Fortinet black logo

Handbook (HTML)

Home FortiDB 5.1.14 Handbook (HTML)

Configuring the DB2 database and installing the agent

5.1.14
5.1.14
5.1.13
5.1.12
5.1.11
5.1.10
5.1.9
5.1.8
5.1.7
5.1.6
5.1.5
5.1.2
5.1.1
5.0.0
Copy Link
Copy Doc ID 73ac471a-9afd-11ea-8862-00505692583a:854028

Configuring the DB2 database and installing the agent

To configure the DB2 target database to work with the DB2 agent
  1. If the database already has an audit configuration, to reset the instance level audit, use the following command:

    2. db2audit configure reset

  2. To start the audit facility administrator tool, use the following command:

    3. db2audit start

  3. To configure the audit facility to audit for failed logins, use the following command:

    4. db2audit configure scope context status failure

  4. To set the size of the audit buffer, use the following command:

    5. db2 update dbm cfg using AUDIT_BUF_SZ 10000

    The default audit buffer is 0 (no setting).
  5. To grant security administration authority (SECADM) to the user FortiDB uses to connect to the database, use the following command:

    6. db2=> GRANT SECADM ON DATABASE TO USER <user name>

    where <user name> is the user name specified by the target configuration (General tab).

    For Windows, the FortiDB connection user needs to belong to the DB2ADMNS or DB2USERS group. For UNIX, AIX, or Linux, the FortiDB connection user does not need to be an instance owner.

    By default, the db2admin user does not have the SECADM authority.
  6. Connect to FortiDB for monitoring. For details about connecting to FortiDB, go to "Managing Target Databases".(maybe they should configure the agent, first?)
To configure and run the DB2 agent
  1. Ensure that Java Virtual Machine (JVM) 1.6 or greater is installed, the JAVA_HOME environment variable is correctly configured, and that the bin directory is first on the execution path.
  2. Obtain a copy of the FortiDB agent installer. For information on obtaining the installer, contact Fortinet technical support.
  3. Ensure that the DB2 target database has the required configuration. See To configure the DB2 target database to work with the DB2 agent.
  4. As the database user that runs the agent, log in to the machine where the DB2 database is located, and then unpack a copy of FortiDB agent installer to a directory.

    5. For information on the premissions this user requires, see Users and privileges required by the DB2 agent.

  5. Copy the agent.properties.sample file from <agent install directory>/doc to <agent install directory>/conf, and then change the file name to agent.properties.
  6. Using a text editor, change the agent.properties.sample properties to the following values:
    7. Parameter Description Required?
    agentType Enter DB2. Yes
    brokerAddress Enter the IP address or resolvable host name for FortiDB. Yes
    brokerPort

    Enter the port FortiDB uses to listen for transmissions from the agent.

    The default value is 9116.

    		 No
    agentDBAddress

    Enter the IP address of the target database.

    Use the same value that is specified by the target configuration (General tab).

    		 Yes
    agentDBPort

    Enter the listening port on the target database.

    Use the same value that is specified by the target configuration (General tab).

    		 Yes
    pollingInterval

    Enter the listening port on the target database.

    Use the same value that is specified by the target configuration (General tab).

    		 No
    removeAuditFile

    Enter true or false.

    To remove DB2 audit file outputs after the agent sends them to FortiDB, enter true (the default value).

    		 No
  7. To install the DB2 agent, go to <agent install directory>/bin, and then execute the following command:

    8. DB2AgentSetup

  8. If DB2 is installed on Windows, do the following:
    1. In <agent install directory>/bin, execute the following command:
    2. fdbagent install
    3. In the Windows Services Control Panel (for example, in Start > Control Panel > Administrative Tools), configure the FortiDB Database Monitoring Agent to run using the same login credentials that you used to unpack the FortiDB agent installation file.
  9. To start the FortiDB agent, do one of the following:
    • For Windows, Linux, or Solaris:
      • In <agent install directory>/bin, execute the following command:
      • $ fdbagent start
      • To stop the agent, execute the following command:
      • $ fdbagent stop
    • For other platforms (for example, AIX):
      • In <agent install directory>/bin, execute the following command:
      • $ nohup ./fdbagentapp &
  10. To confirm that the audit data path and audit archive path are correct, execute the following command:

    11. db2audit describe

    The audit settings are displayed. For example:

    DB2 AUDIT SETTINGS:

    Audit active: "TRUE"

    Log audit events: "FAILURE"

    Log checking events: "FAILURE"

    Log object maintenance events: "FAILURE"

    Log security maintenance events: "FAILURE"

    Log system administrator events: "FAILURE"

    Log validate events: "FAILURE"

    Log context events: "FAILURE"

    Return SQLCA on audit error: "FALSE "

    Audit Data Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\flush\"

    Audit Archive Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\archive\"

    AUD0000I Operation succeeded.

