Skip Headers
Oracle® Audit Vault Auditor's Guide
Release 10.3

Part Number E16813-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

D IBM DB2 Audit Events

This appendix contains:

D.1 About the IBM DB2 Audit Events

This appendix lists the audit event names and IDs, and the attribute names and data types for IBM DB2. The audit events are organized by their respective categories (for example, Account Management). You can use these audit events as follows:

D.2 Account Management Events

Account management events track SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT command. The Account Management Report, described in Section 3.3.3.2, uses these events.

Table D-1 lists the IBM DB2 account management source database events and the equivalent Oracle Audit Vault events.

Table D-1 IBM DB2 Account Management Audit Events

Event Name Description Source Event Audit Vault Event

ADD_USER

ADD_USER

CREATE USER

ALTER_USER_ADD_ROLE

ALTER_USER_ADD_ROLE

ALTER USER

ALTER_USER_AUTHENTICATION

ALTER_USER_AUTHENTICATION

ALTER USER

ALTER_USER_DROP_ROLE

ALTER_USER_DROP_ROLE

ALTER USER

DROP_USER

DROP_USER

DROP USER

SET_SESSION_USER

SET_SESSION_USER

ALTER USER


Table D-2 lists the IBM DB2 account management event attributes.

Table D-2 IBM DB2 Account Management Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.3 Application Management Events

Application management events track actions that were performed on the underlying SQL commands of system services and applications, such as the CREATE RULE command. The Procedure Management Report, described in Section 3.3.3.5, uses these events.

Table D-3 lists the IBM DB2 application management source database events and the equivalent Oracle Audit Vault events.

Table D-3 IBM DB2 Application Management Audit Events

Event Name Description Source Event Audit Vault Event

ALTER_OBJECT

ALTER_OBJECT

ALTER CONTEXT

ALTER FUNCTION

ALTER JAVA

ALTER PACKAGE

ALTER PROCEDURE

ALTER TRIGGER

CREATE_OBJECT

CREATE_OBJECT

CREATE CONTEXT

CREATE FUNCTION

CREATE JAVA

CREATE PACKAGE

CREATE PROCEDURE

CREATE TRIGGER

DROP_OBJECT

DROP_OBJECT

DROP CONTEXT

DROP FUNCTION

DROP JAVA

DROP PACKAGE

DROP PROCEDURE

DROP TRIGGER


Table D-4 lists the IBM DB2 application management event attributes.

Table D-4 IBM DB2 Application Management Event Attributes

Attribute Name Data Type

ASSOCIATED_OBJECT_NAME

VARCHAR2(4000)

ASSOCIATED_OBJECT_OWNER

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

NEW_OJBECT_NAME

VARCHAR2(4000)

NEW_OBJECT_OWNER

VARCHAR2(4000)

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.4 Audit Command Events

Audit command events track the use of auditing SQL commands on other SQL commands and on database objects. The Audit Command Report, described in Section 3.3.3.3, uses these events.

Table D-5 lists the IBM DB2 audit command source database events and the equivalent Oracle Audit Vault events.

Table D-5 IBM DB2 Audit Command Audit Events

Event Name Description Source Event Audit Vault Event

AUDIT_REMOVE

AUDIT_REMOVE

NOAUDIT OBJECT

AUDIT_REPLACE

AUDIT_REPLACE

AUDIT

AUDIT_USING

AUDIT_USING

AUDIT

START

START

AUDIT

STOP

STOP

AUDIT


Table D-6 lists the IBM DB2 audit command event attributes.

Table D-6 IBM DB2 Audit Command Event Attributes

Attribute Name Data Type

AUDIT_OPTION

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.5 Data Access Events

Data access events track audited SQL commands, such as all SELECT TABLE, INSERT TABLE, or UPDATE TABLE commands. The Data Access Report, described in Section 3.3.2.3, uses these events.

Table D-7 lists the IBM DB2 data access source database events and the equivalent Oracle Audit Vault events.

Table D-7 IBM DB2 Data Access Audit Events

Event Name Description Source Event Audit Vault Event

EXECUTE

EXECUTE

INSERT

UPDATE

STATEMENT

STATEMENT

SELECT


Table D-8 lists the IBM DB2 data access event attributes.

Table D-8 IBM DB2 Data Access Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.6 Exception Events

Exception events track audited error and exception activity, such as network errors. The Exception Activity Report, described in Section 3.3.4.2, uses these events. These events do not have any event names; they only contain event attributes.

