AUDIT command with TRACE subcommand

This section describes the AUDIT command with the TRACE subcommand.

Usage

Use the TRACE subcommand to produce traces with an entry for each Db2 Audit record.

Usage notes

  • Up to five traces can be requested in a job step.

Syntax of the TRACE subcommand

Read syntax diagramSkip visual syntax diagramTRACEFROM/TO blockTYPE(ALLAUTHCHGAUTHCNTLAUTHFAILBINDDDLDMLUTILITY)SCOPE(MEMBERGROUP)DDNAME(AUTRCDD*ddname)INCLUDE/EXCLUDE block

Subcommand options

The syntax diagram shows the options that are available with this subcommand. See Subcommand options for comprehensive descriptions of these options. The following list gives additional or specific descriptions of selected options, where appropriate.

FROM/TO
Limits the range of records included in the trace by date and time.

For details, see FROM/TO subcommand options.

TYPE
Identifies the type of data traced. You can enter one or more of the following:
ALL
All audit categories are reported (the default)
AUTHCHG
Changes to authorization identifiers
AUTHCNTL
GRANTs and REVOKEs of privileges
AUTHFAIL
Authorization failure
BIND
DML statements at bind of auditable Db2 tables
DDL
DDL operations against auditable Db2 tables
DML
Read/write access against auditable Db2 tables
UTILITY
Utility access against auditable Db2 tables
SCOPE
Specifies the scope of the trace.
MEMBER
GROUP
DDNAME
Specifies the data set where the trace is written.
INCLUDE/EXCLUDE
Includes or excludes data associated with specific OMEGAMON for Db2 PE identifiers.

For details, see INCLUDE and EXCLUDE subcommand options, which lists other identifiers allowed with this command and subcommand combination, and OMEGAMON for Db2 PE identifiers.

Example using TRACE with TYPE option

This command traces only authorization failures (in the order that they occur). The output goes to the default ddname AUTRCDD1.

 
AUDIT
   TRACE
   TYPE (AUTHFAIL)