Different data retrieval methods, Using this feature – Fortinet FortiDB User Manual

Appendix B: DB2-Audit-Based Auditing for DB2 UDB V8

Different Data Retrieval Methods

FortiDB Version 3.2 Privilege Monitor User Guide
15-32000-81364-20081219

45

Appendix B: DB2-Audit-Based Auditing for DB2
UDB V8

Specifying the Use of DB2 Audit on Database-Connection Screen

This feature use of the DB2's DB2 Audit functionality, which insures capturing all
transactions on the target-database machine, albeit at the expense of requiring an
agent.

1

With the previous FortiDB MA implementation, only a ‘snapshot’ methodology of
capturing data for Privilege Monitor was possible. That method only captured at
prescribed time intervals, which could lead to missed information if the interval
were too large or if the database activity was exceptionally high.

The DB2-Audit-based method, applicable to DB2 V8, overcomes these
limitations. In addition, this method allows the reporting of the SQL statements
involved in the transaction that caused the alert.

Different Data Retrieval Methods

If you are working with the PM module, you may specify a Data Retrieval method
of either Audit or No Audit. The latter, which is the default, invokes the snapshot
method.

If you select the Audit method, however, FortiDB MA will then use an agent for
data collection and provide you with a:

• Checkbox in order to specify whether you want to collect the SQL statements

involved. (The default is for this checkbox to be unchecked).

• Text box for the agent's port number (the default is port 51236.)

Using This Feature

In general, you should follow these steps in order to use the DB2-Audit-based
method:

1

Setup and start the DB2-Audit-Based agent on the target-database machine.

1. Since db2audit writes data to a file, the results of which cannot be queried from the
JDBC connection, an agent is required in order to send the information back to FortiDB-
MA.