Audit facility record layouts
When an audit record is extracted from the audit log, each record is presented in a unique format based on the associated audit event.
Audit
records are returned for the following audit events:
- CHECKING events
- The returned records for these events include access attempts, authorization checks, and object details.
- OBJMAINT events
- The returned records for these events include record object maintenance actions.
- SECMAINT events
- The returned records for these events include actions that grant or revoke privileges and authorities.
Note:
- Depending on the audit event, not all fields in the audit records will have values. When there is no values in the field, the field will not be shown in the audit output.
- Some fields such as
Access Attempted
are stored in the delimited ASCII format as bit maps. In this flat report file, however, these fields appear as a set of strings representing the bit map values.