I IBM DB2 Audit Events

IBM DB2 audit events cover categories such as account management events and application management events.

I.1 About the IBM DB2 for LUW Audit Events

IBM DB2 for LUW audit events are in categories such as account management events or application management events.

This appendix maps audit event names used in IBM DB2 for LUW to their equivalent values in the command_class and target_type fields in the Oracle Audit Vault and Database Firewall audit record. The audit events are organized in useful categories, for example, Account Management events. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools.

See Also:

Oracle Audit Vault and Database Firewall Database Schemas for Oracle Audit Vault and Database Firewall data warehouse details that may be useful in designing your own reports.

I.2 Account Management Events

Account management events track SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT command.

Table I-1 lists the IBM DB2 account management events and the equivalent Oracle Audit Vault and Database Firewall events.

Table I-1 IBM DB2 Account Management Audit Events

Source Event Event Description Command Class Target Type

ADD_DEFAULT_ROLE

Add Default Role

CREATE

NULL

ADD_USER

Add User

CREATE

Any possible target type values for IBM DB2 Audit Events in List 3.

ALTER_USER_ADD_ROLE

Alter User Add Role

ALTER

NULL

ALTER_USER_ADD_ROLE

Alter User Add Role

ALTER

Any possible target type values for IBM DB2 Audit Events in List 3.

ALTER_USER_AUTHENTICATION

Alter User Authentication

ALTER

Any possible target type values for IBM DB2 Audit Events in List 3.

ALTER_USER_DROP_ROLE

Alter User Drop Role

ALTER

Any possible target type values for IBM DB2 Audit Events in List 3.

AUTHENTICATION

Authentication

VALIDATE

NULL

DROP_DEFAULT_ROLE

Drop Default Role

DROP

NULL

DROP_USER

Drop User

DROP

Any possible target type values for IBM DB2 Audit Events in List 3.

SET_SESSION_USER

Set Session User

SET

Any possible target type values for IBM DB2 Audit Events in List 3.

See Also:

List 3: Possible Target Type Values for IBM DB2 Audit Events for possible Target Type values.

I.3 Application Management Events

Application management events track actions performed on the underlying SQL commands of system services and applications, such as the CREATE RULE command.

Table I-2 lists the IBM DB2 application management events and the equivalent Oracle Audit Vault and Database Firewall events.

Table I-2 IBM DB2 Application Management Events

Source Event Event Description Command Class Target Type

ALTER_OBJECT

Alter Object

ALTER

ALTER

ALTER

ALTER

ALTER

ALTER

Any possible target type values for IBM DB2 Audit Events in List 2.

CREATE_OBJECT

Create Object

CREATE

CREATE

CREATE

CREATE

CREATE

CREATE

Any possible target type values for IBM DB2 Audit Events in List 2.

DROP_OBJECT

Drop Object

DROP

DROP

DROP

DROP

DROP

DROP

Any possible target type values for IBM DB2 Audit Events in List 2.

I.4 Audit Command Events

Audit command events track the use of auditing SQL commands on other SQL commands and on database objects.

Table I-3 lists the IBM DB2 audit command events and the equivalent Oracle AVDF events.

Table I-3 IBM DB2 Audit Command Audit Events

Source Event Event Description Command Class Target Type

ALTER_AUDIT_POLICY

Alter Audit Policy

AUDIT

POLICY

ARCHIVE

Archive

ARCHIVE

NULL

AUDIT_REMOVE

Audit Remove

NOAUDIT

NULL

AUDIT_REPLACE

Audit Replace

AUDIT

NULL

AUDIT_USING

Audit Using

AUDIT

NULL

CONFIGURE

Configure

AUDIT

NULL

CREATE_AUDIT_POLICY

Create Audit Policy

AUDIT

POLICY

DB2AUD

DB2 Aud

ALTER

NULL

DROP_AUDIT_POLICY

Drop Audit Policy

NOAUDIT

POLICY

PRUNE

Prune

GRANT

NULL

START

Start

AUDIT

NULL

STOP

Stop

NOAUDIT

NULL

I.5 Context Events

Context events include start and stop events.

