The process is as follows
The db2 extract command is run on the AIX machine - This will copy and convert the binary audit files to ASCII.
The nicsftp shell script is running on the aix machine looking for the db2 logs
The logs are then forwarded to envision by the nicsftpagent shell script
Hope that helps
I have couple of questions for you
1) The ascii log looks like
event correlator=2;event status=0;
origin node=0;coordinator node=0;
application id=*LOCAL.db2inst1.090625122012;application name=DB2HMON;
auth type=SERVER;plugin name=IBMOSauthserver;
This log is not similar to the parsers you have written?
Is there any modification required from db2 side while collecting the logs?
2) While running the nicsftpagent.sh we need to give the directory path in envision where the logs will be transfered, the way to create this directory is to add a new file reader device in universal device collection(version 4.0). And then modify the definition of that device by configuring
name : db2aix
device tag : ?
data start line : 1
message id location : 1
field delimter : ;
line delimiter : LF
What do you suggest, these entries should be based on the log above ?
Any other suggestions