Table D-9 lists the IBM DB2 exception event attributes.

Table D-9 IBM DB2 Exception Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.7 Invalid Record Events

Invalid record events track audited activity that Oracle Audit Vault cannot recognize, possibly due to a corrupted audit record. The Invalid Audit Record Report, described in Section 3.3.4.3, uses these events.

Table D-10 lists IBM DB2 invalid record event attributes.

Table D-10 IBM DB2 Invalid Record Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

ERROR_ID

NUMBER

ERROR_MESSAGE

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

MODULE_NAME

VARCHAR2(4000)

ORIGIN_NODE_NUM

NUMBER

ORIGINAL_CONTEXT1

VARCHAR2(4000)

ORIGINAL_CONTEXT2

VARCHAR2(4000)

ORIGINAL_CONTEXT3

VARCHAR2(4000)

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SEVERITY

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.8 Object Management Events

Object management events track audited actions performed on database objects, such as CREATE TABLE commands. The Object Management Report, described in Section 3.3.3.4, uses these events.

Table D-11 lists the IBM DB2 object management source database events and the equivalent Oracle Audit Vault events.

Table D-11 IBM DB2 Object Management Audit Events

Event Name Description Source Event Audit Vault Event

ALTER_OJBECT

ALTER_OBJECT

ALTER INDEX

ALTER OBJECT

ALTER SCHEMA

ALTER SEQUENCE

ALTER TABLE

ALTER VIEW

CREATE_OBJECT

CREATE_OBJECT

CREATE INDEX

CREATE OBJECT

CREATE SCHEMA

CREATE SEQUENCE

CREATE TABLE

CREATE VIEW

DROP_OBJECT

DROP_OBJECT

DROP INDEX

DROP OBJECT

DROP SCHEMA

DROP SEQUENCE

DROP TABLE

DROP VIEW

RENAME_OBJECT

RENAME_OBJECT

RENAME


Table D-12 lists the IBM DB2 object management event attributes.

Table D-12 IBM DB2 Object Management Event Attributes

Attribute Name Data Type

ASSOCIATED_OBJECT_NAME

VARCHAR2(4000)

ASSOCIATED_OBJECT_OWNER

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

NEW_OBJECT_NAME

VARCHAR2(4000)

NEW_OBJECT_OWNER

VARCHAR2(4000)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.9 Peer Association Events

Peer association events track database link commands. The Distributed Database Report, described in Section 3.3.2.5, uses these events. These events do not have any event names; they only contain event attributes.

Table D-13 lists the IBM DB2 peer association event attributes.

Table D-13 IBM DB2 Peer Association Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.10 Role and Privilege Management Events

Role and privilege management events track audited role and privilege management activity, such as granting a user permissions to alter an object. The Role and Privilege Management Report, described in Section 3.3.3.6, uses these events.

Table D-14 lists the IBM DB2 role and privilege management source database events and the equivalent Oracle Audit Vault events.

Table D-14 IBM DB2 Role and Privilege Management Audit Events

Event Name Description Source Event Audit Vault Event

ALTER_OBJECT

ALTER_OBJECT

ALTER ROLE

CHECKING_FUNCTION

CHECKING_FUNCTION

CHECK PRIVILEGE

CHECKING_OBJECT

CHECKING_OBJECT

CHECK PRIVILEGE

CREATE_OBJECT

CREATE_OBJECT

CREATE ROLE

DROP_OBJECT

DROP_OBJECT

DROP ROLE

GRANT

GRANT

GRANT OBJECT

GRANT ROLE

GRANT_DB_AUTHORITIES

GRANT_DB_AUTHORITIES

SYSTEM GRANT

GRANT_DBADM

GRANT_DBADM

GRANT OBJECT

IMPLICIT_GRANT

IMPLICIT_GRANT

GRANT OBJECT

IMPLICIT_REVOKE

IMPLICIT_REVOKE

REVOKE OBJECT

REVOKE

REVOKE

REVOKE OBJECT

REVOKE ROLE

REVOKE_DB_AUTHORITIES

REVOKE_DB_AUTHORITIES

SYSTEM REVOKE

REVOKE_DBADM

REVOKE_DBADM

REVOKE OBJECT

TRANSFER_OWNERSHIP

TRANSFER_OWNERSHIP

GRANT ROLE


Table D-15 lists the IBM DB2 role and privilege management event attributes.

