D IBM DB2 Audit Events

This appendix contains:

About the IBM DB2 Audit Events
Account Management Events
Application Management Events
Audit Command Events
Data Access Events
Exception Events
Invalid Record Events
Object Management Events
Peer Association Events
Role and Privilege Management Events
Service and Application Utilization Events
System Management Events
Unknown or Uncategorized Events
User Session Events

D.1 About the IBM DB2 Audit Events

This appendix lists the audit event names and IDs, and the attribute names and data types for IBM DB2. The audit events are organized by their respective categories (for example, Account Management). You can use these audit events as follows:

For alerts. When you create an alert, you can specify an audit event, based on its category, that can trigger the alert. See "Creating a Basic Alert" for more information.
For custom reports using third-party tools. If you want to create custom reports using other Oracle Database reporting products or third-party tools, then refer to the tables in this appendix when you design the reports. See Chapter 4, "Oracle Audit Vault Data Warehouse Schema" for more information about custom reports created with third-party tools.

D.2 Account Management Events

Account management events track SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT command. The Account Management Report, described in Section 3.3.3.2, uses these events.

Table D-1 lists the IBM DB2 account management source database events and the equivalent Oracle Audit Vault events.

Table D-1 IBM DB2 Account Management Audit Events

Event Name Description	Source Event	Audit Vault Event
`ADD_USER`	`ADD_USER`	`CREATE USER`
`ALTER_USER_ADD_ROLE`	`ALTER_USER_ADD_ROLE`	`ALTER USER`
`ALTER_USER_AUTHENTICATION`	`ALTER_USER_AUTHENTICATION`	`ALTER USER`
`ALTER_USER_DROP_ROLE`	`ALTER_USER_DROP_ROLE`	`ALTER USER`
`DROP_USER`	`DROP_USER`	`DROP USER`
`SET_SESSION_USER`	`SET_SESSION_USER`	`ALTER USER`

Table D-2 lists the IBM DB2 account management event attributes.

Table D-2 IBM DB2 Account Management Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.3 Application Management Events

Application management events track actions that were performed on the underlying SQL commands of system services and applications, such as the CREATE RULE command. The Procedure Management Report, described in Section 3.3.3.5, uses these events.

Table D-3 lists the IBM DB2 application management source database events and the equivalent Oracle Audit Vault events.

Table D-3 IBM DB2 Application Management Audit Events

Event Name Description Source Event Audit Vault Event

Event Name Description	Source Event	Audit Vault Event
`ALTER_OBJECT`	`ALTER_OBJECT`	`ALTER CONTEXT` `ALTER FUNCTION` `ALTER JAVA` `ALTER PACKAGE` `ALTER PROCEDURE` `ALTER TRIGGER`
`CREATE_OBJECT`	`CREATE_OBJECT`	`CREATE CONTEXT` `CREATE FUNCTION` `CREATE JAVA` `CREATE PACKAGE` `CREATE PROCEDURE` `CREATE TRIGGER`
`DROP_OBJECT`	`DROP_OBJECT`	`DROP CONTEXT` `DROP FUNCTION` `DROP JAVA` `DROP PACKAGE` `DROP PROCEDURE` `DROP TRIGGER`

ALTER_OBJECT

ALTER CONTEXT

ALTER FUNCTION

ALTER JAVA

ALTER PACKAGE

ALTER PROCEDURE

ALTER TRIGGER

CREATE_OBJECT

CREATE CONTEXT

CREATE FUNCTION

CREATE JAVA

CREATE PACKAGE

CREATE PROCEDURE

CREATE TRIGGER

DROP_OBJECT

DROP CONTEXT

DROP FUNCTION

DROP JAVA

DROP PACKAGE

DROP PROCEDURE

DROP TRIGGER

Table D-4 lists the IBM DB2 application management event attributes.

Table D-4 IBM DB2 Application Management Event Attributes

Attribute Name	Data Type
`ASSOCIATED_OBJECT_NAME`	`VARCHAR2(4000)`
`ASSOCIATED_OBJECT_OWNER`	`VARCHAR2(4000)`
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`NEW_OJBECT_NAME`	`VARCHAR2(4000)`
`NEW_OBJECT_OWNER`	`VARCHAR2(4000)`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.4 Audit Command Events

Audit command events track the use of auditing SQL commands on other SQL commands and on database objects. The Audit Command Report, described in Section 3.3.3.3, uses these events.

