SmartConnector for IBM DB2 Multiple Instance UDB Audit File

0 Likes

Labels:

SmartConnector Configuration Guides - File
Comment List
Anonymous
Parents
  • Yes, DB2 *.del text based files are exported along with a binary auditlobs file.  The Execute and Context messages have a position reference to the SQL statements stored in the binary file. I understand statements can be long and ArcSight fields are limited.  Even if truncated, having the statement text allows the analyst and rules to have context as to what is going on.  ArcSight would simply need to use reference position information to access the statement and then include it in the CEF.

    I too experience non-ASCII characters in the logs and same ends up in the ArcSight field. I reported this, yet have not focused on these transaction reference IDs. 

    I'm currently working with parsing specific to 9.7.  I'm glad you bring up these version and I hope ArcSight will also fix these versions.  I will add JIRA CON-15703 to my request also.

    Carl, thanks so much for replying.

Comment
  • Yes, DB2 *.del text based files are exported along with a binary auditlobs file.  The Execute and Context messages have a position reference to the SQL statements stored in the binary file. I understand statements can be long and ArcSight fields are limited.  Even if truncated, having the statement text allows the analyst and rules to have context as to what is going on.  ArcSight would simply need to use reference position information to access the statement and then include it in the CEF.

    I too experience non-ASCII characters in the logs and same ends up in the ArcSight field. I reported this, yet have not focused on these transaction reference IDs. 

    I'm currently working with parsing specific to 9.7.  I'm glad you bring up these version and I hope ArcSight will also fix these versions.  I will add JIRA CON-15703 to my request also.

    Carl, thanks so much for replying.

Children
No Data
Related Discussions
Recommended