Table D-15 IBM DB2 Role and Privilege Management Event Attributes

Attribute Name Data Type

ADMIN_OPTION

NUMBER

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

GRANTEE

VARCHAR2(4000)

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

OBJECT_PRIVILEGE

VARCHAR2(4000)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

ROLE_NAME

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

SYSTEM_PRIVILEGE

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.11 Service and Application Utilization Events

Service and application utilization events track audited application access activity, such as the execution of SQL commands. The Procedure Executions Report, described in Section 3.3.2.6, uses these events.

Table D-16 lists the IBM DB2 service and application utilization source database events and the equivalent Oracle Audit Vault events.

Table D-16 IBM DB2 Service and Application Utilization Audit Events

Event Name Description Source Event Audit Vault Event

EXECUTE

EXECUTE

PL/SQL EXECUTE

EXECUTE_IMMEDIATE

EXECUTE_IMMEDIATE

PL/SQL EXECUTE


Table D-17 lists the IBM DB2 service and application utilization event attributes.

Table D-17 IBM DB2 Service and Application Utilization Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.12 System Management Events

System management events track audited system management activity, such as the CREATE DATABASE and DISK INIT commands. The System Management Report, described in Section 3.3.3.7, uses these events.

Table D-18 lists the IBM DB2 system management source database events and the equivalent Oracle Audit Vault events.