Table D-5 lists the IBM DB2 audit command source database events and the equivalent Oracle Audit Vault events.

Table D-5 IBM DB2 Audit Command Audit Events

Event Name Description	Source Event	Audit Vault Event
`AUDIT_REMOVE`	`AUDIT_REMOVE`	`NOAUDIT OBJECT`
`AUDIT_REPLACE`	`AUDIT_REPLACE`	`AUDIT`
`AUDIT_USING`	`AUDIT_USING`	`AUDIT`
`START`	`START`	`AUDIT`
`STOP`	`STOP`	`AUDIT`

Table D-6 lists the IBM DB2 audit command event attributes.

Table D-6 IBM DB2 Audit Command Event Attributes

Attribute Name	Data Type
`AUDIT_OPTION`	`VARCHAR2(4000)`
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.5 Data Access Events

Data access events track audited SQL commands, such as all SELECT TABLE, INSERT TABLE, or UPDATE TABLE commands. The Data Access Report, described in Section 3.3.2.3, uses these events.

Table D-7 lists the IBM DB2 data access source database events and the equivalent Oracle Audit Vault events.

Table D-7 IBM DB2 Data Access Audit Events

Event Name Description Source Event Audit Vault Event

Event Name Description	Source Event	Audit Vault Event
`EXECUTE`	`EXECUTE`	`INSERT` `UPDATE`
`STATEMENT`	`STATEMENT`	`SELECT`

EXECUTE

INSERT

UPDATE

STATEMENT

SELECT

Table D-8 lists the IBM DB2 data access event attributes.

Table D-8 IBM DB2 Data Access Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.6 Exception Events

Exception events track audited error and exception activity, such as network errors. The Exception Activity Report, described in Section 3.3.4.2, uses these events. These events do not have any event names; they only contain event attributes.

Table D-9 lists the IBM DB2 exception event attributes.

Table D-9 IBM DB2 Exception Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.7 Invalid Record Events

Invalid record events track audited activity that Oracle Audit Vault cannot recognize, possibly due to a corrupted audit record. The Invalid Audit Record Report, described in Section 3.3.4.3, uses these events.

Table D-10 lists IBM DB2 invalid record event attributes.

Table D-10 IBM DB2 Invalid Record Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`ERROR_ID`	`NUMBER`
`ERROR_MESSAGE`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`MODULE_NAME`	`VARCHAR2(4000)`
`ORIGIN_NODE_NUM`	`NUMBER`
`ORIGINAL_CONTEXT1`	`VARCHAR2(4000)`
`ORIGINAL_CONTEXT2`	`VARCHAR2(4000)`
`ORIGINAL_CONTEXT3`	`VARCHAR2(4000)`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SEVERITY`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.8 Object Management Events

Object management events track audited actions performed on database objects, such as CREATE TABLE commands. The Object Management Report, described in Section 3.3.3.4, uses these events.

Table D-11 lists the IBM DB2 object management source database events and the equivalent Oracle Audit Vault events.

Table D-11 IBM DB2 Object Management Audit Events

Event Name Description	Source Event	Audit Vault Event
`ALTER_OJBECT`	`ALTER_OBJECT`	`ALTER INDEX` `ALTER OBJECT` `ALTER SCHEMA` `ALTER SEQUENCE` `ALTER TABLE` `ALTER VIEW`
`CREATE_OBJECT`	`CREATE_OBJECT`	`CREATE INDEX` `CREATE OBJECT` `CREATE SCHEMA` `CREATE SEQUENCE` `CREATE TABLE` `CREATE VIEW`
`DROP_OBJECT`	`DROP_OBJECT`	`DROP INDEX` `DROP OBJECT` `DROP SCHEMA` `DROP SEQUENCE` `DROP TABLE` `DROP VIEW`
`RENAME_OBJECT`	`RENAME_OBJECT`	`RENAME`

Table D-12 lists the IBM DB2 object management event attributes.

Table D-12 IBM DB2 Object Management Event Attributes

Attribute Name	Data Type
`ASSOCIATED_OBJECT_NAME`	`VARCHAR2(4000)`
`ASSOCIATED_OBJECT_OWNER`	`VARCHAR2(4000)`
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`NEW_OBJECT_NAME`	`VARCHAR2(4000)`
`NEW_OBJECT_OWNER`	`VARCHAR2(4000)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.9 Peer Association Events

Peer association events track database link commands. The Distributed Database Report, described in Section 3.3.2.5, uses these events. These events do not have any event names; they only contain event attributes.

