Audit record layout for CHECKING events
The format of the audit record for CHECKING events is shown in the following table.
Sample audit record:
timestamp=1998-06-24-08.42.11.622984;
category=CHECKING;
audit event=CHECKING_OBJECT;
event correlator=2;
event status=0;
database=FOO;
userid=boss;
authid=BOSS;
application id=*LOCAL.newton.980624124210;
application name=testapp;
package schema=NULLID;
package name=SYSSH200;
package section=0;
object schema=GSTAGER;
object name=NONE;
object type=REOPT_VALUES;
access approval reason=DBADM;
access attempted=STORE;| NAME | FORMAT | DESCRIPTION |
|---|---|---|
| Timestamp | CHAR(26) | Date and time of the audit event. |
| Category | CHAR(8) | Category of audit
event. Possible values are: CHECKING
|
| Audit Event | VARCHAR(32) | Specific Audit Event.
For a list of possible values, refer to the section for the CHECKING category in Audit events. |
| Event Correlator | INTEGER | Correlation identifier for the operation being audited. Can be used to identify what audit records are associated with a single event. |
| Event Status | INTEGER | Status of audit event,
represented by an SQLCODE where Successful event > = 0
Failed event < 0 |
| Database Name | CHAR(8) | Name of the database for which the event was generated. Blank if this was an instance level audit event. |
| User ID | VARCHAR(1024) | User ID at time of audit event. |
| Authorization ID | VARCHAR(128) | Authorization ID at time of audit event. |
| Origin Node Number | SMALLINT | Member number at which the audit event occurred. |
| Coordinator Node Number | SMALLINT | Member number of the coordinator Member. |
| Application ID | VARCHAR(255) | Application ID in use at the time the audit event occurred. |
| Application Name | VARCHAR(1024) | Application name in use at the time the audit event occurred. |
| Package Schema | VARCHAR(128) | Schema of the package in use at the time of the audit event. |
| Package Name | VARCHAR(128) | Name of package in use at the time the audit event occurred. |
| Package Section Number | SMALLINT | Section number in package being used at the time the audit event occurred. |
| Object Schema | VARCHAR(128) | Schema of the object for which the audit event was generated. |
| Object Name | VARCHAR(128) | Name of object for which the audit event was generated. |
| Object Type | VARCHAR(32) | Type of object for
which the audit event was generated. Possible values include: those
shown in the topic titled Audit record object types. |
| Access Approval Reason | CHAR(34) | Indicates the reason
why access was approved for this audit event. Possible values include:
those shown in the topic titled List of possible CHECKING access approval reasons. |
| Access Attempted | CHAR(34) | Indicates the type
of access that was attempted. Possible values include: those shown
in the topic titled List of possible CHECKING access attempted types. |
| Package Version | VARCHAR (64) | Version of the package in use at the time that the audit event occurred. |
| Checked Authorization ID | VARCHAR(128) | Authorization ID is checked when it is
different than the authorization ID at the time of the audit event.
For example, this can be the target owner in a TRANSFER OWNERSHIP
statement. When the audit event is SWITCH_USER, this field represents the authorization ID that is switched to. |
| Local Transaction ID | VARCHAR(10) FOR BIT DATA | The local transaction ID in use at the time the audit event occurred. This is the SQLU_TID structure that is part of the transaction logs. |
| Global Transaction ID | VARCHAR(30) FOR BIT DATA | The global transaction ID in use at the time the audit event occurred. This is the data field in the SQLP_GXID structure that is part of the transaction logs. |
| Client User ID | VARCHAR(255) | The value of the CURRENT CLIENT USERID special register at the time the audit event occurred. |
| Client Workstation Name | VARCHAR(255) | The value of the CURRENT CLIENT_WRKSTNNAME special register at the time the audit event occurred. |
| Client Application Name | VARCHAR(255) | The value of the CURRENT CLIENT_APPLNAME special register at the time the audit event occurred. |
| Client Accounting String | VARCHAR(255) | The value of the CURRENT CLIENT_ACCTNG special register at the time the audit event occurred. |
| Trusted Context Name | VARCHAR(255) | The name of the trusted context associated with the trusted connection. |
| Connection Trust Type | CHAR(1) | Possible values are:
'' - NONE '1' - IMPLICIT_TRUSTED_CONNECTION '2' - EXPLICIT_TRUSTED_CONNECTION |
| Role Inherited | VARCHAR(128) | The role inherited through a trusted connection. |
| Original User ID | VARCHAR(1024) | The value of the CLIENT_ORIGUSERID global variable at the time the audit event occurred. |