12.9.2 Column structure of table function derived table when retrieving audit trails

This section explains the column structure of table function derived tables when retrieving audit trails.

The following table shows the column structure of table function derived tables when retrieving audit trails:

Table 12‒10: Column structure of table function derived table when retrieving audit trails
No.	Column name	Column data type	Description	NOT NULL constraint
1	`HADB_VERSION`	`CHAR(8)`	The version of the HADB server that received the event.	None
2	`AUDIT_TRAIL_TYPE`	`VARCHAR(32)`	The event that caused the audit trail to be acquired. `EVENT` (event termination)	None
3	`EXEC_TIME`	`TIMESTAMP(6)`	The time at which the event finished.	None
4	`USER_NAME`	`VARCHAR(100)`	The authorization identifier of the HADB user who executed the event.	None
5	`EVENT_TYPE`	`VARCHAR(32)`	The type of the event. `SYSTEM` (system event) `AUDIT` (audit event) `SESSION` (session event) `PRIVILEGE` (privilege management event) `DEFINE` (definition SQL event) `MANIPULATE` (data manipulation SQL event) `COMMAND` (command operation event)	None
6	`EVENT_SUBTYPE`	`VARCHAR(64)`	The subtype of the event. For details, see Table 12‒11: Event subtypes output in audit trails.	None
7	`EVENT_RESULT`	`CHAR(10)`	Whether the event was successful. `SUCCESS` `FAILURE` `OCCURRENCE`^# # This type might be output as the event result of event type `DISCONNECT`. For details, see (2) Notes about executing the adbcancel command in 12.10.2 Notes about audit trails output during command execution.	None
8	`USED_PRIVILEGE`	`VARCHAR(32)`	If `EVENT` is output in the `AUDIT_TRAIL_TYPE` column, `NULL` is output in this column.	None
9	`OS_USER_NAME`	`VARCHAR(256)`	The OS account name of the client that issued the event. If the OS account name cannot be identified, `NULL` is output.	None
10	`AP_NAME`	`VARCHAR(30)`	The application identifier of the event issuer. If a command was executed that connects to the HADB server, the command name is output as the application identifier. If the application identifier of the event issuer cannot be identified, `NULL` is output.	None
11	`CLIENT_IP_ADDRESS`^#	`VARCHAR(46)`	The IP address of the client that issued the event. If the IP address of the client that issued the event cannot be identified, `NULL` is output.	None
12	`CLIENT_PORT_NUMBER`^#	`SMALLINT`	The port number of the client that issued the event. If the port number of the client that issued the event cannot be identified, `NULL` is output.	None
13	`CLIENT_PROCESS_NAME`	`VARCHAR(255)`	The process name of the client that issued the event. If either of the following applies, `NULL` is output: The client that issued the event is the JDBC driver The process name of the client that issued the event cannot be identified	None
14	`CLIENT_PROCESS_ID`	`SMALLINT`	The process ID of the client that issued the event. If the process ID of the client that issued the event cannot be identified, `NULL` is output.	None
15	`HADB_HOST_NAME`	`VARCHAR(255)`	The host name of the HADB server that received the event. If the host name of the HADB server cannot be identified, `NULL` is output.	None
16	`HADB_IP_ADDRESS`	`VARCHAR(46)`	The IP address of the HADB server that received the event. If the IP address of the HADB server cannot be identified, `NULL` is output.	None
17	`HADB_PORT_NUMBER`	`SMALLINT`	The port number of the HADB server that received the event. If the port number of the HADB server cannot be identified, `NULL` is output.	None
18	`HADB_PROCESS_ID`	`SMALLINT`	The process ID of the HADB server that received the event. If the process ID of the HADB server cannot be identified, `NULL` is output.	None
19	`ADBDIR`	`VARCHAR(118)`	The path name of the server directory specified in the environment variable `ADBDIR`. If the specified path name is longer than 118 bytes, only the first 118 bytes are output.	None
20	`HADB_NODE_NUMBER`	`SMALLINT`	When using the multi-node function, the node number (1 to 4) of the HADB server that received the event is output. If the multi-node function is not being used, `NULL` is output.	None
21	`CONNECTION_ID`	`SMALLINT`	The connection ID (1 to 1,024) of the connection that executed the event. If the connection ID cannot be identified, `NULL` is output.	None
22	`CONNECTION_NUMBER`	`INTEGER`	The connection sequence number (1 to 4,294,967,295) of the connection that executed the event. If the connection sequence number cannot be identified, `NULL` is output.	None
