Audit record layout for CHECKING events
The format of the audit record for CHECKING events is shown in the following table.
Sample audit record:
timestamp=1998-06-24-08.42.11.622984;
category=CHECKING;
audit event=CHECKING_OBJECT;
event correlator=2;
event status=0;
database=FOO;
userid=boss;
authid=BOSS;
application id=*LOCAL.newton.980624124210;
application name=testapp;
package schema=NULLID;
package name=SYSSH200;
package section=0;
object schema=GSTAGER;
object name=NONE;
object type=REOPT_VALUES;
access approval reason=DBADM;
access attempted=STORE;
NAME | FORMAT | DESCRIPTION |
---|---|---|
Timestamp | CHAR(26) | Date and time of the audit event. |
Category | CHAR(8) | Category of audit event. Possible values are:
CHECKING
|
Audit Event | VARCHAR(32) | Specific Audit Event. For a list of possible values, refer to the section for the CHECKING category in Audit events. |
Event Correlator | INTEGER | Correlation identifier for the operation being audited. Can be used to identify what audit records are associated with a single event. |
Event Status | INTEGER | Status of audit event, represented by an SQLCODE
where Successful event > = 0
Failed event < 0 |
Database Name | CHAR(8) | Name of the database for which the event was generated. Blank if this was an instance level audit event. |
User ID | VARCHAR(1024) | User ID at time of audit event. |
Authorization ID | VARCHAR(128) | Authorization ID at time of audit event. |
Origin Node Number | SMALLINT | Member number at which the audit event occurred. |
Coordinator Node Number | SMALLINT | Member number of the coordinator Member. |
Application ID | VARCHAR(255) | Application ID in use at the time the audit event occurred. |
Application Name | VARCHAR(1024) | Application name in use at the time the audit event occurred. |
Package Schema | VARCHAR(128) | Schema of the package in use at the time of the audit event. |
Package Name | VARCHAR(128) | Name of package in use at the time the audit event occurred. |
Package Section Number | SMALLINT | Section number in package being used at the time the audit event occurred. |
Object Schema | VARCHAR(128) | Schema of the object for which the audit event was generated. |
Object Name | VARCHAR(128) | Name of object for which the audit event was generated. |
Object Type | VARCHAR(32) | Type of object for which the audit event was
generated. Possible values include: those shown in the topic titled Audit record object types. |
Access Approval Reason | CHAR(34) | Indicates the reason why access was approved for
this audit event. Possible values include: those shown in the topic titled List of possible CHECKING access approval reasons. |
Access Attempted | CHAR(34) | Indicates the type of access that was attempted.
Possible values include: those shown in the topic titled List of possible CHECKING access attempted types. |
Package Version | VARCHAR (64) | Version of the package in use at the time that the audit event occurred. |
Checked Authorization ID | VARCHAR(128) |
Authorization ID is checked when it is different than the authorization ID at the time of the
audit event. For example, this can be the target owner in a TRANSFER OWNERSHIP
statement. When the audit event is SWITCH_USER, this field represents the authorization ID that is switched to. |
Local Transaction ID | VARCHAR(10) FOR BIT DATA | The local transaction ID in use at the time the audit event occurred. This is the SQLU_TID structure that is part of the transaction logs. |
Global Transaction ID | VARCHAR(30) FOR BIT DATA | The global transaction ID in use at the time the audit event occurred. This is the data field in the SQLP_GXID structure that is part of the transaction logs. |
Client User ID | VARCHAR(255) | The value of the CURRENT CLIENT USERID special register at the time the audit event occurred. |
Client Workstation Name | VARCHAR(255) | The value of the CURRENT CLIENT_WRKSTNNAME special register at the time the audit event occurred. |
Client Application Name | VARCHAR(255) | The value of the CURRENT CLIENT_APPLNAME special register at the time the audit event occurred. |
Client Accounting String | VARCHAR(255) | The value of the CURRENT CLIENT_ACCTNG special register at the time the audit event occurred. |
Trusted Context Name | VARCHAR(255) | The name of the trusted context associated with the trusted connection. |
Connection Trust Type | CHAR(1) |
Possible values are:
'' - NONE '1' - IMPLICIT_TRUSTED_CONNECTION '2' - EXPLICIT_TRUSTED_CONNECTION |
Role Inherited | VARCHAR(128) | The role inherited through a trusted connection. |
Original User ID | VARCHAR(1024) | The value of the CLIENT_ORIGUSERID global variable at the time the audit event occurred. |