DB2 10.5 for Linux, UNIX, and Windows
DB2 10.5 for Linux, UNIX, and Windows
The following table shows the audit record layout for CONTEXT events.
timestamp=1998-06-24-08.42.41.476840;
category=CONTEXT;
audit event=EXECUTE_IMMEDIATE;
event correlator=3;
database=FOO;
userid=boss;
authid=BOSS;
application id=*LOCAL.newton.980624124210;
application name=testapp;
package schema=NULLID;
package name=SQLC28A1;
package section=203;
text=create table audit(c1 char(10), c2 integer);| NAME | FORMAT | DESCRIPTION |
|---|---|---|
| Timestamp | CHAR(26) | Date and time of the audit event. |
| Category | CHAR(8) | Category of audit event. Possible
values are: CONTEXT |
| Audit Event | VARCHAR(32) | Specific Audit Event. For a list of possible values, refer to the section for the CONTEXT category in Audit events. |
| Event Correlator | INTEGER | Correlation identifier for the operation being audited. Can be used to identify what audit records are associated with a single event. |
| Database Name | CHAR(8) | Name of the database for which the event was generated. Blank if this was an instance level audit event. |
| User ID | VARCHAR(1024) | User ID at time of audit event. When the audit event is SWITCH_USER, this field |
| Authorization ID | VARCHAR(128) | Authorization ID at time of audit
event. When the audit event is SWITCH_USER, this field |
| Origin Node Number | SMALLINT | Member number at which the audit event occurred. |
| Coordinator Node Number | SMALLINT | Member number of the coordinator member. |
| Application ID | VARCHAR(255) | Application ID in use at the time the audit event occurred. |
| Application Name | VARCHAR(1024) | Application name in use at the time the audit event occurred. |
| Package Schema | VARCHAR(128) | Schema of the package in use at the time of the audit event. |
| Package Name | VARCHAR(128) | Name of package in use at the time the audit event occurred. |
| Package Section Number | SMALLINT | Section number in package being used at the time the audit event occurred. |
| Statement Text | CLOB(8M) | Text of the SQL or XQuery statement, if applicable. Null if no SQL or XQuery statement text is available. |
| Package Version | VARCHAR(64) | Version of the package in use at the time the audit event occurred. |
| Local Transaction ID | VARCHAR(10) FOR BIT DATA | The local transaction ID in use at the time the audit event occurred. This is the SQLU_TID structure that is part of the transaction logs. |
| Global Transaction ID | VARCHAR(30) FOR BIT DATA | The global transaction ID in use at the time the audit event occurred. This is the data field in the SQLP_GXID structure that is part of the transaction logs. |
| Client User ID | VARCHAR(255) | The value of the CURRENT CLIENT USERID special register at the time the audit event occurred. |
| Client Workstation Name | VARCHAR(255) | The value of the CURRENT CLIENT_WRKSTNNAME special register at the time the audit event occurred. |
| Client Application Name | VARCHAR(255) | The value of the CURRENT CLIENT_APPLNAME special register at the time the audit event occurred. |
| Client Accounting String | VARCHAR(255) | The value of the CURRENT CLIENT_ACCTNG special register at the time the audit event occurred. |
| Trusted Context Name | VARCHAR(255) | The name of the trusted context associated with the |
| Connection Trust Type | CHAR(1) | Possible values are: |
| Role Inherited | VARCHAR(128) | The role inherited through a trusted connection. |
| Original User ID | VARCHAR(1024) | The value of the CLIENT_ORIGUSERID global variable at the time the audit event occurred. |