23	`STATEMENT_HANDLE`	`SMALLINT`	The statement handle (1 to 4,095) used when executing the event. If the statement handle cannot be identified, `NULL` is output.	None
24	`SQL_SERIAL_NUMBER`	`INTEGER`	The serial number of the SQL statement (1 to 9,223,372,036,854,775,807). If the serial number of the SQL statement cannot be identified, `NULL` is output.	None
25	`MESSAGE_LOG_INFO`	`CHAR(20)`	The message log information associated with the event. If the message log information cannot be identified, `NULL` is output.	None
26	`EXIT_STATUS`	`SMALLINT`	If `EVENT` is output in the `AUDIT_TRAIL_TYPE` column, either of the following is output: If a SQL statement was executed, `SQLCODE` is output. If a command was executed, the return code is output.	None
27	`OBJECT_TYPE`	`VARCHAR(32)`	The type of object specified as the target of the event. `INDEX` (index) `SCHEMA` (schema) `TABLE` (base table) `TABLE FUNCTION` (table function derived table) `VIEW` (viewed table) If the object type cannot be identified, `NULL` is output. For details about the circumstances in which audit trails are output for each object type, see Table 12‒19: Circumstances in which object types are output in audit trails.	None
28	`OBJECT_OWNER_NAME`	`VARCHAR(100)`	The authorization identifier of the owner of the object specified as the target of the event. If the object owner cannot be identified, `NULL` is output.	None
29	`OBJECT_SCHEMA_NAME`	`VARCHAR(100)`	The schema name of the object specified as the target of the event. If the schema name of the object cannot be identified, `NULL` is output.	None
30	`OBJECT_NAME`	`VARCHAR(100)`	The identifier of the object specified as the target of the event. If the object identifier cannot be identified, `NULL` is output.	None
31	`ACCESS_COUNT`	`INTEGER`	The number of rows of the object (base table or viewed table) that were accessed by the event. The following are included in the number of rows: The number of retrieved rows (including data export) The number of inserted rows (including data import) The number of updated rows The number of deleted rows If the number of accessed rows cannot be acquired, `NULL` is output. For details about the number of rows output in relation to each operation, see Table 12‒20: Number of rows output in ACCESS_COUNT column.	None
32	`PRIVILEGE_TYPE`	`VARCHAR(32)`	The name of the privilege specified for granting or revocation by the event. For details about privilege names, see Table 12‒12: Privilege names output in audit trails. If the privilege name cannot be identified, `NULL` is output.	None
33	`PRIVILEGE_USER_NAME`	`VARCHAR(100)`	The authorization identifier of an HADB user to whom either of the following applies: The authorization identifier of an HADB user whose privilege is specified for granting or revocation The authorization identifier of the HADB user specified when creating, deleting or changing the information of an HADB user If the authorization identifier of the HADB user cannot be identified, `NULL` is output.	None
34	`SQL_SOURCE`	`VARCHAR(64000)`	The SQL statement executed in the event. If one SQL statement specifies multiple objects, the SQL statement is output in the audit trail for each object. The SQL statement is truncated after the first 64,000 bytes. If no SQL statement was executed, `NULL` is output.	None
35	`PARAM`	`VARCHAR(64000)`	The dynamic parameters of the SQL statement executed in the event. If one SQL statement specifies multiple objects, the dynamic parameters are output in the audit trail for each object. The dynamic parameters are separated by commas (`,`). For example: dynamic-parameter,dynamic-parameter,dynamic-parameter,... The list of dynamic parameters is truncated after the first 64,000 bytes. If no dynamic parameters are specified, `NULL` is output. For details about the display format of each data type of data bound to dynamic parameters, see Table 12‒13: Output format for dynamic parameters.	None
