 December 2020