Collected event types
All event types are collected with the SQL Collection mechanism, which is not dependent on other SQL Trace information such as the Db2® Trace (IFI) or SMF data. Filtering criteria is defined and managed through the IBM® Security Guardium® interface. This table lists the types of events that can be collected.
| Collected event types |
|---|
| All reads (SQL SELECT) |
| All changes (SQL UPDATE, INSERT, DELETE, TRUNCATE, MERGE) |
| SQL LOCK |
| Authorization |
| Audit data for Db2 utilities |
| Grant/Revoke |
| Access attempts |
| Binds/Rebinds |
| Commit/Rollbacks |
| Db2 commands |
| Db2 utilities |
| Failed logins |
| Create, Alter, Drop, Rename Table |
| Create, Alter, Drop, Rename Tablespace |
| Create, Alter, Drop all other object types |
| Static SQL host variables |
| Static SQL text |
| Dynamic SQL host variables |
| Dynamic SQL text |
| Negative SQL events |
| SQL events involving Accelerated/IDAA tables |
Information collected for CICS events
For events that are collected with Net Prtcl of a type that originates from CICS, the Internet Protocol (IP) address is reported as Terminal ID and the CICS End User is reported as the DB2 User Name in the IBM Security Guardium interface.