The following table lists the information that is output to an audit trail file.

Table 24-4 Information output to an audit trail file

Collected information	Explanation
User identifier	Authorization identifier of user who executed the audited event
Event execution date	Date the event was executed
Event execution time	Time the event was executed
Event execution duration	Amount of time required to execute the event (in microseconds)
Event type	Type of event (see Table 24-21 Event types and subtypes)
Event subtype	Event's subtype (see Table 24-21 Event types and subtypes)
Event success or failure	Result of event execution (whether privilege checking was successful)
Privilege used	Privilege used when the event was executed
UAP name	UAP name specified in client environment definition's PDCLTAPNAME operand
Service name	Name of the service requested by the UAP that issued the event. If it is an OpenTP1 SUP (service use program), this is the name of the service requested of the SPP (service provider program); if it is TP1/Message Control, this is the name of the service requested of the MHP (message processing program).
IP address	IP address of the client that executed the UAP that issued the event#
Process number	Process ID of the UAP that issued the event#
Thread number	Thread ID of the UAP that issued the event#
Host name	Target host name of the UAP connection that issued the event
Unit identifier	Target unit identifier of the UAP connection that issued the event
Server name	Target front-end server name or single-server name of the UAP connection that issued the event
Connect number	Connect number of the user that issued the event
SQL number	Event SQL number
Object owner name	Owner name of the object that is the target of the event privilege check
Object name	Object name of the object that is the target of the event privilege check
Object type	Object type of the object that is the target of the event privilege check
Added, deleted, or changed privilege	Privilege added, deleted, or changed due to the event
One of the following is acquired: User identifier of user who granted, deleted, or changed a privilege User identifier associated with the event target	Identifier of the user whose privilege was granted, deleted, or changed by the event Authorization identifier that became the event target
Security audit facility operand values	Values of operands related to security audit facility (values applicable at time of HiRDB startup)
Audit trail type	Indicator of privilege checking or event termination
SQL code or termination code	Termination code of the SQL, utility, or command
Audit trail file name at swapping source	Audit trail file name at the swapping source when swapping occurs
Audit trail file name at swapping destination	Audit trail file name at the swapping destination when swapping occurs
Type of setting change for connection security facility	Type of setting change for the connection security facility (the change type is set also when a password is changed)
Operand value related to connection security facility (before change)	Operand value related to the connection security facility before the change
Operand value related to connection security facility (after change)	Operand value related to the connection security facility after the change
Audit trail table option	Flag when the event option target is an audit trail table, a view table that uses an audit trail as the base table, or a list that uses an audit trail
Number of accesses	Number of rows searched, inserted, updated, and deleted in an object (base table, view table, or list) by the event
SQL statement	Executed SQL statement
SQL data	Data of the executed SQL
User-added information 1	Additional information specified by the user
User-added information 2
User-added information 3
Additional information 1 for related program products	Additional information specified for Cosminexus or Hitachi Application Server

Note

The information that is collected depends on the event. For a list of the information that is collected for each event, see 24.13 Audit trail record items (during privilege checking) and 24.14 Audit trail record items (at event termination).

#: When introducing applications under OpenTP1 or when introducing Web servers and other products, information on the application connected to HiRDB is collected, rather than information on the application executed by the end user.