Table I-4 lists the IBM DB2 context events and the equivalent Oracle AVDF events.

Table I-4 IBM DB2 Audit Context Audit Events

Source Event Event Description Command Class Target Type

DARI_START

DARI Start

START

NULL

DARI_STOP

DARI Stop

STOP

NULL

REORG

Reorg

REFRESH

NULL

I.6 Data Access Events

Data access events track audited SQL commands, such as all SELECT TABLE, INSERT TABLE, or UPDATE TABLE commands.

The Data Access Report uses these events.

Table I-5 lists the IBM DB2 data access events and the equivalent Oracle Audit Vault and Database Firewall events.

Table I-5 IBM DB2 Data Access Audit Events

Source Event Event Description Command Class Target Type

EXECUTE

Execute

INSERT

UPDATE

NULL

GET_DB_CFG

Get DB Cfg

GET

NULL

GET_DFLT_CFG

Get Dflt Cfg

GET

NULL

GET_GROUPS

Get Groups

GET

NULL

GET_TABLESPACE_STATISTIC

Get Tablespace Statistic

GET

NULL

GET_USERID

Get Userid

GET

NULL

READ_ASYNC_LOG_RECORD

Read Async Log Record

READ

NULL

STATEMENT

Statement

SELECT

NULL

STATEMENT

Statement

UPDATE

NULL

STATEMENT

Statement

INSERT

NULL

STATEMENT

Statement

DELETE

NULL

See Also:

Data Access Report

I.7 Exception Events

Exception events track audited error and exception activity, such as network errors.

These events do not have any event names.

I.8 Execution Event

The IBM DB2 execution event is a data event.

Table I-6 lists the IBM DB2 execution event and the equivalent Oracle AVDF event.

Table I-6 IBM DB2 Execution Event

Source Event Event Description Command Class Target Type

DATA

A host variable or parameter marker data values for the statement. This event is repeated for each host variable or parameter marker that is part of the statement. It is only present in a delimited extract of an audit log.

SET

NULL

I.9 Invalid Record Events

Invalid record events track audited activity that Oracle AVDF cannot recognize, possibly due to a corrupted audit record.

I.10 Object Management Events

Object management events track audited actions performed on database objects, such as CREATE TABLE commands.

Table I-7 lists the IBM DB2 object management events and the equivalent Oracle Audit Vault and Database Firewall events.

Table I-7 IBM DB2 Object Management Audit Events

Source Event Event Description Command Class Target Type

ALTER_OBJECT

Alter Object

ALTER

ALTER

ALTER

ALTER

ALTER

ALTER

Any possible target type values for IBM DB2 Audit Events in List 2.

CREATE_OBJECT

Create Object

CREATE

CREATE

CREATE

CREATE

CREATE

CREATE

Any possible target type values for IBM DB2 Audit Events in List 2.

DROP_OBJECT

Drop Object

DROP

DROP

DROP

DROP

DROP

DROP

Any possible target type values for IBM DB2 Audit Events in List 2.

RENAME_OBJECT

Rename Object

RENAME

Any possible target type values for IBM DB2 Audit Events in List 2.

I.11 Peer Association Events

Peer association events track database link commands.

These events do not have any event names; they only contain event attributes.

I.12 Role and Privilege Management Events

Role and privilege management events track audited role and privilege management activity, such as granting a user permissions to alter an object.

Table I-8 lists the IBM DB2 role and privilege management events and the equivalent Oracle Audit Vault and Database Firewall events.