36	`BEFORE_SYSTEM_INFO`	`VARCHAR(2000)`	The system information before being changed. This information is output when the following events are successful: `adbstart` The HADB server operation mode. For details about the output information, see ■ Values output when an event (`adbstart` or `adbchgsrvmode`) is successful. `adbchgsrvmode` The HADB server operation mode. For details about the output information, see ■ Values output when an event (`adbstart` or `adbchgsrvmode`) is successful. `adbchgnodetype` The node type. For details about the output information, see ■ Values output when an event (`adbchgnodetype`) is successful. `adbchgsqltrc` The trace information and trace level that are in effect. For details about the output information, see ■ Values output when an event (`adbchgsqltrc`) is successful. `adbclientdefmang` The associations between the client definition file and the HADB user. For details about the output information, see ■ Values output when an event (`adbclientdefmang`) is successful. `adbmodarea` The DB area information before being changed. For details about the output information, see ■ Values output when an event (`adbmodarea`) is successful. `adbmodbuff` The number of pages in the buffer for the local work table. For details about the output information, see ■ Values output when an event (`adbmodbuff`) is successful. `adbcolumnize` The information about the status of the updated-row columnizing facility. For details about the output information, see ■ Values output when an event (`adbcolumnize`) is successful. For events other than the preceding, `NULL` is output. The system information before being changed is truncated after the first 2,000 bytes. If there were no system changes, the information in this column is the system information in effect when the event was executed. This means that the `BEFORE_SYSTEM_INFO` column and the `AFTER_SYSTEM_INFO` column will contain the same information.	None
37	`AFTER_SYSTEM_INFO`	`VARCHAR(2000)`	System information after being changed. This information is output when the following events are successful: `adbstart` The HADB server operation mode. For details about the output information, see ■ Values output when an event (`adbstart` or `adbchgsrvmode`) is successful. `adbchgsrvmode` The HADB server operation mode. For details about the output information, see ■ Values output when an event (`adbstart` or `adbchgsrvmode`) is successful. `adbchgnodetype` The node type. For details about the output information, see ■ Values output when an event (`adbchgnodetype`) is successful. `adbchgsqltrc` The trace information and trace level that are in effect. For details about the output information, see ■ Values output when an event (`adbchgsqltrc`) is successful. `adbclientdefmang` The associations between the client definition file and the HADB user. For details about the output information, see ■ Values output when an event (`adbclientdefmang`) is successful. `adbmodarea` The DB area information after the change. For details about the output information, see ■ Values output when an event (`adbmodarea`) is successful. `adbmodbuff` The number of pages in the buffer for the local work table. For details about the output information, see ■ Values output when an event (`adbmodbuff`) is successful. `adbcolumnize` The information about the status of the updated-row columnizing facility. For details about the output information, see ■ Values output when an event (`adbcolumnize`) is successful. For events other than the preceding, `NULL` is output. The system information after being changed is truncated after the first 2,000 bytes. If there were no system changes, the information in this column is the system information in effect when the event was executed. This means that the `BEFORE_SYSTEM_INFO` column and the `AFTER_SYSTEM_INFO` column will contain the same information.	None
38	`SERVER_OPERAND`	`VARCHAR(4000)`	The values of the operands specified in the server definition when starting the HADB server. The operands are separated by slashes (`/`). The server definition information is truncated after the first 4,000 bytes. `NULL` is output unless the HADB server is starting (that is unless `ADBSTART` is in the `EVENT_SUBTYPE` column). For details about the format of the server definition information output in the `SERVER_OPERAND` column, see Table 12‒14: Output format of server definition.	None
39	`USER_INFO_1`	`VARCHAR(100)`	Additional information set by the HADB user. In either of the following cases, `NULL` is output: Additional information set by the HADB user cannot be identified The HADB user has not set any additional information	None
40	`USER_INFO_2`	`VARCHAR(100)`		None
41	`USER_INFO_3`	`VARCHAR(100)`		None

