J IBM DB2 Audit Events
IBM DB2 audit events cover categories such as account management events and application management events.
J.1 About the IBM DB2 for LUW Audit Events
IBM DB2 for LUW audit events are in categories such as account management events or application management events.
This appendix maps audit event names used in IBM DB2 for LUW to their equivalent values in the command_class and target_type fields in the Oracle Audit Vault and Database Firewall audit record. The audit events are organized in useful categories, for example, Account Management events. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools.
See Also:
Oracle Audit Vault and Database Firewall Database Schemas for Oracle Audit Vault and Database Firewall data warehouse details that may be useful in designing your own reports.
J.2 Account Management Events
Account management events track SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT
command.
Table J-1 lists the IBM DB2 account management events and the equivalent Oracle Audit Vault and Database Firewall events.
Table J-1 IBM DB2 Account Management Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Add Default Role |
|
|
|
Add User |
|
Any possible target type values for IBM DB2 Audit Events in List 3. |
|
Alter User Add Role |
|
|
|
Alter User Add Role |
|
Any possible target type values for IBM DB2 Audit Events in List 3. |
|
Alter User Authentication |
|
Any possible target type values for IBM DB2 Audit Events in List 3. |
|
Alter User Drop Role |
|
Any possible target type values for IBM DB2 Audit Events in List 3. |
|
Authentication |
|
NULL |
|
Drop Default Role |
DROP |
NULL |
|
Drop User |
|
Any possible target type values for IBM DB2 Audit Events in List 3. |
|
Set Session User |
|
Any possible target type values for IBM DB2 Audit Events in List 3. |
See Also:
List 3: Possible Target Type Values for IBM DB2 Audit Events for possible Target Type values.
J.3 Application Management Events
Application management events track actions performed on the underlying SQL commands of system services and applications, such as the CREATE RULE
command.
Table J-2 lists the IBM DB2 application management events and the equivalent Oracle Audit Vault and Database Firewall events.
Table J-2 IBM DB2 Application Management Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Alter Object |
|
Any possible target type values for IBM DB2 Audit Events in List 2. |
|
Create Object |
|
Any possible target type values for IBM DB2 Audit Events in List 2. |
|
Drop Object |
|
Any possible target type values for IBM DB2 Audit Events in List 2. |
J.4 Audit Command Events
Audit command events track the use of auditing SQL commands on other SQL commands and on database objects.
Table J-3 lists the IBM DB2 audit command events and the equivalent Oracle AVDF events.
Table J-3 IBM DB2 Audit Command Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Alter Audit Policy |
|
|
|
Archive |
|
|
|
Audit Remove |
|
|
|
Audit Replace |
|
|
|
Audit Using |
|
|
|
Configure |
|
|
|
Create Audit Policy |
|
|
|
DB2 Aud |
|
|
|
Drop Audit Policy |
|
|
|
Prune |
|
|
|
Start |
|
|
|
Stop |
|
|
J.5 Context Events
Context events include start and stop events.
Table J-4 lists the IBM DB2 context events and the equivalent Oracle AVDF events.
Table J-4 IBM DB2 Audit Context Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
DARI Start |
|
|
|
DARI Stop |
|
|
|
Reorg |
|
|
J.6 Data Access Events
Data access events track audited SQL commands, such as all SELECT TABLE
, INSERT TABLE
, or UPDATE TABLE
commands.
The Data Access Report uses these events.
Table J-5 lists the IBM DB2 data access events and the equivalent Oracle Audit Vault and Database Firewall events.
Table J-5 IBM DB2 Data Access Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Execute |
|
|
|
Get DB Cfg |
|
|
|
Get Dflt Cfg |
|
|
|
Get Groups |
|
|
|
Get Tablespace Statistic |
|
|
|
Get Userid |
|
|
|
Read Async Log Record |
|
|
|
Statement |
|
|
|
Statement |
|
|
|
Statement |
|
|
|
Statement |
|
|
See Also:
J.7 Exception Events
Exception events track audited error and exception activity, such as network errors.
These events do not have any event names.
J.8 Execution Event
The IBM DB2 execution event is a data event.
Table J-6 lists the IBM DB2 execution event and the equivalent Oracle AVDF event.
Table J-6 IBM DB2 Execution Event
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
A host variable or parameter marker data values for the statement. This event is repeated for each host variable or parameter marker that is part of the statement. It is only present in a delimited extract of an audit log. |
|
|
J.9 Invalid Record Events
Invalid record events track audited activity that Oracle AVDF cannot recognize, possibly due to a corrupted audit record.
J.10 Object Management Events
Object management events track audited actions performed on database objects, such as CREATE TABLE
commands.
Table J-7 lists the IBM DB2 object management events and the equivalent Oracle Audit Vault and Database Firewall events.
Table J-7 IBM DB2 Object Management Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Alter Object |
|
Any possible target type values for IBM DB2 Audit Events in List 2. |
|
Create Object |
|
Any possible target type values for IBM DB2 Audit Events in List 2. |
|
Drop Object |
|
Any possible target type values for IBM DB2 Audit Events in List 2. |
|
Rename Object |
|
Any possible target type values for IBM DB2 Audit Events in List 2. |
J.11 Peer Association Events
Peer association events track database link commands.
These events do not have any event names; they only contain event attributes.
J.12 Role and Privilege Management Events
Role and privilege management events track audited role and privilege management activity, such as granting a user permissions to alter an object.
Table J-8 lists the IBM DB2 role and privilege management events and the equivalent Oracle Audit Vault and Database Firewall events.
Table J-8 IBM DB2 Role and Privilege Management Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Add Default Role |
|
|
|
Alter Default Role |
|
|
|
Alter Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Alter security policy |
|
|
|
Checking Function |
|
Any from List 1: Possible Target Type Values for IBM DB2 Audit Events |
|
Checking Membership In Roles |
|
|
|
Checking Object |
|
Any from List 1: Possible Target Type Values for IBM DB2 Audit Events |
|
Checking Transfer |
|
|
|
Create Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Drop Default Role |
|
|
|
Drop Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Grant |
|
Any from List 3: Possible Target Type Values for IBM DB2 Audit Events |
|
Grant DB Auth |
|
|
|
Grant DB Authorities |
|
|
|
Grant DBADM |
|
|
|
Implicit Grant |
|
Any from List 3: Possible Target Type Values for IBM DB2 Audit Events |
|
Implicit Revoke |
|
Any from List 3: Possible Target Type Values for IBM DB2 Audit Events |
|
Revoke |
|
Any from List 3: Possible Target Type Values for IBM DB2 Audit Events |
|
Revoke DB Auth |
|
|
|
Revoke DB Authorities |
|
|
|
Revoke DBADM |
|
|
J.13 Service and Application Utilization Events
Service and application utilization events track audited application access activity, such as the execution of SQL commands.
Table J-9 lists the IBM DB2 service and application utilization events and the equivalent Oracle AVDF events.
Table J-9 IBM DB2 Service and Application Utilization Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Execute |
|
|
|
Execute Immediate |
|
|
|
Transfer |
|
|
J.14 System Administration Events
System administration events track SQL commands that affect the system administration of a DB2 database, such as commit operations.
Table J-10 lists the IBM DB2 system administration events and the equivalent Oracle AVDF events.
Table J-10 IBM DB2 System Administration Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Attach Debugger |
|
|
|
Commit DSF CFS |
|
|
|
Commit DSF CM |
|
|
|
Commit DSF Instance |
|
|
|
Maintenance DSF Mode |
|
|
|
Start CF |
|
|
|
Stop CF |
|
|
|
Start DSF Instance |
|
|
|
Stop DSF Instance |
|
|
|
Transfer Ownership |
|
|
|
Update DSF Member or CF |
|
|
J.15 System Management Events
System management events track audited system management activity, such as the CREATE DATABASE
and DISK INIT
commands.
Table J-11 lists the IBM DB2 system management events and the equivalent Oracle AVDF events.
Table J-11 IBM DB2 System Management Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Activate DB |
|
|
|
Add Node |
|
|
|
Alter Bufferpool |
|
|
|
Alter Database |
|
|
|
Alter Nodegroup |
|
|
|
Alter Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Alter Tablespace |
|
|
|
Backup DB |
|
|
|
Bind |
|
|
|
Catalog DB |
|
|
|
Change DB Comment |
|
|
|
Catalog Dcs DB |
|
|
|
Catalog Node |
|
|
|
Check Group Membership |
|
|
|
Close Container Query |
|
|
|
Close Cursor |
|
|
|
Close History File |
|
|
|
Close Tablespace Query |
|
|
|
Configure |
|
|
|
Create Bufferpool |
|
|
|
Create Database |
|
|
|
Create DB at Node |
|
|
|
Create Event Monitor |
|
|
|
Create Instance |
|
|
|
Create Nodegroup |
|
|
|
Create Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Create Tablespace |
|
|
|
DB2 Audit |
|
|
|
DB2 Remote |
|
|
|
DB2 Set |
|
|
|
Db2trc |
|
|
|
DBM Cfg Operation |
|
|
|
Deactivate DB |
|
|
|
Describe |
|
|
|
Describe Database |
|
|
|
Delete Instance |
|
|
|
Discover |
|
|
|
Drop Bufferpool |
|
|
|
Drop Database |
|
|
|
Drop Event Monitor |
|
|
|
Drop Node Verify |
|
|
|
Drop Nodegroup |
|
|
|
Drop Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Drop Tablespace |
|
|
|
Enable Multipage |
|
|
|
External Cancel |
|
|
|
Estimate Snapshot Size |
|
|
|
Extract |
|
|
|
Fetch Container Query |
|
|
|
Fetch Cursor |
|
|
|
Fetch History File |
|
|
|
Fetch Tablespace |
|
|
|
Fetch Tablespace Query |
|
|
|
Flush |
|
|
|
Force Application |
|
|
|
Get Snapshot |
|
|
|
Get Usermapping From Plugin |
GET |
NULL |
|
Implicit Rebind |
|
|
|
Kill DBM |
|
|
|
List Drda Indoubt Transactions |
|
|
|
List Logs |
|
|
|
Load Msg File |
|
|
|
Load Table |
|
|
|
Merge DBM Config File |
|
|
|
Migrate DB |
|
|
|
Migrate DB DIR |
|
|
|
Migrate System Directory |
|
|
|
Open Container Query |
|
|
|
Open Cursor |
|
|
|
Open History File |
|
|
|
Open Tablespace Query |
|
|
|
Prepare |
|
|
|
Prune Recovery History |
|
|
|
Quiesce Tablespace |
|
|
|
Rebind |
|
|
|
Redistribute |
|
|
|
Redistribute Nodegroup |
|
|
|
Release savepoint |
|
|
|
Rename Tablespace |
|
|
|
Reset Admin Cfg |
|
|
|
Reset DB Cfg |
|
|
|
Reset DBM Cfg |
|
|
|
Reset Monitor |
|
|
|
Restore DB |
|
|
|
Rollforward DB |
|
|
|
Run Stats |
|
|
|
Savepoint |
|
|
|
Set Appl Priority |
|
|
|
Set Event Monitor State |
|
|
|
Set Monitor |
|
|
|
Set Runtime Degree |
|
|
|
Set Savepoint |
|
|
|
Set Tablespace Containers |
|
|
|
Single Tablespace Query |
|
|
|
Start DB2 |
|
|
|
Stop DB2 |
|
|
|
Uncatalog DB |
|
|
|
Unload Table |
|
|
|
Unquiesce Tablespace |
|
|
|
Update Admin Cfg |
|
|
|
Update Audit |
|
|
|
Update CLI Configuration |
|
|
|
Update DB Cfg |
|
|
|
Update DB Version |
|
|
|
Uncatalog Dcs DB |
|
|
|
Uncatalog Node |
|
|
|
Update DBM Cfg |
|
Any from List 3: Possible Target Type Values for IBM DB2 Audit Events |
|
Update Recovery History |
|
|
J.16 Unknown or Uncategorized Events
Unknown or uncategorized events track audited activity that cannot be categorized.
