Information
The LOGARCHMETH2 parameter specifies the type of media and the location used as the secondary destination for archived logs. It is recommended that the directory used for the archived logs be set to full access for Db2 administrator accounts and read and execute only for all other accounts.
Rationale:
Restricting access to the contents of the secondary archive log directory will help ensure that the confidentiality, integrity, and availability of archive logs are protected. Although there are many ways to ensure that your logs will be archived, we recommend using the value of DISK as part of the LOGARCHMETH2 parameter. This will properly ensure that the logs are archived. A finding of OFF is not acceptable.
Solution
For Windows and Linux:
Attach to the Db2 instance.
Run the following command to change the secondary archive log directory, if necessary:
db2 => update database configuration using
logarchmeth2 <valid directory>
Additional steps for Windows (assuming that the logarchmeth2 parameter includes DISK):
Connect to the Db2 host
Right-click on the secondary archive log directory
Choose Properties
Select the Security tab
Grant all Db2 administrator accounts the Full Control authority
Grant all other accounts read and execute privileges only (revoke all other privileges)
Additional steps for Linux (assuming that the logarchmeth2 parameter includes DISK):
Connect to the Db2 host
Change to the secondary archive log directory
Change the permissions for the directory
$ chmod -R 755