#

The following information is output as the audit trail for a SQL statement executed by an HADB client on the same machine as the HADB server:

IP address: 127.0.0.1
Port number: NULL

When using the multi-node function, the information in the audit trail for a SQL statement executed by an HADB client on the same machine as the HADB server might differ depending on the node that processed the SQL statement.

The following table shows the event subtypes output in the EVENT_SUBTYPE column in Table 12‒10: Column structure of table function derived table when retrieving audit trails.

Table 12‒11: Event subtypes output in audit trails
No.	Event category	Event type	Event subtype	Event subtype value output in audit trail
1	Mandatory audit event	System event	Starting the HADB server (`adbstart` command)	`ADBSTART`
2			Stopping the HADB server (`adbstop` command)	`ADBSTOP`
3			Changing the HADB server operation mode (`adbchgsrvmode` command)	`ADBCHGSRVMODE`
4			Changing the node type (`adbchgnodetype` command)	`ADBCHGNODETYPE`
5			Starting and stopping output of SQL trace information (`adbchgsqltrc` command)	`ADBCHGSQLTRC`
6			Centrally managing client definitions (`adbclientdefmang` command)	`ADBCLIENTDEFMANG`
7			Adding and modifying DB areas (`adbmodarea` command)	`ADBMODAREA`
8			Changing a buffer (`adbmodbuff` command)	`ADBMODBUFF`
9			Managing the updated-row columnizing facility (`adbcolumnize` command)	`ADBCOLUMNIZE`
10		Audit event	Granting audit admin privilege (`GRANT` statement with `AUDIT ADMIN` specified)	`GRANT`
11			Granting audit viewer privilege (`GRANT` statement with `AUDIT VIEWER` specified)	`GRANT`
12			Revoking audit admin privilege (`REVOKE` statement with `AUDIT ADMIN` specified)	`REVOKE`
13			Revoking audit viewer privilege (`REVOKE` statement with `AUDIT VIEWER` specified)	`REVOKE`
14			Defining audit targets (`CREATE AUDIT` statement)	`CREATE AUDIT`
15			Deleting audit target definitions (`DROP AUDIT` statement)	`DROP AUDIT`
16			Changing auditor passwords (`ALTER USER` statement)	`ALTER USER`
17			Enabling the audit trail facility (`adbaudittrail` command with `--start` option specified)	`ADBAUDITTRAIL START`
18			Disabling the audit trail facility (`adbaudittrail` command with `--stop` option specified)	`ADBAUDITTRAIL STOP`
19			Swapping the audit trail file (`adbaudittrail` command with `--swap` option specified)	`ADBAUDITTRAIL SWAP`
20			Referencing information related to the audit trail facility (`adbaudittrail` command with `-d` option specified)	`ADBAUDITTRAIL DISPLAY`
21			Referencing audit target definition information (retrieval from `SQL_AUDITS` dictionary table) Retrieving data from viewed tables that depend on the `SQL_AUDITS` dictionary table	`SELECT`
22				`ADBEXPORT`
23			Using a system-defined function for audit trails (`ADB_AUDITREAD` function) Retrieving data from a viewed table that depends on a derived table that specifies an `ADB_AUDITREAD` function	`SELECT`
24				`ADBEXPORT`
25			Converting audit trail files (`adbconvertaudittrailfile` command)	`ADBCONVERTAUDITTRAILFILE`
26	Optional audit event	Session event	Connecting to the HADB server	`CONNECT`
27		Session event	Disconnecting from the HADB server	`DISCONNECT`
28		Privilege management event	Granting the `DBA` privilege (`GRANT` statement with `DBA` specified)	`GRANT`
29			Granting the `CONNECT` privilege (`GRANT` statement with `CONNECT` specified)
30			Granting the schema definition privilege (`GRANT` statement with `SCHEMA` specified)
31			Granting the `SELECT` privilege (`GRANT` statement with `SELECT` specified)
32			Granting the `INSERT` privilege (`GRANT` statement with `INSERT` specified)
33			Granting the `UPDATE` privilege (`GRANT` statement with `UPDATE` specified)
34			Granting the `DELETE` privilege (`GRANT` statement with `DELETE` specified)
35			Granting the `TRUNCATE` privilege (`GRANT` statement with `TRUNCATE` specified)
36			Granting the `REFERENCES` privilege (`GRANT` statement with `REFERENCES` specified)
37			Granting the `IMPORT TABLE` privilege (`GRANT` statement with `IMPORT TABLE` specified)
38			Granting the `REBUILD INDEX` privilege (`GRANT` statement with `REBUILD INDEX` specified)
39			Granting the `GET COSTINFO` privilege (`GRANT` statement with `GET COSTINFO` specified)
40			Granting the `EXPORT TABLE` privilege (`GRANT` statement with `EXPORT TABLE` specified)
41			Granting the `MERGE CHUNK` privilege (`GRANT` statement with `MERGE CHUNK` specified)
42			Granting the `CHANGE CHUNK COMMENT` privilege (`GRANT` statement with `CHANGE CHUNK COMMENT` specified)
43			Granting the `CHANGE CHUNK STATUS` privilege (`GRANT` statement with `CHANGE CHUNK STATUS` specified)
