Connecting to target databases : Pre-configuration for monitoring target databases : DB2 target database pre-configuration : Configuring the DB2 database and installing the agent
 
Configuring the DB2 database and installing the agent
To configure the DB2 target database to work with the DB2 agent
1. If the database already has an audit configuration, to reset the instance level audit, use the following command:
db2audit configure reset
2. To start the audit facility administrator tool, use the following command:
db2audit start
3. To configure the audit facility to audit for failed logins, use the following command:
db2audit configure scope context status failure
4. To set the size of the audit buffer, use the following command:
db2 update dbm cfg using AUDIT_BUF_SZ 10000
 
The default audit buffer is 0 (no setting).
5. To grant security administration authority (SECADM) to the user FortiDB uses to connect to the database, use the following command:
db2=> GRANT SECADM ON DATABASE TO USER <user name>
where <user name> is the user name specified by the target configuration (General tab).
 
For Windows, the FortiDB connection user needs to belong to the DB2ADMNS or DB2USERS group. For UNIX, AIX, or Linux, the FortiDB connection user does not need to be an instance owner.
By default, the db2admin user does not have the SECADM authority.
To configure and run the DB2 agent
1. Ensure that Java Virtual Machine (JVM) 1.6 or greater is installed, the JAVA_HOME environment variable is correctly configured, and that the bin directory is first on the execution path.
2. Obtain a copy of the FortiDB agent installer. For information on obtaining the installer, contact Fortinet technical support.
3. Ensure that the DB2 target database has the required configuration. See “To configure the DB2 target database to work with the DB2 agent”.
4. As the database user that runs the agent, log in to the machine where the DB2 database is located, and then unpack a copy of FortiDB agent installer to a directory.
For information on the premissions this user requires, see “Users and privileges required by the DB2 agent”.
5. Copy the agent.properties.sample file from <agent install directory>/doc to <agent install directory>/conf, and then change the file name to agent.properties.
6. Using a text editor, change the agent.properties.sample properties to the following values:
Parameter
Description
Required?
agentType
Enter DB2.
Yes
brokerAddress
Enter the IP address or resolvable host name for FortiDB.
Yes
brokerPort
Enter the port FortiDB uses to listen for transmissions from the agent.
The default value is 9116.
No
agentDBAddress
Enter the IP address of the target database.
Use the same value that is specified by the target configuration (General tab).
Yes
agentDBPort
Enter the listening port on the target database.
Use the same value that is specified by the target configuration (General tab).
Yes
pollingInterval
Enter the listening port on the target database.
Use the same value that is specified by the target configuration (General tab).
No
removeAuditFile
Enter true or false.
To remove DB2 audit file outputs after the agent sends them to FortiDB, enter true (the default value).
No
7. To install the DB2 agent, go to <agent install directory>/bin, and then execute the following command:
DB2AgentSetup
8. If DB2 is installed on Windows, do the following:
a. In <agent install directory>/bin, execute the following command:
fdbagent install
b. In the Windows Services Control Panel (for example, in Start > Control Panel > Administrative Tools), configure the FortiDB Database Monitoring Agent to run using the same login credentials that you used to unpack the FortiDB agent installation file.
9. To start the FortiDB agent, do one of the following:
For Windows, Linux, or Solaris:
In <agent install directory>/bin, execute the following command:
$ fdbagent start
To stop the agent, execute the following command:
$ fdbagent stop
For other platforms:
In <agent install directory>/bin, execute the following command:
$ nohup ./fdbagentapp &
10. To confirm that the audit data path and audit archive path are correct, execute the following command:
db2audit describe
The audit settings are displayed. For example:
DB2 AUDIT SETTINGS:
Audit active: "TRUE"
Log audit events: "FAILURE"
Log checking events: "FAILURE"
Log object maintenance events: "FAILURE"
Log security maintenance events: "FAILURE"
Log system administrator events: "FAILURE"
Log validate events: "FAILURE"
Log context events: "FAILURE"
Return SQLCA on audit error: "FALSE "
Audit Data Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\flush\"
Audit Archive Path: "C:\DB2\fdbagent\bin\..\tmp\db2audit\archive\"
AUD0000I Operation succeeded.
11. Configure target monitoring for the database where the agent is installed. For detailed instructions, see “Configuring DB2 monitoring”.
See also
Users and privileges required by the DB2 agent