Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can Splunk search DB2 LUW active logs and archive logs looking for DML activity against sensitive data tables?

vaharr
New Member
‎09-14-2017 01:03 PM

Can I use Splunk to search DB2 LUW active logs and archive logs looking for DML activity against database tables? We have 12 tables with sensitive data and I am hoping to Splunk Insert, Delete or Update records in the DB2 LUW logs to use for audit reporting of user activity against these tables. Thank you. -Victor

0 Karma
Reply

vaharr
New Member
‎09-15-2017 11:11 AM

koshyk - Thank you for the excellent reply and the link that was provided in (1) was information that I had not discovered in my research of this topic. Can you expand the explanation in (2) especially the "collect this information using DBconnect" statement? I have asked for SECADM authority to create an Audit Policy, but this has not yet been granted by the Information Security group. If you have time, also please provide more text about how the process to "dump the data into flat files with respective table names in filename and collect the UF" is performed. Sorry for all the questions but what is 'UF'? Thank you again for the links and the well-formed response. I will be unavailable next week, but I will view your next reply in a week. -Victor

0 Karma
Reply

koshyk
Super Champion
‎09-15-2017 02:42 AM

DB2 doesnt have a TA of its own. There are 2 parts to your question

  1. what auditing is done in your DB2 systems
  2. method of monitoring

(1) there is a default DB2 monitoring and auditing. But its upto your company policy and admin to disable/enable them
The db2 auditing is done in multiple tables. This link shows the details of Audit facilities available

(2) Method of collection. You can collect this information using DBconnect (but requires privileged access which you need to setup with DB2 admin). Or ask the admin to dump the data into flat files with respective table names in filename and collect using UF

The DML auditing is part of "Audit Execute layout". Please beware sometimes, the dataset will be huge as it will contain select statements too. The details of table and data is in this link

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...