My Notes:

Here is a problem statement:  “The ArcSight SmartConnector for IBM DB2 Database Audit logs are missing a critical piece of information as to what is happening. The SmartConnector is NOT sending any database statements”.

FAQs:

Is something broken? The code works. Yet the process of mapping and providing the correct information seems incomplete or wrong.

Is vendor (IBM) logging everything proper? Yes, the data is in the auditlobs binary file, offset given.

Are there known ways to get the statements? Yes, documented on IBM public website.

Is it documented that the SmartConnector will provide this? Yes, Pages 12,13 state ArcSight Message will contain StatementText.

Today, I have asked for escalation to an appropriate level in hopes for a good resolve. #FingersCrossed

My Notes:

Here is a problem statement:  “The ArcSight SmartConnector for IBM DB2 Database Audit logs are missing a critical piece of information as to what is happening. The SmartConnector is NOT sending any database statements”.

FAQs:

Is something broken? The code works. Yet the process of mapping and providing the correct information seems incomplete or wrong.

Is vendor (IBM) logging everything proper? Yes, the data is in the auditlobs binary file, offset given.

Are there known ways to get the statements? Yes, documented on IBM public website.

Is it documented that the SmartConnector will provide this? Yes, Pages 12,13 state ArcSight Message will contain StatementText.

Today, I have asked for escalation to an appropriate level in hopes for a good resolve. #FingersCrossed