  11. Configure target monitoring for the database where the agent is installed. For detailed instructions, see Configuring DB2 monitoring.
See also
Previous
Next

Configuring the DB2 database and installing the agent

To configure the DB2 target database to work with the DB2 agent
  1. If the database already has an audit configuration, to reset the instance level audit, use the following command:

    2. db2audit configure reset

  2. To start the audit facility administrator tool, use the following command:

    3. db2audit start

  3. To configure the audit facility to audit for failed logins, use the following command:

    4. db2audit configure scope context status failure

  4. To set the size of the audit buffer, use the following command:

    5. db2 update dbm cfg using AUDIT_BUF_SZ 10000

    The default audit buffer is 0 (no setting).
  5. To grant security administration authority (SECADM) to the user FortiDB uses to connect to the database, use the following command:

    6. db2=> GRANT SECADM ON DATABASE TO USER <user name>

    where <user name> is the user name specified by the target configuration (General tab).

    For Windows, the FortiDB connection user needs to belong to the DB2ADMNS or DB2USERS group. For UNIX, AIX, or Linux, the FortiDB connection user does not need to be an instance owner.

    By default, the db2admin user does not have the SECADM authority.
  6. Connect to FortiDB for monitoring. For details about connecting to FortiDB, go to "Managing Target Databases".(maybe they should configure the agent, first?)
To configure and run the DB2 agent
  1. Ensure that Java Virtual Machine (JVM) 1.6 or greater is installed, the JAVA_HOME environment variable is correctly configured, and that the bin directory is first on the execution path.
  2. Obtain a copy of the FortiDB agent installer. For information on obtaining the installer, contact Fortinet technical support.
  3. Ensure that the DB2 target database has the required configuration. See To configure the DB2 target database to work with the DB2 agent.
  4. As the database user that runs the agent, log in to the machine where the DB2 database is located, and then unpack a copy of FortiDB agent installer to a directory.

    5. For information on the premissions this user requires, see Users and privileges required by the DB2 agent.

  5. Copy the agent.properties.sample file from <agent install directory>/doc to <agent install directory>/conf, and then change the file name to agent.properties.
  6. Using a text editor, change the agent.properties.sample properties to the following values:
    7. Parameter Description Required?
    agentType Enter DB2. Yes
    brokerAddress Enter the IP address or resolvable host name for FortiDB. Yes
    brokerPort

    Enter the port FortiDB uses to listen for transmissions from the agent.

    The default value is 9116.

    		 No
    agentDBAddress

    Enter the IP address of the target database.

    Use the same value that is specified by the target configuration (General tab).

    		 Yes
    agentDBPort

    Enter the listening port on the target database.

    Use the same value that is specified by the target configuration (General tab).

    		 Yes
    pollingInterval

    Enter the listening port on the target database.

    Use the same value that is specified by the target configuration (General tab).

    		 No
    removeAuditFile

    Enter true or false.

    To remove DB2 audit file outputs after the agent sends them to FortiDB, enter true (the default value).

    		 No
  7. To install the DB2 agent, go to <agent install directory>/bin, and then execute the following command:

    8. DB2AgentSetup

  8. If DB2 is installed on Windows, do the following:
    1. In <agent install directory>/bin, execute the following command:
    2. fdbagent install
    3. In the Windows Services Control Panel (for example, in Start > Control Panel > Administrative Tools), configure the FortiDB Database Monitoring Agent to run using the same login credentials that you used to unpack the FortiDB agent installation file.
  9. To start the FortiDB agent, do one of the following:
    • For Windows, Linux, or Solaris:
      • In <agent install directory>/bin, execute the following command:
      • $ fdbagent start
      • To stop the agent, execute the following command:
      • $ fdbagent stop
    • For other platforms (for example, AIX):
      • In <agent install directory>/bin, execute the following command:
      • $ nohup ./fdbagentapp &
  10. To confirm that the audit data path and audit archive path are correct, execute the following command:

    11. db2audit describe

    The audit settings are displayed. For example:

    DB2 AUDIT SETTINGS:

    Audit active: "TRUE"

    Log audit events: "FAILURE"

    Log checking events: "FAILURE"

    Log object maintenance events: "FAILURE"

    Log security maintenance events: "FAILURE"

    Log system administrator events: "FAILURE"

    Log validate events: "FAILURE"

    Log context events: "FAILURE"

    Return SQLCA on audit error: "FALSE "

    Audit Data Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\flush\"

    Audit Archive Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\archive\"

    AUD0000I Operation succeeded.

  11. Configure target monitoring for the database where the agent is installed. For detailed instructions, see Configuring DB2 monitoring.
See also
Previous
Next