Using log string data
The log string data contains information that can help you audit Db2 successfully.
Db2 uses the XAPL parameter
list (DSNDXAPL macro) to pass log string information to the RACF access control module.
The LOGSTR= parameter of the RACROUTE REQUEST=FASTAUTH
request contains the input portion of XAPL and does the following:
- Identifies the RACF access control module request that caused RACF to create the audit record. The RACF profile causing the audit record to be cut could be a profile that provides a Db2 administrative authority and might not identify the specific Db2 resource being accessed. The log string data contains values from the XAPL parameter list that are necessary to identify that unique request from the RACF access control module.
- Links SMF type 80 records with Db2 IFCID
314 records. Each invocation of the RACF access control module might
produce an SMF type 80 record. Db2 might
produce a Db2 IFCID 314 record
in addition to the SMF type 80 records cut by RACF. You can determine that the records were
cut for the same RACF access control module request
if the
LOGSTR_TIMEandLOGSTR_USERvalues in the SMF type 80 record match the XAPLSTCK and XAPLUPRM values in the IFCID 314 request. The RACF access control module uses these time and user values created from the log string data to link the RACF and Db2 information.
The following table shows the ordered information included in log string data. A blank space separates each field, as indicated in the table.
| Log string data | Length | XAPL field name | Description | |
|---|---|---|---|---|
| LOGSTR_DATA | DS 0CL241 | |||
| LOGSTR_TIME | DS CL8 | XAPLSTCK | Time | |
| DS CL1 | ||||
| LOGSTR_USER | DS CL8 | XAPLUPRM | User | |
| DS CL1 | ||||
| LOGSTR_SUBSYSTEM | DS CL4 | XAPLGPAT | Subsystem name, or if data sharing, Db2 group attachment name | |
| DS CL1 | ||||
| LOGSTR_OBJTYPE | DS CL1 | XAPLTYPE | Object type | |
| DS CL1 | ||||
| LOGSTR_FLAGS | DS 0CL16 | XAPLFLG1 | Flags: The
flags in this field are declared as BL1. The field is translated to
CL16 in the LOGSTR data field and contains one character for each
bit with a blank character between each one.
|
|
| LOGSTR_SECNDRY_ID | DS CL1 | Secondary
ID (Y or N) |
||
| DS CL1 | ||||
| LOGSTR_USERTAB | DS CL1 | User
table (Y or N) |
||
| DS CL1 | ||||
| LOGSTR_AUTOBIND | DS CL1 | Autobind authority check (Y or N) |
||
| DS CL1 | ||||
| LOGSTR_DBCRTVW | DS CL1 | DBADM authority to create views
for others (Y or N) |
||
| DS CL1 | ||||
| LOGSTR_RDRW | DS CL1 | Read/write request (Y or N) |
||
| DS CL1 | ||||
| LOGSTR_NOAUDIT | DS CL1 | Suppress failure records (Y or N) |
||
| DS CL5 | ||||
| LOGSTR_OBJNAME | DS CL20 | XAPLOBJN | Object name: This is the first 20 bytes of the XAPLOBJN field. | |
| DS CL1 | ||||
| LOGSTR_OBJOWNER | DS CL20 | XAPLOWNQ | Object owner or qualifier: This is the first 20 bytes of the XAPLOWNQ field. | |
| DS CL1 | ||||
| LOGSTR_REL1 | DS CL20 | XAPLREL1 | Related information 1: This is the first 20 bytes of the XAPLREL1 field. | |
| DS CL1 | ||||
| LOGSTR_REL2 | DS CL20 | XAPLREL2 | Related information 2: This is the first 20 bytes of the XAPLREL2 field. | |
| DS CL1 | ||||
| LOGSTR_PRIV | DS CL3 | XAPLPRIV | Privilege | |
| DS CL1 | ||||
| LOGSTR_SOURCE | DS CL1 | XAPLRSV3 | Reserved | |
| DS CL1 | ||||
| LOGSTR_CLASS | DS CL8 | Class name | ||
| DS CL1 | ||||
| LOGSTR_ENTY | DS CL100 | Entity name: This is the first resource checked for a specific request. | ||