DB2 logs internal events to its own type of SMF log records. The DB2 SMF records contain information related to many different types of events occurring within the system. The level of granularity depends on configurations of the DB2 audit trace at the individual table level. The SMF records provide data useful for investigating security events and if used in combination with other resources, help investigate possible attacks and breaches for incident response, auditing and compliance purposes.
DB2 SMF records are created in binary format and may be in excess of 32,000 characters in length. The SMF records are not readable by a plain text editor, making online viewing and interpretation almost impossible for SIM, SIEM and log consolidation products.
The Type80 SMA_RT base product offers an optional SMF collection feature for z/OS DB2 customers wishing to collect comprehensive DB2 Audited events. The Tyep80 DB2 connector translates the binary data from bit settings into a clearly readable format. It also filters out unnecessary information before placing it into the Syslog format and automatically creates segmented Syslog records if required.
In addition to all of the SMA_RT product features, the Type80 SMA_RT DB2 Connector is capable of reporting on the following events if the data is contained within the DB2 SMF record: