1、检查audit_buf_sz
db2 update dbm cfg using audit_buf_sz 32
重启实例
2、定制数据库审计策略
连接数据库
CREATE AUDIT POLICY STATEMENTS CATEGORIES EXECUTE WITH DATA STATUS BOTH ERROR TYPE AUDIT;
AUDIT DATABASE USING POLICY STATEMENTS;
3、通过命令将归档日志导出到指定目录
db2audit archive database dbname to /xxxx/db2_backup/xxxauditarchive/dbname
4、格式化导出归档日志(DB2的审计日志是不可读的,需要进行转换)
db2audit extract file db.aud from files /xxxx/db2_backup/xxxauditarchive/dbname/db2audit.db.dbname.log.0.20191025175856
5、移除、删除审计策略
AUDIT DATABASE REMOVE POLICY;
DROP AUDIT POLICY STATEMENTS;
6、查看策略
select *
from "SYSIBM"."SYSAUDITPOLICIES";
或者命令行
db2audit describe