This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

DB2 (Based on Linux) integration

rajbirsingh
New Contributor
New Contributor

‎2019-10-19 01:38 AM

Hello All, 

 

We are in process to integrate DB2 with RSA netwitness 11.1. We checked the RSA integration document and found DB2  integration for windows and AIX is already supported. 

 

Can any one help to integrate DB2 installed on Linux? we need help to enable auditing on DB2 which is installed on Linux.

I believe there would be no much difference in enabling auditing on DB2, as it would be the same for DB2 either its installed on AIX or Linux. Please correct me if i am wrong. 

 

Also, please help with the required commands or steps to enable auditing? 

 

Once auditing is enabled we can use sftp to collect logs files. 

 

Thanks in advance. 

Aaron GeerAaron ThummelRSA Customer Support

0 Likes
5 REPLIES 5

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor

‎2019-10-19 12:35 PM

Rajbir

 

Have you looked at the following resource?  IBM Knowledge Center 

 

That should help you enable auditing.  I would think the auditing format is similar to the AIX version.

 

First try and get the auditing configured then once you do that, reach out to me and I can help with the parsing of the data.

 

Thanks

 

Dave

0 Likes

rajbirsingh
New Contributor
New Contributor
In response to DaveGlover

‎2019-10-22 02:19 AM

Dear Dave, 

 

Thank you so much for response. 

 

I am in process to enable the auditing on DB2 once it is done i will try to follow the sftp integration process. if we face any issue will post over here. 

 

Your help is really Appreciated. 

 

Thanks, 

0 Likes

DaveGlover
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to rajbirsingh

‎2019-10-22 02:32 AM

Great, let me know how you make out.

 

Dave

0 Likes

rajbirsingh
New Contributor
New Contributor
In response to DaveGlover

‎2019-10-30 02:00 PM

Hi Dave, 

 

We are doing this integration now so apologies for delay in response. 

 

It is the same file collection integration that we use for any other supported device. Below are the steps that we are following:

1. Enable the auditing on DB2 using : IBM knowledge center 

2. Added Event source on VLC 

3. Configured sasftpagent.sh and sftpagent.conf 

4. Required permission given to sasftpagent.sh 

5. cache the sftp connection. 

 

Here, we can see sftp connection can be created without prompting any password. Also when i run the script i can see (using tcpdump) DB2 logs are coming in VLC but strange thing is that these logs do not appear in investigation page. 

For further confirmation i check directory which we have create in process of event source creation but found logs are not even store in that directory. 

 

Can you please help me to understand where these logs are going? Why these logs are not being store or visible in investigation page. 

 

Please find the attached sasftpagent.sh and sftpagent.conf file which we are using for this integration. 

 

I have tested one another server as well and found logs are not stored in directory which was created during event source creation but logs were visible in investigation page. 

The only difference is, i am using "_ " in name of directory in recent integration.  

0 Likes

rajbirsingh
New Contributor
New Contributor
In response to DaveGlover

‎2019-10-30 02:02 PM

This is the script and conf file which we are using. 

sftpagent.conf.zip
38 KB
0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.