44			Granting the `ARCHIVE CHUNK` privilege (`GRANT` statement with `ARCHIVE CHUNK` specified)
45			Granting the `UNARCHIVE CHUNK` privilege (`GRANT` statement with `UNARCHIVE CHUNK` specified)
46			Revoking the `DBA` privilege (`REVOKE` statement with `DBA` specified)	`REVOKE`
47			Revoking the `CONNECT` privilege (`REVOKE` statement with `CONNECT` specified)
48			Revoking the schema definition privilege (`REVOKE` statement with `SCHEMA` specified)
49			Revoking the `SELECT` privilege (`REVOKE` statement with `SELECT` specified)
50			Revoking the `INSERT` privilege (`REVOKE` statement with `INSERT` specified)
51			Revoking the `UPDATE` privilege (`REVOKE` statement with `UPDATE` specified)
52			Revoking the `DELETE` privilege (`REVOKE` statement with `DELETE` specified)
53			Revoking the `TRUNCATE` privilege (`REVOKE` statement with `TRUNCATE` specified)
54			Revoking the `REFERENCES` privilege (`REVOKE` statement with `REFERENCES` specified)
55			Revoking the `IMPORT TABLE` privilege (`REVOKE` statement with `IMPORT TABLE` specified)
56			Revoking the `REBUILD INDEX` privilege (`REVOKE` statement with `REBUILD INDEX` specified)
57			Revoking the `GET COSTINFO` privilege (`REVOKE` statement with `GET COSTINFO` specified)
58			Revoking the `EXPORT TABLE` privilege (`REVOKE` statement with `EXPORT TABLE` specified)
59			Revoking the `MERGE CHUNK` privilege (`REVOKE` statement with `MERGE CHUNK` specified)
60			Revoking the `CHANGE CHUNK COMMENT` privilege (`REVOKE` statement with `CHANGE CHUNK COMMENT` specified)
61			Revoking the `CHANGE CHUNK STATUS` privilege (`REVOKE` statement with `CHANGE CHUNK STATUS` specified)
62			Revoking the `ARCHIVE CHUNK` privilege (`REVOKE` statement with `ARCHIVE CHUNK` specified)
63			Revoking the `UNARCHIVE CHUNK` privilege (`REVOKE` statement with `UNARCHIVE CHUNK` specified)
64			Creating an HADB user (`CREATE USER` statement)	`CREATE USER`
65			Deleting an HADB user (`DROP USER` statement)	`DROP USER`
66			Changing user information for an HADB user (`ALTER USER` statement)	`ALTER USER`
67		Definition SQL event	Defining an index (`CREATE INDEX` statement)	`CREATE INDEX`
68			Defining a schema (`CREATE SCHEMA` statement)	`CREATE SCHEMA`
69			Defining a base table (`CREATE TABLE` statement)	`CREATE TABLE`
70			Defining a viewed table (`CREATE VIEW` statement)	`CREATE VIEW`
71			Deleting an index (`DROP INDEX` statement)	`DROP INDEX`
72			Deleting a schema (`DROP SCHEMA` statement)	`DROP SCHEMA`
73			Deleting a base table (`DROP TABLE` statement)	`DROP TABLE`
74			Deleting a viewed table (`DROP VIEW` statement)	`DROP VIEW`
75			Changing a table definition (`ALTER TABLE` statement)	`ALTER TABLE`
76			Changing a viewed table definition (`ALTER VIEW` statement)	`ALTER VIEW`
77		Data manipulation SQL event	Retrieving data from tables (`SELECT` statement)	`SELECT`
78			Inserting rows into tables (`INSERT` statement)	`INSERT`
79			Updating table row data (`UPDATE` statement)	`UPDATE`
80			Deleting table row data (`DELETE` statement)	`DELETE`
81			Deleting all row data from a table (`TRUNCATE TABLE` statement)	`TRUNCATE TABLE`
82			Deleting all row data in a chunk (`PURGE CHUNK` statement)	`PURGE CHUNK`
83			SQL parsing error	`UNKNOWN`
84			Acquiring data stored in chunks (`#GETDATA` subcommand of `adbsql` command)	`GETDATA`
85			Acquiring the number of data items stored in a chunk (`#GETCOUNT` subcommand of `adbsql` command)	`GETCOUNT`
86			Displaying table information (`#TABLES` subcommand of `adbsql` command)	`TABLES`
87			Displaying column information (`#COLUMNS` subcommand of `adbsql` command)	`COLUMNS`
88			Displaying index information (`#INDEXES` subcommand of `adbsql` command)	`INDEXES`
89			Displaying chunk information (`#CHUNKS` subcommand of `adbsql` command)	`CHUNKS`
90	Displaying authorization identifiers (`#GETUSER` subcommand of `adbsql` command)		`GETUSER`
91	Command operation event	Importing data (`adbimport` command)	`ADBIMPORT`
92		Rebuilding indexes (`adbidxrebuild` command)	`ADBIDXREBUILD`
93		Collecting cost information (`adbgetcst` command)	`ADBGETCST`
94		Analyzing DB status (`adbdbstatus` command)	`ADBDBSTATUS`
95		Exporting data (`adbexport` command)	`ADBEXPORT`
96		Merging chunks (`adbmergechunk` command)	`ADBMERGECHUNK`
97		Setting, changing, and deleting chunk comments (`adbchgchunkcomment` command)	`ADBCHGCHUNKCOMMENT`
98		Changing the chunk status (`adbchgchunkstatus` command)	`ADBCHGCHUNKSTATUS`
99		Archiving chunks (`adbarchivechunk` command)	`ADBARCHIVECHUNK`
100		Unarchiving chunks (`adbunarchivechunk` command)	`ADBUNARCHIVECHUNK`
101		Reorganizing system tables (base tables) (`adbreorgsystemdata` command)	`ADBREORGSYSTEMDATA`
102		Registering and deleting synonym dictionaries (`adbsyndict` command)	`ADBSYNDICT`