Table D-13 lists the IBM DB2 peer association event attributes.

Table D-13 IBM DB2 Peer Association Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.10 Role and Privilege Management Events

Role and privilege management events track audited role and privilege management activity, such as granting a user permissions to alter an object. The Role and Privilege Management Report, described in Section 3.3.3.6, uses these events.

Table D-14 lists the IBM DB2 role and privilege management source database events and the equivalent Oracle Audit Vault events.

Table D-14 IBM DB2 Role and Privilege Management Audit Events

Event Name Description	Source Event	Audit Vault Event
`ALTER_OBJECT`	`ALTER_OBJECT`	`ALTER ROLE`
`CHECKING_FUNCTION`	`CHECKING_FUNCTION`	`CHECK PRIVILEGE`
`CHECKING_OBJECT`	`CHECKING_OBJECT`	`CHECK PRIVILEGE`
`CREATE_OBJECT`	`CREATE_OBJECT`	`CREATE ROLE`
`DROP_OBJECT`	`DROP_OBJECT`	`DROP ROLE`
`GRANT`	`GRANT`	`GRANT OBJECT` `GRANT ROLE`
`GRANT_DB_AUTHORITIES`	`GRANT_DB_AUTHORITIES`	`SYSTEM GRANT`
`GRANT_DBADM`	`GRANT_DBADM`	`GRANT OBJECT`
`IMPLICIT_GRANT`	`IMPLICIT_GRANT`	`GRANT OBJECT`
`IMPLICIT_REVOKE`	`IMPLICIT_REVOKE`	`REVOKE OBJECT`
`REVOKE`	`REVOKE`	`REVOKE OBJECT` `REVOKE ROLE`
`REVOKE_DB_AUTHORITIES`	`REVOKE_DB_AUTHORITIES`	`SYSTEM REVOKE`
`REVOKE_DBADM`	`REVOKE_DBADM`	`REVOKE OBJECT`
`TRANSFER_OWNERSHIP`	`TRANSFER_OWNERSHIP`	`GRANT ROLE`

Table D-15 lists the IBM DB2 role and privilege management event attributes.

Table D-15 IBM DB2 Role and Privilege Management Event Attributes

Attribute Name	Data Type
`ADMIN_OPTION`	`NUMBER`
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`GRANTEE`	`VARCHAR2(4000)`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`OBJECT_PRIVILEGE`	`VARCHAR2(4000)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`ROLE_NAME`	`VARCHAR2(4000)`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`SYSTEM_PRIVILEGE`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.11 Service and Application Utilization Events

Service and application utilization events track audited application access activity, such as the execution of SQL commands. The Procedure Executions Report, described in Section 3.3.2.6, uses these events.

Table D-16 lists the IBM DB2 service and application utilization source database events and the equivalent Oracle Audit Vault events.

Table D-16 IBM DB2 Service and Application Utilization Audit Events

Event Name Description	Source Event	Audit Vault Event
`EXECUTE`	`EXECUTE`	`PL/SQL EXECUTE`
`EXECUTE_IMMEDIATE`	`EXECUTE_IMMEDIATE`	`PL/SQL EXECUTE`

Table D-17 lists the IBM DB2 service and application utilization event attributes.

Table D-17 IBM DB2 Service and Application Utilization Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.12 System Management Events

System management events track audited system management activity, such as the CREATE DATABASE and DISK INIT commands. The System Management Report, described in Section 3.3.3.7, uses these events.

Table D-18 lists the IBM DB2 system management source database events and the equivalent Oracle Audit Vault events.

