Configuring the DB2 database and installing the agent
To configure the DB2 target database to work with the DB2 agent
- If the database already has an audit configuration, to reset the instance level audit, use the following command:
- To start the audit facility administrator tool, use the following command:
- To configure the audit facility to audit for failed logins, use the following command:
- To set the size of the audit buffer, use the following command:
- To grant security administration authority (SECADM) to the user FortiDB uses to connect to the database, use the following command:
- Connect to FortiDB for monitoring. For details about connecting to FortiDB, go to "Managing Target Databases".(maybe they should configure the agent, first?)
db2audit configure reset
db2audit start
db2audit configure scope context status failure
db2 update dbm cfg using AUDIT_BUF_SZ 10000
The default audit buffer is 0 (no setting). |
db2=> GRANT SECADM ON DATABASE TO USER <user name>
where <user name>
is the user name specified by the target configuration (General tab).
For Windows, the FortiDB connection user needs to belong to the DB2ADMNS or DB2USERS group. For UNIX, AIX, or Linux, the FortiDB connection user does not need to be an instance owner. By default, the |
To configure and run the DB2 agent
- Ensure that Java Virtual Machine (JVM) 1.6 or greater is installed, the JAVA_HOME environment variable is correctly configured, and that the bin directory is first on the execution path.
- Obtain a copy of the FortiDB agent installer. For information on obtaining the installer, contact Fortinet technical support.
- Ensure that the DB2 target database has the required configuration. See To configure the DB2 target database to work with the DB2 agent.
- As the database user that runs the agent, log in to the machine where the DB2 database is located, and then unpack a copy of FortiDB agent installer to a directory.
- Copy the
agent.properties.sample
file from <agent install directory>/doc to <agent install directory>/conf, and then change the file name to agent.properties. - Using a text editor, change the
agent.properties.sample
properties to the following values: - To install the DB2 agent, go to
<agent install directory>/bin
, and then execute the following command: - If DB2 is installed on Windows, do the following:
- In <agent install directory>/bin, execute the following command:
- fdbagent install
- In the Windows Services Control Panel (for example, in Start > Control Panel > Administrative Tools), configure the FortiDB
Database Monitoring Agent
to run using the same login credentials that you used to unpack the FortiDB agent installation file.
- To start the FortiDB agent, do one of the following:
- For Windows, Linux, or Solaris:
- In
<agent install directory>/bin
, execute the following command: $ fdbagent start
- To stop the agent, execute the following command:
$ fdbagent stop
- In
- For other platforms (for example, AIX):
- In
<agent install directory>/bin
, execute the following command: $ nohup ./fdbagentapp &
- In
- For Windows, Linux, or Solaris:
- To confirm that the audit data path and audit archive path are correct, execute the following command:
- Configure target monitoring for the database where the agent is installed. For detailed instructions, see Configuring DB2 monitoring.
For information on the premissions this user requires, see Users and privileges required by the DB2 agent.
Parameter | Description | Required? |
---|---|---|
agentType | Enter DB2 . |
Yes |
brokerAddress | Enter the IP address or resolvable host name for FortiDB. | Yes |
brokerPort |
Enter the port FortiDB uses to listen for transmissions from the agent. The default value is 9116. |
No |
agentDBAddress |
Enter the IP address of the target database. Use the same value that is specified by the target configuration (General tab). |
Yes |
agentDBPort |
Enter the listening port on the target database. Use the same value that is specified by the target configuration (General tab). |
Yes |
pollingInterval |
Enter the listening port on the target database. Use the same value that is specified by the target configuration (General tab). |
No |
removeAuditFile |
Enter To remove DB2 audit file outputs after the agent sends them to FortiDB, enter |
No |
DB2AgentSetup
db2audit describe
The audit settings are displayed. For example:
DB2 AUDIT SETTINGS:
Audit active: "TRUE"
Log audit events: "FAILURE"
Log checking events: "FAILURE"
Log object maintenance events: "FAILURE"
Log security maintenance events: "FAILURE"
Log system administrator events: "FAILURE"
Log validate events: "FAILURE"
Log context events: "FAILURE"
Return SQLCA on audit error: "FALSE "
Audit Data Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\flush\"
Audit Archive Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\archive\"
AUD0000I Operation succeeded.