Table I-8 IBM DB2 Role and Privilege Management Audit Events

Source Event Event Description Command Class Target Type

ADD_DEFAULT_ROLE

Add Default Role

CREATE

NULL

ALTER_DEFAULT_ROLE

Alter Default Role

ALTER

NULL

ALTER_OBJECT

Alter Object

ALTER

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

ALTER SECURITY POLICY

Alter security policy

ALTER

NULL

CHECKING_FUNCTION

Checking Function

VALIDATE

Any from List 1: Possible Target Type Values for IBM DB2 Audit Events

CHECKING_MEMBERSHIP_IN_ROLES

Checking Membership In Roles

VALIDATE

NULL

CHECKING_OBJECT

Checking Object

VALIDATE

Any from List 1: Possible Target Type Values for IBM DB2 Audit Events

CHECKING_TRANSFER

Checking Transfer

VALIDATE

NULL

CREATE_OBJECT

Create Object

CREATE

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

DROP_DEFAULT_ROLE

Drop Default Role

DROP

NULL

DROP_OBJECT

Drop Object

DROP

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

GRANT

Grant

GRANT

Any from List 3: Possible Target Type Values for IBM DB2 Audit Events

GRANT_DB_AUTH

Grant DB Auth

GRANT

NULL

GRANT_DB_AUTHORITIES

Grant DB Authorities

GRANT

NULL

GRANT_DBADM

Grant DBADM

GRANT

NULL

IMPLICIT_GRANT

Implicit Grant

GRANT

Any from List 3: Possible Target Type Values for IBM DB2 Audit Events

IMPLICIT_REVOKE

Implicit Revoke

REVOKE

Any from List 3: Possible Target Type Values for IBM DB2 Audit Events

REVOKE

Revoke

REVOKE

Any from List 3: Possible Target Type Values for IBM DB2 Audit Events

REVOKE_DB_AUTH

Revoke DB Auth

REVOKE

NULL

REVOKE_DB_AUTHORITIES

Revoke DB Authorities

SYSTEM

NULL

REVOKE_DBADM

Revoke DBADM

REVOKE

NULL

I.13 Service and Application Utilization Events

Service and application utilization events track audited application access activity, such as the execution of SQL commands.

Table I-9 lists the IBM DB2 service and application utilization events and the equivalent Oracle AVDF events.

Table I-9 IBM DB2 Service and Application Utilization Audit Events

Source Event Event Description Command Class Target Type

EXECUTE

Execute

EXECUTE

NULL

EXECUTE_IMMEDIATE

Execute Immediate

EXECUTE

NULL

TRANSFER

Transfer

GRANT

NULL

I.14 System Administration Events

System administration events track SQL commands that affect the system administration of a DB2 database, such as commit operations.

Table I-10 lists the IBM DB2 system administration events and the equivalent Oracle AVDF events.

Table I-10 IBM DB2 System Administration Audit Events

Source Event Event Description Command Class Target Type

ATTACH_DEBUGGER

Attach Debugger

LOAD

NULL

COMMIT_DSF_CFS

Commit DSF CFS

COMMIT

NULL

COMMIT_DSF_CM

Commit DSF CM

COMMIT

NULL

COMMIT_DSF_INSTANCE

Commit DSF Instance

COMMIT

NULL

MAINTENANCE_DSF_MODE

Maintenance DSF Mode

UPDATE

NULL

START_CF

Start CF

START

NULL

STOP_CF

Stop CF

STOP

NULL

START_DSF_INSTANCE

Start DSF Instance

START

NULL

STOP_DSF_INSTANCE

Stop DSF Instance

STOP

NULL

TRANSFER_OWNERSHIP

Transfer Ownership

MOVE

NULL

UPDATE_DSF_MEMBER_OR_CF

Update DSF Member or CF

UPDATE

NULL

I.15 System Management Events

System management events track audited system management activity, such as the CREATE DATABASE and DISK INIT commands.

Table I-11 lists the IBM DB2 system management events and the equivalent Oracle AVDF events.