Table D-18 IBM DB2 System Management Audit Events

Event Name Description	Source Event	Audit Vault Event
`ACTIVATE_DB`	`ACTIVATE_DB`	`ALTER DATABASE`
`ADD_NODE`	`ADD_NODE`	`CREATE NODE`
`ALTER_BUFFERPOOL`	`ALTER_BUFFERPOOL`	`ALTER_BUFFERPOOL`
`ALTER_DATABASE`	`ALTER_DATABASE`	`ALTER DATABASE`
`ALTER_NODEGROUP`	`ALTER_NODEGROUP`	`ALTER_NODEGROUP`
`ALTER_OBJECT`	`ALTER_OBJECT`	`ALTER TABLESPACE`
`ALTER_TABLESPACE`	`ALTER_TABLESPACE`	`ALTER TABLESPACE`
`BACKUP_DB`	`BACKUP_DB`	`BACKUP`
`BIND`	`BIND`	`ALTER DATABASE`
`CLOSE_HISTORY_FILE`	`CLOSE_HISTORY_FILE`	`ALTER SYSTEM`
`CONFIGURE`	`CONFIGURE`	`ALTER SYSTEM`
`CREATE_BUFFERPOOL`	`CREATE_BUFFERPOOL`	`CREATE_BUFFERPOOL`
`CREATE_DATABASE`	`CREATE_DATABASE`	`CREATE DATABASE`
`CREATE_DB_AT_NODE`	`CREATE_DB_AT_NODE`	`CREATE DATABASE`
`CREATE_EVENT_MONITOR`	`CREATE_EVENT_MONITOR`	`CREATE_EVENT_MONITOR`
`CREATE_INSTANCE`	`CREATE_INSTANCE`	`CREATE_INSTANCE`
`CREATE_NODEGROUP`	`CREATE_NODEGROUP`	`CREATE_NODEGROUP`
`CREATE_OBJECT`	`CREATE_OBJECT`	`CREATE TABLESPACE`
`CREATE_TABLESPACE`	`CREATE_TABLESPACE`	`CREATE TABLESPACE`
`DB2AUDIT`	`DB2AUDIT`	`ALTER SYSTEM`
`DB2REMOT`	`DB2REMOT`	`DB2REMOT`
`DB2SET`	`DB2SET`	`ALTER SYSTEM`
`DEACTIVATE_DB`	`DEACTIVATE_DB`	`ALTER DATABASE`
`DELETE_INSTANCE`	`DELETE_INSTANCE`	`DELETE_INSTANCE`
`DROP_BUFFERPOOL`	`DROP_BUFFERPOOL`	`DROP_BUFFERPOOL`
`DROP_DATABASE`	`DROP_DATABASE`	`DROP DATABASE`
`DROP_EVENT_MONITOR`	`DROP_EVENT_MONITOR`	`DROP_EVENT_MONITOR`
`DROP_NODEGROUP`	`DROP_NODEGROUP`	`DROP_NODEGROUP`
`DROP_OBJECT`	`DROP_OBJECT`	`DROP TABLESPACE`
`DROP_TABLESPACE`	`DROP_TABLESPACE`	`DROP TABLESPACE`
`FETCH_HISTORY_FILE`	`FETCH_HISTORY_FILE`	`ALTER SYSTEM`
`FORCE_APPLICATION`	`FORCE_APPLICATION`	`FORCE_APPLICATION`
`KILLDBM`	`KILLDBM`	`ALTER SYSTEM`
`MIGRATE_DB`	`MIGRATE_DB`	`ALTER SYSTEM`
`MIGRATE_DB_DIR`	`MIGRATE_DB_DIR`	`ALTER SYSTEM`
`MIGRATE_SYSTEM_DIRECTORY`	`MIGRATE_SYSTEM_DIRECTORY`	`ALTER SYSTEM`
`OPEN_HISTORY_FILE`	`OPEN_HISTORY_FILE`	`ALTER SYSTEM`
`QUIESCE_TABLESPACE`	`QUIESCE_TABLESPACE`	`ALTER TABLESPACE`
`REBIND`	`REBIND`	`ALTER DATABASE`
`RENAME_TABLESPACE`	`RENAME_TABLESPACE`	`ALTER TABLESPACE`
`RESET_ADMIN_CFG`	`RESET_ADMIN_CFG`	`ALTER SYSTEM`
`RESET_DB_CFG`	`RESET_DB_CFG`	`ALTER DATABASE`
`RESET_DBM_CFG`	`RESET_DBM_CFG`	`ALTER SYSTEM`
`RESTORE_DB`	`RESTORE_DB`	`RESTORE`
`ROLLFORWARD_DB`	`ROLLFORWARD_DB`	`ROLLFORWARD`
`SET_APPL_PRIORITY`	`SET_APPL_PRIORITY`	`ALTER SYSTEM`
`SET_TABLESPACE_CONTAINERS`	`SET_TABLESPACE_CONTAINERS`	`ALTER TABLESPACE`
`START_DB2`	`START_DB2`	`STARTUP`
`STOP_DB2`	`STOP_DB2`	`SHUTDOWN`
`UNQUIESCE_TABLESPACE`	`UNQUIESCE_TABLESPACE`	`ALTER TABLESPACE`
`UPDATE_ADMIN_CFG`	`UPDATE_ADMIN_CFG`	`ALTER SYSTEM`
`UPDATE_AUDIT`	`UPDATE_AUDIT`	`ALTER SYSTEM`
`UPDATE_DB_CFG`	`UPDATE_DB_CFG`	`ALTER DATABASE`
`UPDATE_DBM_CFG`	`UPDATE_DBM_CFG`	`ALTER SYSTEM`

