Import Logs


EventLog Analyzer gives you the option to import any flat log files and provides predefined reports for Windows (EVTX format) devices, syslog devices, applications, and archived files. This document will provide information on the following topics.

  • Imported Log Files
  • SAP ERP Audit Logs
  • DB2 Audit Logs
  •  

    How to import log files? 

    Refer the Import log file topic to import the logs.

    Imported Log Files

    In the Imported Log Files page, all the logs imported to EventLog Analyzer for monitoring are displayed. This is the default page that appears when the import log option is selected. This page provides details of the imported log file including:

             

     

    SAP ERP Audit Logs

     

    To add the SAP ERP application for monitoring, the audit logs have to be enabled.

    To enable the SAP ERP audit logs:

    To the DEFAULT.PFL file in the location <SAP_installed path>\sys\profile, add

    Note: The user should have permission to read this audit file while importing. 

     

     

    DB2 Audit Logs

     

    Db2 database systems allow auditing at both the instance and database levels. The db2audit tool is used to configure the auditing process. The tool can also be used to archive and extract audit logs, from both instance and database levels. The audit facility can be configured by following these six steps.

    1. Configuring db2audit data path, archive path, and scope.
    2. Creating an audit policy for database auditing.
    3. Assigning the audit policy to the database.
    4. Archiving the active logs.
    5. Extracting the archived logs.
    6. Importing the logs to EventLog Analyzer.
    7.  

    EventLog Analyzer also supports diagnostic logs. Click here to learn how to generate the diagnostic logs report. 

     

    1. Configuring db2audit data path, archive path, and scope

     

    The configure parameter modifies the db2audit.cfg configuration file in the instance's security subdirectory. All updates to this file will occur even when the instance is stopped. Updates occurring when the instance is active will dynamically affect the auditing being done by the Db2 instance. To know more on all possible actions on the configuration file, refer source.

     

  • Open DB2 Command Line Processor with administrator privilege.
  • Run the following command:
  • db2audit configure datapath "C:\IBM\DB2\DataPath" archivepath "C:\IBM\DB2\ArchivePath"

    Note: Replace the given paths with the paths of your choice for data path and archive path respectively.

  • Run the following command:
  • db2audit configure scope all status both errortype normal

    Note: Replace the given parameters with the parameters of your choice.

  • Run the following command:
  • db2audit start

    Now the logs will be generated for the DB2 instance in the given data path.

     

    2. Creating an audit policy for database auditing

     

  • Open DB2 Command Line Processor with administrator privilege.
  • Run the following command to connect to a database:
  • db2 connect to your_database

    Note: Replace your_database with the database name of your choice.

  • Run the following command to create an audit policy for the database:
  • db2 create audit policy policy_name categories all status both error type audit

    Note: Replace policy_name with the policy name of your choice. Replace the given parameters with the command parameters of your choice. To know more on the allowed command parameters, refer source.

  • Run the following command to commit:
  • db2 commit

    Now the audit policy has been created.

     

    3. Assigning the audit policy to the database

     

  • Open DB2 Command Line Processor with administrator privilege.
  • Run the following command to assign a policy to the database:
  • db2 audit database using policy policy_name

    Note: Replace policy_name with the name of the audit policy that you created.

  • Run the following command to commit:
  • db2 commit

    Now the created audit policy is assigned to the database.

     

    4. Archiving the active logs

     

    You can archive the active logs from both instance and database. The logs will be archived to the archive path that you configured in the first step.

  • Open DB2 Command Line Processor with administrator privilege.
  • Run the following command to archive the active database logs:
  • db2audit archive database your_database

    Note: Replace your_database with the name of the database.

  • Run the following command to archive active instance logs:
  • db2audit archive

    Now the logs will be archived to a new file with a timestamp appended to the filename. An example of the filename is given below.

    Instance Log file: db2audit.instance.log.0.20060418235612

    Database Log file: db2audit.db.your_database.log.0.20060418235612

    Both files have to be extracted into a human-readable format to be imported into EventLog Analyzer.

     

    5. Extracting the archived logs

     

  • Open DB2 Command Line Processor with administrator privilege.
  • Run the following command to extract the archived instance logs:
  • db2audit extract file C:/IBM/DB2/instancelog.txt from files db2audit.instance.log.0.20060418235612

    Note: Replace the instancelog with the filename of your choice. Replace db2audit.instance.log.0.20060418235612 with the filename of the archived instance logs.

  • Run the following command to extract archived database logs:
  • db2audit extract file C:/IBM/DB2/databaselog.txt from files db2audit.db.your_database.log.0.20060418235612

    Note: Replace databaselog with the filename of your choice. Replace db2audit.db.your_database.log.0.20060418235612 with the filename of the archived database logs.

    Both files will be extracted to the given archive path and can be imported into EventLog Analyzer.

     

    6. Importing the logs to EventLog Analyzer

     

    Now you will have to import the extracted database and instance log files into EventLog Analyzer. Here is a comprehensive guide on how to import log files in EventLog Analyzer.

     

    Diagnostic Logs 

     

    EventLog Analyzer also provides a report for diagnostic logs. To generate the diagnostic logs report, follow the given steps.

     

  • Run the following command to find the location of the diagnostic log file.
  • db2 get dbm cfg | findstr DIAGPATH

    (or)

    db2 get dbm cfg | grep DIAGPATH

    (or)

    db2 get dbm cfg

    Note: The path corresponding to Current member resolved DIAGPATH is the path to the diagnostic log file.

  • Navigate to the specified path and import the file named db2diag.txt to EventLog Analyzer. Here is a comprehensive guide on how to import log files in EventLog Analyzer.
  •  

    Get download link