AUDIT command with REDUCE subcommand
This section describes the AUDIT command with the REDUCE subcommand.
Usage
You use the REDUCE subcommand to reduce the volume of data that is input to subsequent subcommands.
Usage notes
- REDUCE can be used once in an AUDIT command.
Syntax of the REDUCE subcommand
The syntax diagram shows the options that are available with this subcommand. See Subcommand options for comprehensive descriptions of these options. The following list gives additional or specific descriptions of selected options, where appropriate.
Subcommand options
- FROM/TO
- Limits the range of records included in the reduction process by date
and time.
For details, see FROM/TO subcommand options.
- TYPE
- Specifies the type of audit data to be reduced. One or more categories
can be selected. Only the data selected on the REDUCE subcommand is available
to subsequent REPORT subcommands. You can enter one or more of the following:
- ALL
- All audit categories are reported (the default)
- AUTHCHG
- Changes to authorization identifiers
- AUTHCNTL
- GRANTs and REVOKEs of privileges
- AUTHFAIL
- Authorization failure
- BIND
- DML statements at bind of auditable DB2® tables
- DDL
- DDL operations against auditable DB2 tables
- DML
- Read/write access against auditable DB2 tables
- UTILITY
- Utility access against auditable DB2 tables
- INCLUDE/EXCLUDE
- Includes or excludes data associated with specific OMEGAMON® for DB2 PE identifiers.
For details, see INCLUDE and EXCLUDE subcommand options, which lists other identifiers allowed with this command and subcommand combination, and OMEGAMON for Db2 PE identifiers.
Example using REDUCE
This example requests
the following:
- Reduce only input data of type AUTHCHG (Authority Change).
- Include only data of subsystem DSN1.
- Write the report to the data set defined by the default ddname AUDRPTDD.
AUDIT
REDUCE
TYPE (AUTHCHG)
INCLUDE (SUBSYSTEM(DSN1))
REPORT