먼저 Linux 서버에서 정보를 수집한 다음 db2 CLI를 통해 DB2 v10 인스턴스에 연결하여 쿼리를 실행하는 감사 스크립트를 작성 중입니다. 서버에 있는 하나의 데이터베이스와 완벽하게 작동합니다. 다른 데이터베이스를 만들고 스크립트를 실행했습니다. 이제 내 결과는 두 데이터베이스의 응답을 혼합한 것입니다.
DB2 CLI를 통해 첫 번째 데이터베이스에 연결하고 스크립트를 실행해 보았지만 결과는 여전히 엇갈립니다. 데이터베이스별로 결과를 얻거나 필요할 때 어떤 데이터베이스에서 어떤 결과가 나오는지 명확하게 표시하려면 어떻게 해야 합니까? 나는 외부 감사자이기 때문에 사전에 데이터베이스 이름을 갖지 않을 것입니다.
아래 스니펫은 로컬 Linux/AIX 서버 정보를 얻고 DB2에 연결을 시작한 후 실행하는 것입니다.
echo "==============================" >> $working_dir/$logfile ;
for i in `db2 list db directory | grep 'Database name' | awk '{print $4}'`;
do
echo "==============================" >> $working_dir/$logfile ;
echo "Checking Database State" >> $working_dir/$logfile ;
echo "===============================" >> $working_dir/$logfile ;
state=$(db2 get db cfg for $i | grep 'HADR database role' | awk '{print $5}');
echo "Current state is $state" >> $working_dir/$logfile ;
if [ $state = "STANDBY" ]
then
echo "THIS DATABASE IS THE STANDBY, THIS OPERATION SHOULD BE PERFORMED ON THE PRIMARY" >> $working_dir/$logfile
else
echo "=========================" >> $working_dir/$logfile ;
echo "CONNECTING TO DATABASE " >> $working_dir/$logfile ;
echo "=========================" >> $working_dir/$logfile ;
db2 connect to $i >> $working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
echo "5. NODE DIRECTORIES" >> $working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
db2 list node directory show detail >>$working_dir/$logfile ;
echo "==============================" >> $working_dir/$logfile ;
echo "6. DATABASES ON THIS SERVER" >> $working_dir/$logfile ;
echo "==============================" >> $working_dir/$logfile ;
db2 list db directory >>$working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
echo "7. AUDIT PARAMETERS IN THE DATABASE" >> $working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
db2audit describe >> $working_dir/$logfile ;
echo "================================================" >> $working_dir/$logfile ;
echo "8. CURRENT LEVEL OF INSTALLED DATABASE SOFTWARE" >> $working_dir/$logfile ;
echo "================================================" >> $working_dir/$logfile ;
db2level >> $working_dir/$logfile ;
echo "=================================================" >> $working_dir/$logfile ;
echo "9. APPLICATIONS CURRENTLY ACCESSING THE DATABASE" >> $working_dir/$logfile ;
echo "=================================================" >> $working_dir/$logfile ;
db2 list applications >> $working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
echo "10. DATABASE DBA-LEVEL ASSIGNMENTS" >> $working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
db2 "select char(grantee,15) as grantee, char(granteetype,1) as type, char(dbadmauth,1) as dbadmin,
char(securityadmauth,1) as secadmin, char(sqladmauth,1) as sqladmin, char(dataaccessauth,1) as
access, char(accessctrlauth,1) as accessctrl, char(wlmadmauth,1) as wlmadmin, char(loadauth,1) as load,
char(createtabauth,1) as createtable, char(bindaddauth,1) as bindadd, char(connectauth,1) as connect,
char(implschemaauth,1) as implschema, char(libraryadmauth,1) as libadmin from syscat.dbauth" order by grantee >> $working_dir/$logfile ;
echo "==============================================" >> $working_dir/$logfile ;
echo " 11. PASSTHROUGH ACCESS FROM OTHER DATABASES" >> $working_dir/$logfile ;
echo "==============================================" >> $working_dir/$logfile ;
db2 "select char(grantor,8) as grantor, char(grantortype,1) as type,
char (grantee,15) as grantee, char (granteetype,1) as grantee_type, char(servername,8) as servername
from SYSCAT.PASSTHRUAUTH" >> $working_dir/$logfile ;
echo "=============================================" >> $working_dir/$logfile ;
echo " 12. ROLES AND MEMBERS IN THE DATABASE" >> $working_dir/$logfile ;
echo "=============================================" >> $working_dir/$logfile ;
db2 "select char(grantor,8) as grantor, char(grantortype,1) as type,
char(grantee,8) as grantee, char(granteetype,1) as grantee_type, char(rolename,15) as role_name, char(admin,1) as admin from SYSCAT.ROLEAUTH" order by grantee >> $working_dir/$logfile ;
echo "===============================================================" >> $working_dir/$logfile ;
echo "13. DISTINCT OWNERS OF TABLES (Should Not Be Public or Users)" >> $working_dir/$logfile ;
echo "===============================================================" >> $working_dir/$logfile ;
db2 "select distinct owner from SYSCAT.TABLES" >> $working_dir/$logfile ;