Table D-19 lists the IBM DB2 system management event attributes.

Table D-19 IBM DB2 System Management Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.13 Unknown or Uncategorized Events

Unknown or uncategorized events track audited activity that cannot be categorized. The Uncategorized Activity Report, described in Section 3.3.4.4, uses these events.

Table D-20 lists the IBM DB2 unknown or uncategorized source database event and equivalent Oracle Audit Vault event.

Table D-20 IBM DB2 Unknown or Uncategorized Audit Events

Event Name Description	Source Event	Audit Vault Event
`ALTER_OBJECT`	`ALTER_OBJECT`	`ALTER SUMMARY`
`CREATE_OBJECT`	`CREATE_OBJECT`	`CREATE SUMMARY`
`DROP_OBJECT`	`DROP_OBJECT`	`DROP SUMMARY`

Table D-21 lists the IBM DB2 unknown or uncategorized event attributes.

Table D-21 IBM DB2 Unknown or Uncategorized Event Attributes

Attribute Name	Data Type
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`

D.14 User Session Events

User session events track audited authentication events for users who log in to the database. The User Sessions Report, described in Section 3.3.2.7, uses these events.

Table D-22 lists the IBM DB2 user session source database events and the equivalent Oracle Audit Vault events.

Table D-22 IBM DB2 User Session Audit Events

Event Name Description	Source Event	Audit Vault Event
`ATTACH`	`ATTACH`	`CREATE SESSION`
`AUTHENTICATE`	`AUTHENTICATE`	`AUTHENTICATE`
`COMMIT`	`COMMIT`	`COMMIT`
`CONNECT`	`CONNECT`	`LOGON`
`CONNECT RESET`	`CONNECT RESET`	`LOGOFF`
`DETACH`	`DETACH`	`ALTER SESSION`
`ROLLBACK`	`ROLLBACK`	`ROLLBACK`
`VALIDATE_USER`	`VALIDATE_USER`	`AUTHENTICATE`

Table D-23 lists the IBM DB2 user session event attributes.

Table D-23 IBM DB2 User Session Event Attributes

Attribute Name	Data Type
`AUTHENTICATION_METHOD`	`VARCHAR2(255)`
`CONTEXTID`	`VARCHAR2(4000)`
`COORDINATOR_NODE_NUM`	`NUMBER`
`ENDUSER`	`VARCHAR2(4000)`
`EVENT_STATUS`	`VARCHAR2(30)`
`EVENT_TIME`	`TIMESTAMP WITH LOCAL TIME ZONE`
`HOST_IP`	`VARCHAR2(255)`
`HOST_NAME`	`VARCHAR2(255)`
`HOST_TERMINAL`	`VARCHAR2(255)`
`ORIGIN_NODE_NUM`	`NUMBER`
`OSUSER_NAME`	`VARCHAR2(4000)`
`PACKAGE_INFO_STR`	`VARCHAR2`
`PARENT_CONTEXTID`	`VARCHAR2(4000)`
`PRIVILEGES_USED`	`VARCHAR2(4000)`
`PROCESS#`	`NUMBER`
`SOURCE_EVENTID`	`VARCHAR2(255)`
`SUB_CONTEXTID`	`VARCHAR2(4000)`
`TARGET_OBJECT`	`VARCHAR2(4000)`
`TARGET_OWNER`	`VARCHAR2(4000)`
`THREAD#`	`NUMBER`
`TOOLS_USED`	`VARCHAR2(4000)`
`TRUSTED_CONTEXT_STR`	`VARCHAR2`
`USERNAME`	`VARCHAR2(4000)`