Table J-12 lists the IBM DB2 unknown or uncategorized event and equivalent Oracle AVDF event.
Table J-12 IBM DB2 Unknown or Uncategorized Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Alter Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Create Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
|
Drop Object |
|
Any from List 2: Possible Target Type Values for IBM DB2 Audit Events |
J.17 User Session Events
User session events track audited authentication events for users who log in to the database.
Table J-13 lists the IBM DB2 user session events and the equivalent Oracle AVDF events.
Table J-13 IBM DB2 User Session Audit Events
Source Event | Event Description | Command Class | Target Type |
---|---|---|---|
|
Attach |
|
|
|
Authenticate |
|
|
|
Commit |
|
|
|
Connect |
|
|
|
Connect Reset |
|
|
|
Connect Reset |
|
|
|
Detach |
|
|
|
Global Commit |
|
|
|
Global Rollback |
|
|
|
Request Rollback |
|
|
|
Rollback |
|
|
|
Set Session User |
|
|
|
Switch User |
|
|
|
Switch User |
|
|
J.18 Possible Target Type Values for IBM DB2 Audit Events
Target Type values associated with certain audit events can be from categories such as FUNCTION
, MODULE
, or INDEX
.
See the Audit Event tables in the appendix for references.
J.18.1 List 1: Possible Target Type Values for IBM DB2 Audit Events
Possible target types can be FUNCTION
, VARIABLE
, and HISTOGRAM TEMPLATE
.
Possible Target Types
SYNONYM
ALL
POLICY
BUFFERPOOL
DATABASE
EVENT MONITOR
FUNCTION
FUNCTION MAPPING
VARIABLE
HISTOGRAM TEMPLATE
INDEX
INSTANCE
METHOD
MODULE
NODEGROUP
NONE
PROFILE
PACKAGE
PACKAGE CACHE
REOPT VALUES
ROLE
SCHEMA
SEQUENCE
SERVER
SERVER OPTION
SERVICE CLASS
PROCEDURE
TABLE
TABLESPACE
THRESHOLD
CONTEXT
TYPE MAPPING
TYPE&TRANSFORM
USER MAPPING
VIEW
WORK ACTION SET
WORK CLASS SET
WORKLOAD
WRAPPER
XSR OBJECT
J.18.2 List 2: Possible Target Type Values for IBM DB2 Audit Events
Possible target types can include SYNONYM
, BUFFERPOOL
, and EVENT MONITOR
.
Possible Target Types
SYNONYM
POLICY
BUFFERPOOL
CONSTRAINT
TYPE
EVENT MONITOR
FOREIGN_KEY
FUNCTION
FUNCTION MAPPING
GLOBAL_VARIABLE
HISTOGRAM TEMPLATE
INDEX
INDEX EXTENSION
JAVA
METHOD
MODULE
NODEGROUP
NONE
PACKAGE
PRIMARY_KEY
ROLE
SCHEMA
LABEL
SECURITY LABEL COMPONENT
POLICY
SEQUENCE
SERVER
SERVER OPTION
SERVICE CLASS
PROCEDURE
TABLE
TABLESPACE
THRESHOLD
TRIGGER
CONTEXT
TYPE MAPPING
TYPE&TRANSFORM
CONSTRAINT
USER MAPPING
VIEW
WORK ACTION SET
WORK CLASS SET
WORKLOAD
WRAPPER
J.18.3 List 3: Possible Target Type Values for IBM DB2 Audit Events
Possible target types can be RULE
, DATABASE
, and METHOD
.
Possible Target Types
RULE
DATABASE
FUNCTION
VARIABLE
INDEX
METHOD
MODULE
SYNONYM
NONE
PACKAGE
ROLE
SCHEMA
LABEL
POLICY
SERVER
PROCEDURE
TABLE
TABLESPACE
CONTEXT
VIEW
WORKLOAD
XSR OBJECT
PRIMARY KEY
MASK
USER TEMPORARY TABLE
TRUSTED CONTEXT
PERMISSION