22.2 Information output to an audit trail file

Table 22-3 lists the information output to an audit trail file.

Table 22-3 Information output to an audit trail file

Collected informationExplanation
User identifierAuthorization identifier of user who executed the audited event
Event execution dateDate the event was executed
Event execution timeTime the event was executed
Event execution durationAmount of time required to execute the event (in microseconds)
Event typeType of event (see Table 22-16 Event types and subtypes)
Event subtypeEvent's subtype (see Table 22-16 Event types and subtypes)
Event success or failureResult of event execution (whether or not privilege checking was successful)
Privilege usedPrivilege used when the event was executed
UAP nameUAP name specified in client environment definition's PDCLTAPNAME operand
Service nameName of the service requested by the UAP that issued the event. If it is an OpenTP1 SUP (service use program), this is the name of the service requested of the SPP (service provider program); if it is TP1/Message Control, this is the name of the service requested of the MHP (message processing program).
IP addressIP address of the client that executed the UAP that issued the event*
Process numberProcess ID of the UAP that issued the event*
Thread numberThread ID of the UAP that issued the event*
Host nameTarget host name of the UAP connection that issued the event
Unit identifierTarget unit identifier of the UAP connection that issued the event
Server nameTarget front-end server name or single-server name of the UAP connection that issued the event
Connect numberConnect number of the user that issued the event
SQL numberEvent SQL number
Object owner nameOwner name of the object that is the target of the event privilege check
Object nameObject name of the object that is the target of the event privilege check
Object typeObject type of the object that is the target of the event privilege check
Added, deleted, or changed privilegePrivilege added, deleted, or changed due to the event
One of the following is acquired:
  • User identifier of user who granted, deleted, or changed a privilege
  • User identifier associated with the event target
  • Identifier of the user whose privilege was granted, deleted, or changed by the event
  • Authorization identifier that became the event target
Security audit facility operand valuesValues of operands related to security audit facility (values applicable at time of HiRDB startup)
Audit trail typeIndicator of privilege checking or event termination
SQL code or termination codeTermination code of the SQL, utility, or command
Audit trail file name at swapping sourceAudit trail file name at the swapping source when swapping occurs
Audit trail file name at swapping destinationAudit trail file name at the swapping destination when swapping occurs
Type of setting change for connection security facilityType of setting change for the connection security facility (the change type is set also when a password is changed)
Operand value related to connection security facility (before change)Operand value related to the connection security facility before the change
Operand value related to connection security facility (after change)Operand value related to the connection security facility after the change
Audit trail table optionFlag when the event option target is an audit trail table, a view table that uses an audit trail as the base table, or a list that uses an audit trail
Number of accessesNumber of rows searched, inserted, updated, and deleted in an object (base table, view table, foreign table, table alias, or list) by the event
Note
The information that is collected depends on the event. For a list of the information that is collected for each event, see 22.12 Audit trail record items (during privilege checking) and 22.13 Audit trail record items (at event termination).
* When introducing applications under Open/TP1 or when introducing web servers and other products, information on the application connected to HiRDB is collected, rather than information on the application executed by the end user.