The following table shows the privilege names output in the PRIVILEGE_TYPE column in Table 12‒10: Column structure of table function derived table when retrieving audit trails.

Table 12‒12: Privilege names output in audit trails
No.	Privilege type	Privilege name output in audit trails
1	`DBA` privilege	`DBA`
2	`CONNECT` privilege	`CONNECT`
3	Schema definition privilege	`SCHEMA`
4	Audit admin privilege	`AUDIT ADMIN`
5	Audit viewer privilege	`AUDIT VIEWER`
6	`SELECT` privilege	`SELECT`
7	`INSERT` privilege	`INSERT`
8	`UPDATE` privilege	`UPDATE`
9	`DELETE` privilege	`DELETE`
10	`TRUNCATE` privilege	`TRUNCATE`
11	`REFERENCES` privilege	`REFERENCES`
12	`IMPORT TABLE` privilege	`IMPORT TABLE`
13	`REBUILD INDEX` privilege	`REBUILD INDEX`
14	`GET COSTINFO` privilege	`GET COSTINFO`
15	`EXPORT TABLE` privilege	`EXPORT TABLE`
16	`MERGE CHUNK` privilege	`MERGE CHUNK`
17	`CHANGE CHUNK COMMENT` privilege	`CHANGE CHUNK COMMENT`
18	`CHANGE CHUNK STATUS` privilege	`CHANGE CHUNK STATUS`
19	`ARCHIVE CHUNK` privilege	`ARCHIVE CHUNK`
20	`UNARCHIVE CHUNK` privilege	`UNARCHIVE CHUNK`

The following table shows the data types of data bound to dynamic parameters output in the PARAM column in Table 12‒10: Column structure of table function derived table when retrieving audit trails.

Table 12‒13: Output format for dynamic parameters
No.	Data type	Output format
1	`INTEGER`	Decimal
2	`DECIMAL`(`m`, `n`)	Decimal
3	`SMALLINT`	Decimal
4	`DOUBLE PRECISION`	Mantissa (decimal) and exponent (decimal)
5	`CHARACTER`(`n`)	'character-string'
6	`VARCHAR`(`n`)	'character-string'^# If the actual length is 0, the value is output as `''`.
7	`DATE`	Predefined output representation for date data
8	`TIME`(`p`)	Predefined output representation for time data
9	`TIMESTAMP`(`p`)	Predefined output representation for time stamp data
10	`BINARY`(`n`)	X'hexadecimal-value'
11	`VARBINARY`(`n`)	X'hexadecimal-value' If the actual length is 0, the value is output as `X"`.
12	`ROW`	X'hexadecimal-value'

Legend:: m, n, and p: Positive integer
Note:: If the data bound to the dynamic parameter is a null value, NULL is output in the PARAM column.
#: If only a dynamic parameter is specified in the value expression of a NULL predicate and data that is not the null value is specified in the dynamic parameter, '*' is output regardless of the value that is specified.

The following table shows the output format of server definition entries in the SERVER_OPERAND column in Table 12‒10: Column structure of table function derived table when retrieving audit trails.

Table 12‒14: Output format of server definition
No.	Format	Output format
1	`set` format	`operand-name` = `specified-value`^#1
2	Command format	`command-name` `option-name` `specified-value`[, `option-name` `specified-value` ...]^#2

#1: The maximum length of the = specified-value portion is 1,024 bytes. Anything longer is truncated from the 1,025th byte.
#2: The maximum length of the option-name specified-value[, option-name specified-value ...] portion is 1,024 bytes. Anything longer is truncated from the 1,025th byte.

The following shows a specification example of the server definition, and an example of the information output in the SERVER_OPERAND column. A slash (/) delimits each valid pair of a server definition operand and its value in the output information.

