Using log string data

The log string data contains information that can help you audit Db2 successfully.

Db2 uses the XAPL parameter list (DSNDXAPL macro) to pass log string information to the RACF access control module. The LOGSTR= parameter of the RACROUTE REQUEST=FASTAUTH request contains the input portion of XAPL and does the following:

  • Identifies the RACF access control module request that caused RACF to create the audit record. The RACF profile causing the audit record to be cut could be a profile that provides a Db2 administrative authority and might not identify the specific Db2 resource being accessed. The log string data contains values from the XAPL parameter list that are necessary to identify that unique request from the RACF access control module.
  • Links SMF type 80 records with Db2 IFCID 314 records. Each invocation of the RACF access control module might produce an SMF type 80 record. Db2 might produce a Db2 IFCID 314 record in addition to the SMF type 80 records cut by RACF. You can determine that the records were cut for the same RACF access control module request if the LOGSTR_TIME and LOGSTR_USER values in the SMF type 80 record match the XAPLSTCK and XAPLUPRM values in the IFCID 314 request. The RACF access control module uses these time and user values created from the log string data to link the RACF and Db2 information.

The following table shows the ordered information included in log string data. A blank space separates each field, as indicated in the table.

Table 1. Information contained in log string data
Log string data Length XAPL field name Description
LOGSTR_DATA DS 0CL241    
LOGSTR_TIME DS CL8 XAPLSTCK Time
  DS CL1    
LOGSTR_USER DS CL8 XAPLUPRM User
  DS CL1    
LOGSTR_SUBSYSTEM DS CL4 XAPLGPAT Subsystem name, or if data sharing, Db2 group attachment name
  DS CL1    
LOGSTR_OBJTYPE DS CL1 XAPLTYPE Object type
DS CL1    
LOGSTR_FLAGS DS 0CL16 XAPLFLG1 Flags: The flags in this field are declared as BL1. The field is translated to CL16 in the LOGSTR data field and contains one character for each bit with a blank character between each one.
  • If the bit is on, Y is inserted.
  • If the bit is off, N is inserted.
  • Reserved bits are left blank.
LOGSTR_SECNDRY_ID DS CL1 Secondary ID (Y or N)
  DS CL1  
LOGSTR_USERTAB DS CL1 User table (Y or N)
  DS CL1  
LOGSTR_AUTOBIND DS CL1 Autobind authority check (Y or N)
  DS CL1  
LOGSTR_DBCRTVW DS CL1 DBADM authority to create views for others (Y or N)
  DS CL1  
LOGSTR_RDRW DS CL1 Read/write request (Y or N)
  DS CL1  
LOGSTR_NOAUDIT DS CL1 Suppress failure records (Y or N)
  DS CL5    
LOGSTR_OBJNAME DS CL20 XAPLOBJN Object name: This is the first 20 bytes of the XAPLOBJN field.
  DS CL1    
LOGSTR_OBJOWNER DS CL20 XAPLOWNQ Object owner or qualifier: This is the first 20 bytes of the XAPLOWNQ field.
  DS CL1    
LOGSTR_REL1 DS CL20 XAPLREL1 Related information 1: This is the first 20 bytes of the XAPLREL1 field.
  DS CL1    
LOGSTR_REL2 DS CL20 XAPLREL2 Related information 2: This is the first 20 bytes of the XAPLREL2 field.
  DS CL1    
LOGSTR_PRIV DS CL3 XAPLPRIV Privilege
DS CL1    
LOGSTR_SOURCE DS CL1 XAPLRSV3 Reserved
  DS CL1    
LOGSTR_CLASS DS CL8   Class name
  DS CL1    
LOGSTR_ENTY DS CL100   Entity name: This is the first resource checked for a specific request.