Table I-11 IBM DB2 System Management Audit Events

Source Event Event Description Command Class Target Type

ACTIVATE_DB

Activate DB

ALTER

NULL

ADD_NODE

Add Node

CREATE

NULL

ALTER_BUFFERPOOL

Alter Bufferpool

ALTER

NULL

ALTER_DATABASE

Alter Database

ALTER

NULL

ALTER_NODEGROUP

Alter Nodegroup

ALTER

NULL

ALTER_OBJECT

Alter Object

ALTER

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

ALTER_TABLESPACE

Alter Tablespace

ALTER

TABLESPACE

BACKUP_DB

Backup DB

BACKUP

DATABASE

BIND

Bind

ALTER

NULL

CATALOG_DB

Catalog DB

SET

NULL

CHANGE_DB_COMMENT

Change DB Comment

UPDATE

NULL

CATALOG_DCS_DB

Catalog Dcs DB

SET

NULL

CATALOG_NODE

Catalog Node

SET

NULL

CHECK_GROUP_MEMBERSHIP

Check Group Membership

VALIDATE

NULL

CLOSE_CONTAINER_QUERY

Close Container Query

CLOSE

NULL

CLOSE_CURSOR

Close Cursor

CLOSE

CURSOR

CLOSE_HISTORY_FILE

Close History File

ALTER

NULL

CLOSE_TABLESPACE_QUERY

Close Tablespace Query

CLOSE

NULL

CONFIGURE

Configure

AUDIT

NULL

CREATE_BUFFERPOOL

Create Bufferpool

CREATE

NULL

CREATE_DATABASE

Create Database

CREATE

DATABASE

CREATE_DB_AT_NODE

Create DB at Node

CREATE

NULL

CREATE_EVENT_MONITOR

Create Event Monitor

CREATE

NULL

CREATE_INSTANCE

Create Instance

CREATE

NULL

CREATE_NODEGROUP

Create Nodegroup

CREATE

NULL

CREATE_OBJECT

Create Object

CREATE

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

CREATE_TABLESPACE

Create Tablespace

CREATE

TABLESPACE

DB2AUDIT

DB2 Audit

ALTER

NULL

DB2REMOT

DB2 Remote

REMOTE CALL

NULL

DB2SET

DB2 Set

ALTER

NULL

DB2TRC

Db2trc

DROP

NULL

DBM_CFG_OPERATION

DBM Cfg Operation

CONFIGURE

NULL

DEACTIVATE_DB

Deactivate DB

ALTER

NULL

DESCRIBE

Describe

DESCRIBE

NULL

DESCRIBE_DATABASE

Describe Database

DESCRIBE

NULL

DELETE_INSTANCE

Delete Instance

DELETE

NULL

DISCOVER

Discover

GET

NULL

DROP_BUFFERPOOL

Drop Bufferpool

DROP

NULL

DROP_DATABASE

Drop Database

DROP

DATABASE

DROP_EVENT_MONITOR

Drop Event Monitor

DROP

NULL

DROP_NODE_VERIFY

Drop Node Verify

DROP

NULL

DROP_NODEGROUP

Drop Nodegroup

DROP

NULL

DROP_OBJECT

Drop Object

DROP

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

DROP_TABLESPACE

Drop Tablespace

DROP

NULL

ENABLE_MULTIPAGE

Enable Multipage

ENABLE

NULL

EXTERNAL_CANCEL

External Cancel

STOP

NULL

ESTIMATE_SNAPSHOT_SIZE

Estimate Snapshot Size

CALCULATE

NULL

EXTRACT

Extract

GET

NULL

FETCH_CONTAINER_QUERY

Fetch Container Query

RETRIEVE

NULL

FETCH_CURSOR

Fetch Cursor

RETRIEVE

CURSOR

FETCH_HISTORY_FILE

Fetch History File

RETRIEVE

NULL

FETCH_TABLESPACE

Fetch Tablespace

RETRIEVE

NULL

FETCH_TABLESPACE_QUERY

Fetch Tablespace Query

RETRIEVE

NULL

FLUSH

Flush

FLUSH

NULL

FORCE_APPLICATION

Force Application

FORCE

NULL

GET_SNAPSHOT

Get Snapshot

GET

NULL

GET_USERMAPPING_FROM_PLUGIN

Get Usermapping From Plugin

GET

NULL

IMPLICIT_REBIND

Implicit Rebind

BIND

NULL

KILLDBM

Kill DBM

ALTER

NULL

LIST_DRDA_INDOUBT_TRANSACTIONS

List Drda Indoubt Transactions

LIST

NULL

LIST_LOGS

List Logs

LIST