■ Server definition specification example

set adb_db_path = XXXXX
set adb_rpc_port = YYYYY
set adb_sys_max_users = 10
set adb_sys_rthd_num = 40
set adb_sys_uthd_num = 128
set adb_sql_exe_max_rthd_num = 4
set adb_sys_memory_limit = 64000
adbbuff -g TBLBUF01 -n ADBUTBL01 -p 1000000 -v 1024
adbbuff -g IDXBUF01 \
        -n ADBUIDX01 \
        -p 2500000 
adbcltgrp -g group -m 10 -u 0 -r 40 -e 0 -w 0

■ Output example of SERVER_OPERAND column

adb_db_path = XXXXX / adb_rpc_port = YYYYY / adb_sys_max_users = 10 / adb_sys_rthd_num = 40 / adb_sys_uthd_num = 128 / adb_sql_exe_max_rthd_num = 4 / 
adb_sys_memory_limit = 64000 / adbbuff -g TBLBUF01 -n ADBUTBL01 -p 1000000 -v 1024 / adbbuff -g IDXBUF01 -n ADBUIDX01 -p 2500000 / adbcltgrp -g group -m 10 -u 0 -r 40 -e 0 -w 0

The following explains the values output for each event in the BEFORE_SYSTEM_INFO and AFTER_SYSTEM_INFO columns in Table 12‒10: Column structure of table function derived table when retrieving audit trails,

■ Values output when an event (adbstart or adbchgsrvmode) is successful

When an event (adbstart or adbchgsrvmode) is successful, the values shown in the following table are output to represent the HADB server operation mode:

Table 12‒15: HADB server operation mode values
No.	HADB server operation mode	Value
1	Normal mode	`NORMAL`
2	Quiescence mode	`QUIESCENCE`
3	Offline mode	`OFFLINE`
4	Maintenance mode	`MAINTENANCE`

When using the multi-node function, the BEFORE_SYSTEM_INFO column for the master node displays the HADB server operation mode for the node that was the master node the last time the HADB server started. The BEFORE_SYSTEM_INFO column for the slave node always displays NULL.

■ Values output when an event (adbchgnodetype) is successful

When an event (adbchgnodetype) is successful, the values shown in the following table are output to represent the node type:

Table 12‒16: Node type values
No.	Node type	Value
1	Master node	`MASTER`
2	Slave node	`SLAVE`

■ Values output when an event (adbchgsqltrc) is successful

When an event (adbchgsqltrc) is successful, the values shown in the following two tables are output to represent the trace information and trace level:

Table 12‒17: Trace information values
No.	Trace information	Value
1	Access path information	`accesspath`
2	Dynamic parameter information	`param`

Table 12‒18: Trace level value
No.	Trace level	Value
1	Output at SQL statement level	`sql`
2	Output at call level	`call`

When an event (adbchgsqltrc) is successful, the trace information and trace level that are in effect are output in that order, separated by a slash (/). If SQL tracing is disabled, a blank character is output.

An example of output when access path is in effect and the trace level is the SQL statement level is as follows:

accesspath / sql

■ Values output when an event (adbclientdefmang) is successful

When an event (adbclientdefmang) is successful, the client-managing definitions are output separated by slashes (/) in the command format explained in Table 12‒14: Output format of server definition. If centralized management of client definitions is disabled, a blank character is output.

The following are a specification example and output example of client-managing definitions.

Specification example of client-managing definitions

adbclientmang -f client01.def -i USER01, USER02
adbclientmang -f client02.def -i USER03

Output example

adbclientmang -f client01.def -i USER01, USER02 / adbclientmang -f client02.def -i USER03

■ Values output when an event (adbmodarea) is successful

When an event (adbmodarea) is successful, the values are output in the following format:

AREA NAME = DB-area-name, FILE NUMBER = number-of-DB-area-files

Description

DB-area-name: The DB area name. Either the specified value or a normalized character string is output.
number-of-DB-area-files: The number of DB area files. If the number of files is unknown, ? is output. If the DB area does not exist, 0 is output.

The following are a specification example and output example for a DB area addition and modification option file.

Specification example of DB area addition and modification option file
```
adbaddarea -n ADBUTBL02
```
Output example (BEFORE_SYSTEM_INFO column)
```
AREA NAME = ADBUTBL02, FILE NUMBER = 0
```
Output example (AFTER_SYSTEM_INFO)
```
AREA NAME = ADBUTBL02, FILE NUMBER = 1
```

■ Values output when an event (adbmodbuff) is successful

When an event (adbmodbuff) is successful, the number of pages in the buffer for the local work table (5 to 100,000,000) changed by the adbmodbuff command is output.

The following are a specification example and output example for a buffer-modifying option file of the adbmodbuff command.