Table D-18 IBM DB2 System Management Audit Events

Event Name Description Source Event Audit Vault Event

ACTIVATE_DB

ACTIVATE_DB

ALTER DATABASE

ADD_NODE

ADD_NODE

CREATE NODE

ALTER_BUFFERPOOL

ALTER_BUFFERPOOL

ALTER_BUFFERPOOL

ALTER_DATABASE

ALTER_DATABASE

ALTER DATABASE

ALTER_NODEGROUP

ALTER_NODEGROUP

ALTER_NODEGROUP

ALTER_OBJECT

ALTER_OBJECT

ALTER TABLESPACE

ALTER_TABLESPACE

ALTER_TABLESPACE

ALTER TABLESPACE

BACKUP_DB

BACKUP_DB

BACKUP

BIND

BIND

ALTER DATABASE

CLOSE_HISTORY_FILE

CLOSE_HISTORY_FILE

ALTER SYSTEM

CONFIGURE

CONFIGURE

ALTER SYSTEM

CREATE_BUFFERPOOL

CREATE_BUFFERPOOL

CREATE_BUFFERPOOL

CREATE_DATABASE

CREATE_DATABASE

CREATE DATABASE

CREATE_DB_AT_NODE

CREATE_DB_AT_NODE

CREATE DATABASE

CREATE_EVENT_MONITOR

CREATE_EVENT_MONITOR

CREATE_EVENT_MONITOR

CREATE_INSTANCE

CREATE_INSTANCE

CREATE_INSTANCE

CREATE_NODEGROUP

CREATE_NODEGROUP

CREATE_NODEGROUP

CREATE_OBJECT

CREATE_OBJECT

CREATE TABLESPACE

CREATE_TABLESPACE

CREATE_TABLESPACE

CREATE TABLESPACE

DB2AUDIT

DB2AUDIT

ALTER SYSTEM

DB2REMOT

DB2REMOT

DB2REMOT

DB2SET

DB2SET

ALTER SYSTEM

DEACTIVATE_DB

DEACTIVATE_DB

ALTER DATABASE

DELETE_INSTANCE

DELETE_INSTANCE

DELETE_INSTANCE

DROP_BUFFERPOOL

DROP_BUFFERPOOL

DROP_BUFFERPOOL

DROP_DATABASE

DROP_DATABASE

DROP DATABASE

DROP_EVENT_MONITOR

DROP_EVENT_MONITOR

DROP_EVENT_MONITOR

DROP_NODEGROUP

DROP_NODEGROUP

DROP_NODEGROUP

DROP_OBJECT

DROP_OBJECT

DROP TABLESPACE

DROP_TABLESPACE

DROP_TABLESPACE

DROP TABLESPACE

FETCH_HISTORY_FILE

FETCH_HISTORY_FILE

ALTER SYSTEM

FORCE_APPLICATION

FORCE_APPLICATION

FORCE_APPLICATION

KILLDBM

KILLDBM

ALTER SYSTEM

MIGRATE_DB

MIGRATE_DB

ALTER SYSTEM

MIGRATE_DB_DIR

MIGRATE_DB_DIR

ALTER SYSTEM

MIGRATE_SYSTEM_DIRECTORY

MIGRATE_SYSTEM_DIRECTORY

ALTER SYSTEM

OPEN_HISTORY_FILE

OPEN_HISTORY_FILE

ALTER SYSTEM

QUIESCE_TABLESPACE

QUIESCE_TABLESPACE

ALTER TABLESPACE

REBIND

REBIND

ALTER DATABASE

RENAME_TABLESPACE

RENAME_TABLESPACE

ALTER TABLESPACE

RESET_ADMIN_CFG

RESET_ADMIN_CFG

ALTER SYSTEM

RESET_DB_CFG

RESET_DB_CFG

ALTER DATABASE

RESET_DBM_CFG

RESET_DBM_CFG

ALTER SYSTEM

RESTORE_DB

RESTORE_DB

RESTORE

ROLLFORWARD_DB

ROLLFORWARD_DB

ROLLFORWARD

SET_APPL_PRIORITY

SET_APPL_PRIORITY

ALTER SYSTEM

SET_TABLESPACE_CONTAINERS

SET_TABLESPACE_CONTAINERS

ALTER TABLESPACE

START_DB2

START_DB2

STARTUP

STOP_DB2

STOP_DB2

SHUTDOWN

UNQUIESCE_TABLESPACE

UNQUIESCE_TABLESPACE

ALTER TABLESPACE

UPDATE_ADMIN_CFG

UPDATE_ADMIN_CFG

ALTER SYSTEM

UPDATE_AUDIT

UPDATE_AUDIT

ALTER SYSTEM

UPDATE_DB_CFG

UPDATE_DB_CFG

ALTER DATABASE

UPDATE_DBM_CFG

UPDATE_DBM_CFG

ALTER SYSTEM


Table D-19 lists the IBM DB2 system management event attributes.

Table D-19 IBM DB2 System Management Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.13 Unknown or Uncategorized Events

Unknown or uncategorized events track audited activity that cannot be categorized. The Uncategorized Activity Report, described in Section 3.3.4.4, uses these events.

Table D-20 lists the IBM DB2 unknown or uncategorized source database event and equivalent Oracle Audit Vault event.

Table D-20 IBM DB2 Unknown or Uncategorized Audit Events

Event Name Description Source Event Audit Vault Event

ALTER_OBJECT

ALTER_OBJECT

ALTER SUMMARY

CREATE_OBJECT

CREATE_OBJECT

CREATE SUMMARY

DROP_OBJECT

DROP_OBJECT

DROP SUMMARY


Table D-21 lists the IBM DB2 unknown or uncategorized event attributes.

Table D-21 IBM DB2 Unknown or Uncategorized Event Attributes

Attribute Name Data Type

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)


D.14 User Session Events

User session events track audited authentication events for users who log in to the database. The User Sessions Report, described in Section 3.3.2.7, uses these events.

Table D-22 lists the IBM DB2 user session source database events and the equivalent Oracle Audit Vault events.

Table D-22 IBM DB2 User Session Audit Events

Event Name Description Source Event Audit Vault Event

ATTACH

ATTACH

CREATE SESSION

AUTHENTICATE

AUTHENTICATE

AUTHENTICATE

COMMIT

COMMIT

COMMIT

CONNECT

CONNECT

LOGON

CONNECT RESET

CONNECT RESET

LOGOFF

DETACH

DETACH

ALTER SESSION

ROLLBACK

ROLLBACK

ROLLBACK

VALIDATE_USER

VALIDATE_USER

AUTHENTICATE


Table D-23 lists the IBM DB2 user session event attributes.

Table D-23 IBM DB2 User Session Event Attributes

Attribute Name Data Type

AUTHENTICATION_METHOD

VARCHAR2(255)

CONTEXTID

VARCHAR2(4000)

COORDINATOR_NODE_NUM

NUMBER

ENDUSER

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

ORIGIN_NODE_NUM

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PACKAGE_INFO_STR

VARCHAR2

PARENT_CONTEXTID

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

TRUSTED_CONTEXT_STR

VARCHAR2

USERNAME

VARCHAR2(4000)