echo "==================================" >> $working_dir/$logfile ;
echo "14. ACCESS LEVEL TO SYSTEM TABLES" >> $working_dir/$logfile ;
echo "==================================" >> $working_dir/$logfile ;
db2 "select char(grantor,8) as grantor, char(grantee,8) as grantee, char(ttname,33) as tablename, char(controlauth,1) as control, char(alterauth,1) as alter, char(deleteauth,1) as delete, char(insertauth,1) as insert, char(selectauth,1) as select, char(granteetype,1) as grantee_type from sysibm.systabauth
where grantee not in ('DB2INST1')" order by grantee >> $working_dir/$logfile ;
echo "=====================" >> $working_dir/$logfile ;
echo "15. LIST ALL SCHEMAS" >> $working_dir/$logfile ;
echo "=====================" >> $working_dir/$logfile ;
db2 "select char(schemaname,15) as name, char(owner,10) as owner, char(auditpolicyname,12) as auditpolicy from syscat.schemata" >> $working_dir/$logfile ;
echo "=======================" >> $working_dir/$logfile ;
echo "16. ACCESS TO SCHEMAS" >> $working_dir/$logfile ;
echo "=======================" >> $working_dir/$logfile ;
db2 "SELECT char(GRANTOR,8) as grantor, char(grantee,12) as grantee, char(granteetype,1) as type,
char(schemaname, 10) as schema_name, char(alterinauth,1) as alter, char(createinauth,1) as create,
char(dropinauth,1) as drop from syscat.schemaauth" order by grantee >> $working_dir/$logfile ;
echo "===================================" >> $working_dir/$logfile ;
echo "17. DATABASE CONFIGURATION" >> $working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
db2 get db cfg >>$working_dir/$logfile ;
echo "===================================" >> $working_dir/$logfile ;
echo "18. DATABASE MANAGER CONFIGURATION" >> $working_dir/$logfile ;
echo "====================================" >> $working_dir/$logfile ;
db2 get database manager configuration >>$working_dir/$logfile ;
echo "==========================================" >> $working_dir/$logfile ;
echo "19. PUBLIC ACCESS TO SYSTEM CATALOG VIEWS" >> $working_dir/$logfile ;
echo "==========================================" >> $working_dir/$logfile ;
db2 "select char(grantee,8) as grantee, char(ttname,30) as table from sysibm.systabauth where tcreator='SYSCAT' and grantee='PUBLIC'" >>$working_dir/$logfile ;
echo "================================" >> $working_dir/$logfile ;
echo "20. ACCESS TO SYSTEM TABLESPACE" >> $working_dir/$logfile ;
echo "================================" >> $working_dir/$logfile ;
db2 "select char(grantee,8) as grantee, char(tbspace,10) as tablespace from sysibm.systbspaceauth where grantee='PUBLIC'" >>$working_dir/$logfile ;
echo "==============================" >> $working_dir/$logfile ;
echo "21. USE OF SYSTEM TABLESPACE" >> $working_dir/$logfile ;
echo "==============================" >> $working_dir/$logfile ;
db2 "select char(tabschema,8)as tableschema, char(tabname,8) as tablename, char(tbspace,10) as tablespace from syscat.tables where tabschema not in ('ADMINISTRATOR','SYSIBM','SYSTOOLS') and tbspace in ('SYSCATSPACE','SYSTOOLSPACE','SYSTOOLSTMPSPACE','TEMPSPACE')" >>$working_dir/$logfile ;
echo "++++++++++++++++++++++++++++++SCRIPT COMPLETED+++++++++++++++++++++++++++++" >> $working_dir/$logfile ;
db2 terminate
fi
echo "";
done
echo "Audit Ended `date`" >> $working_dir/$logfile
답변1
단순히 보고서($logfile)에 데이터베이스 이름을 기록하려는 경우 스크립트(루프 제어 변수 $i)에 데이터베이스 이름이 이미 있는 것입니다.
단일 $logfile(의심스러운 결정인 것처럼 보이는 모든 데이터베이스를 포함하기 위해)을 원하는 경우 성공적인 db 연결 후와 해당 데이터베이스의 연결 끊기/연결 재설정 후에 머리글과 바닥글을 $logfile에 에코합니다. 그러면 DB 머리글과 바닥글 사이의 모든 내용이 해당 데이터베이스에 속하게 됩니다.
또 다른 옵션은 데이터베이스당 하나의 $logfile(예: $dbname.$logfile)을 갖는 것입니다. 이는 더 간단할 수 있습니다. 특히 데이터베이스 소유권은 조직의 다양한 그룹/책임에 대한 것입니다.
답변2
내가 한 방법 중 하나는 다음과 같습니다.
os_info=$h_name,$os_name,$os_mversion
# paragraph grep'ing is not possible in Linux, use Perl version
db2 list db directory | perl -00ne 'if ($_ =~ /Indirect/) {chomp($_); printf "%s\n",$_}' | grep -i alias|awk {'print $4'} | while read DB_NAME
do
db2 connect to $DB_NAME >>/dev/null
is_connected=$(db2 connect to $DB_NAME | awk {'print $1'} | head -1)
#echo $is_connected
if [ "$is_connected" = "SQL1776N" ]; then
echo '-1, *HADR Secondary*' > xcvsfdgerwersdfs.dat
else
db2 "CALL GET_DBSIZE_INFO(?, ?, ?, -1)" | grep "Parameter Value" | head -2 | tail -1 | awk '{print $4}' > xcvsfdgerwersdfs.dat
fi
db_size=$(cat xcvsfdgerwersdfs.dat)
echo $os_info,$db2_version,$DB2INSTANCE,$DB_NAME,$db_size
done
나는 Linux와 AIX에 데이터베이스를 갖고 있으므로 특정한 용도로 Perl 스니펫을 사용하고 있습니다. 나는 DB2 카탈로그를 활용하여 사용 가능한 DB를 찾고 식별하고 해당 정보를 수집합니다.