NULL

LOAD_MSG_FILE

Load Msg File

LOAD

NULL

LOAD_TABLE

Load Table

INSERT

NULL

MERGE_DBM_CONFIG_FILE

Merge DBM Config File

UPDATE

NULL

MIGRATE_DB

Migrate DB

MIGRATE

NULL

MIGRATE_DB_DIR

Migrate DB DIR

MIGRATE

NULL

MIGRATE_SYSTEM_DIRECTORY

Migrate System Directory

MIGRATE

NULL

OPEN_CONTAINER_QUERY

Open Container Query

OPEN

NULL

OPEN_CURSOR

Open Cursor

OPEN

CURSOR

OPEN_HISTORY_FILE

Open History File

OPEN

NULL

OPEN_TABLESPACE_QUERY

Open Tablespace Query

OPEN

NULL

PREPARE

Prepare

ASSIGN

NULL

PRUNE_RECOVERY_HISTORY

Prune Recovery History

PRUNE

NULL

QUIESCE_TABLESPACE

Quiesce Tablespace

ALTER

NULL

REBIND

Rebind

ALTER

NULL

REDISTRIBUTE

Redistribute

SEND

NULL

REDISTRIBUTE_NODEGROUP

Redistribute Nodegroup

SEND

NULL

RELEASE SAVEPOINT

Release savepoint

RELEASE

NULL

RENAME_TABLESPACE

Rename Tablespace

RENAME

NULL

RESET_ADMIN_CFG

Reset Admin Cfg

RESET

NULL

RESET_DB_CFG

Reset DB Cfg

RESET

NULL

RESET_DBM_CFG

Reset DBM Cfg

RESET

NULL

RESET_MONITOR

Reset Monitor

RESET

NULL

RESTORE_DB

Restore DB

RESTORE

DATABASE

ROLLFORWARD_DB

Rollforward DB

ROLLFORWARD

DATABASE

RUNSTATS

Run Stats

EXECUTE

NULL

SAVEPOINT

Savepoint

SAVEPOINT

NULL

SET_APPL_PRIORITY

Set Appl Priority

SET

NULL

SET_EVENT_MONITOR_STATE

Set Event Monitor State

SET

NULL

SET_MONITOR

Set Monitor

SET

NULL

SET_RUNTIME_DEGREE

Set Runtime Degree

SET

NULL

SET SAVEPOINT

Set Savepoint

SET

NULL

SET_TABLESPACE_CONTAINERS

Set Tablespace Containers

SET

NULL

SINGLE_TABLESPACE_QUERY

Single Tablespace Query

EXECUTE

NULL

START_DB2

Start DB2

STARTUP

DATABASE

STOP_DB2

Stop DB2

SHUTDOWN

DATABASE

UNCATALOG_DB

Uncatalog DB

RESET

NULL

UNLOAD_TABLE

Unload Table

DELETE

NULL

UNQUIESCE_TABLESPACE

Unquiesce Tablespace

ALTER

NULL

UPDATE_ADMIN_CFG

Update Admin Cfg

UPDATE

NULL

UPDATE_AUDIT

Update Audit

ALTER

NULL

UPDATE_CLI_CONFIGURATION

Update CLI Configuration

UPDATE

NULL

UPDATE_DB_CFG

Update DB Cfg

UPDATE

NULL

UPDATE_DB_VERSION

Update DB Version

UPDATE

NULL

UNCATALOG_DCS_DB

Uncatalog Dcs DB

RESET

NULL

UNCATALOG_NODE

Uncatalog Node

RESET

NULL

UPDATE_DBM_CFG

Update DBM Cfg

UPDATE

Any from List 3: Possible Target Type Values for IBM DB2 Audit Events

UPDATE_RECOVERY_HISTORY

Update Recovery History

UPDATE

NULL

I.16 Unknown or Uncategorized Events

Unknown or uncategorized events track audited activity that cannot be categorized.

Table I-12 lists the IBM DB2 unknown or uncategorized event and equivalent Oracle AVDF event.

Table I-12 IBM DB2 Unknown or Uncategorized Audit Events

Source Event Event Description Command Class Target Type

ALTER_OBJECT

Alter Object

ALTER

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

CREATE_OBJECT

Create Object

CREATE

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

DROP_OBJECT

Drop Object

DROP

Any from List 2: Possible Target Type Values for IBM DB2 Audit Events

I.17 User Session Events

User session events track audited authentication events for users who log in to the database.

Table I-13 lists the IBM DB2 user session events and the equivalent Oracle AVDF events.

Table I-13 IBM DB2 User Session Audit Events

Source Event Event Description Command Class Target Type

ATTACH

Attach

CONNECT

NULL

AUTHENTICATE

Authenticate

AUTHENTICATE

NULL

COMMIT

Commit

COMMIT

NULL

CONNECT

Connect

LOGIN

NULL

CONNECT_RESET

Connect Reset

LOGOUT

NULL

CONNECT RESET

Connect Reset

LOGOUT

NULL

DETACH

Detach

DISCONNECT

NULL

GLOBAL COMMIT

Global Commit

COMMIT

NULL

GLOBAL ROLLBACK

Global Rollback

ROLLBACK

NULL

REQUEST_ROLLBACK

Request Rollback

REQUEST

NULL

ROLLBACK

Rollback

ROLLBACK

NULL

SET_SESSION_USER

Set Session User

SET

NULL

SWITCH_USER

Switch User

MOVE

NULL

SWITCH USER

Switch User

MOVE

NULL

I.18 Possible Target Type Values for IBM DB2 Audit Events

Target Type values associated with certain audit events can be from categories such as FUNCTION, MODULE, or INDEX.

See the Audit Event tables in the appendix for references.

I.18.1 List 1: Possible Target Type Values for IBM DB2 Audit Events

Possible target types can be FUNCTION, VARIABLE, and HISTOGRAM TEMPLATE.

Possible Target Types

SYNONYM
ALL
POLICY
BUFFERPOOL
DATABASE
EVENT MONITOR
FUNCTION
FUNCTION MAPPING
VARIABLE
HISTOGRAM TEMPLATE
INDEX
INSTANCE
METHOD
MODULE
NODEGROUP
NONE
PROFILE
PACKAGE
PACKAGE CACHE
REOPT VALUES
ROLE
SCHEMA
SEQUENCE
SERVER
SERVER OPTION
SERVICE CLASS
PROCEDURE
TABLE
TABLESPACE
THRESHOLD
CONTEXT
TYPE MAPPING
TYPE&TRANSFORM
USER MAPPING
VIEW
WORK ACTION SET
WORK CLASS SET
WORKLOAD
WRAPPER
XSR OBJECT

I.18.2 List 2: Possible Target Type Values for IBM DB2 Audit Events

Possible target types can include SYNONYM, BUFFERPOOL, and EVENT MONITOR.

Possible Target Types

SYNONYM
POLICY
BUFFERPOOL
CONSTRAINT
TYPE
EVENT MONITOR
FOREIGN_KEY
FUNCTION
FUNCTION MAPPING
GLOBAL_VARIABLE
HISTOGRAM TEMPLATE
INDEX
INDEX EXTENSION
JAVA
METHOD
MODULE
NODEGROUP
NONE
PACKAGE
PRIMARY_KEY
ROLE
SCHEMA
LABEL
SECURITY LABEL COMPONENT
POLICY
SEQUENCE
SERVER
SERVER OPTION
SERVICE CLASS
PROCEDURE
TABLE
TABLESPACE
THRESHOLD
TRIGGER
CONTEXT
TYPE MAPPING
TYPE&TRANSFORM
CONSTRAINT
USER MAPPING
VIEW
WORK ACTION SET
WORK CLASS SET
WORKLOAD
WRAPPER

I.18.3 List 3: Possible Target Type Values for IBM DB2 Audit Events

Possible target types can be RULE, DATABASE, and METHOD.

Possible Target Types

RULE
DATABASE
FUNCTION
VARIABLE
INDEX
METHOD
MODULE
SYNONYM
NONE
PACKAGE
ROLE
SCHEMA
LABEL
POLICY
SERVER
PROCEDURE
TABLE
TABLESPACE
CONTEXT
VIEW
WORKLOAD
XSR OBJECT
PRIMARY KEY
MASK
USER TEMPORARY TABLE
TRUSTED CONTEXT
PERMISSION