Specification example of buffer-modifying option file
```
set adb_dbbuff_wrktbl_clt_blk_num = 256
```
Output example
```
256
```

■ Values output when an event (adbcolumnize) is successful

When an event (adbcolumnize) is successful, the information about the status of the updated-row columnizing facility is output.

If the updated-row columnizing facility is enabled, ACTIVE is output.
If the updated-row columnizing facility is disabled, INACTIVE is output.

The following table shows the circumstances under which each object type is output in the OBJECT_TYPE column in Table 12‒10: Column structure of table function derived table when retrieving audit trails:

Table 12‒19: Circumstances in which object types are output in audit trails
No.	Object type	Output trigger
1	`INDEX`^#1	Defining and deleting indexes Rebuilding indexes (`adbidxrebuild` command)
2	`SCHEMA`	Defining and deleting schema
3	`TABLE`	Defining a base table Changing the definition of a base table Referencing a base table (including data export) Updating a base table (including data import) Deleting a base table Granting or revoking an access privilege Collecting cost information (`adbgetcst` command) Merging chunks (`adbmergechunk` command) Setting, changing, and deleting chunk comments (`adbchgchunkcomment` command) Change the chunk status (`adbchgchunkstatus` command) Archiving chunks (`adbarchivechunk` command) Unarchiving chunks (`adbunarchivechunk` command) Reorganizing system tables (base tables) (`adbreorgsystemdata` command)
4	`TABLE FUNCTION`^#2	Referencing a table function derived table (including data export)
5	`VIEW`	Defining a viewed table Re-creating a viewed table Referencing a viewed table (including data export) Updating a viewed table Deleting a viewed table Granting or revoking an access privilege

#1: Information about the indexes used to retrieve data from a table is not output.
#2: The object identifier is the function name of the table function. Arguments of the table function are not output.

The following table shows the number of rows output by each operation in the ACCESS_COUNT column in Table 12‒10: Column structure of table function derived table when retrieving audit trails.

Table 12‒20: Number of rows output in ACCESS_COUNT column
No.	Event	EVENT_SUBTYPE of audit trail output by operation	Number of output rows
1	`SELECT` statement	`SELECT`	Number of rows in search results^{#1, #2, #3}
2	`INSERT` statement	`INSERT`	Number of rows^#3 inserted into the table output in the `OBJECT_NAME` column in Table 12‒10: Column structure of table function derived table when retrieving audit trails
3	`INSERT` statement	`SELECT`	`NULL`^#2
4	`UPDATE` statement	`UPDATE`	Number of rows^#3 updated in the table output in the `OBJECT_NAME` column in Table 12‒10: Column structure of table function derived table when retrieving audit trails
5	`UPDATE` statement	`SELECT`	`NULL`^#2
6	`DELETE` statement	`DELETE`	Number of rows^#3 deleted from the table output in the `OBJECT_NAME` column in Table 12‒10: Column structure of table function derived table when retrieving audit trails
7	`DELETE` statement	`SELECT`	`NULL`^#2
8	`TRUNCATE TABLE` statement	`TRUNCATE TABLE`	0
9	`PURGE CHUNK` statement	`PURGE CHUNK`	0
10	`PURGE CHUNK` statement	`SELECT`	`NULL`^#2
11	Definition SQL statements	Subtype of each event	0^#4
12	`adbimport` command	`ADBIMPORT`	Number of data rows^#3 imported into the table output in the `OBJECT_NAME` column in Table 12‒10: Column structure of table function derived table when retrieving audit trails
13	`adbexport` command	`ADBEXPORT`	Number of exported data rows^{#2, #3}
14	All other	Subtype of each event	`NULL`

#1

The output value is the number of rows for which FETCH processing had completed on the HADB server side when the cursor was closed. Due to batch transfer of search results, the output row count might be a number determined by the following formula instead of the number of rows actually undergoing FETCH processing on the client. In this case, the value will be larger than the number of rows undergoing FETCH processing on the HADB client side.

number-of-batch-transferred-rows × 2 - 1

#2

When executing one SQL statement or one command, if multiple audit trails are output for which the content of the EVENT_SUBTYPE column in Table 12‒10: Column structure of table function derived table when retrieving audit trails is the same, the same value will be output in the ACCESS_COUNT column for these audit trails.

#3

If the value of the EVENT_RESULT column in Table 12‒10: Column structure of table function derived table when retrieving audit trails is FAILURE, 0 is output.

#4

If multiple audit trails are output when one definition SQL statement is executed, the same value (0) is output in the ACCESS_COUNT column for these audit trails.

For details about the circumstances in which an audit trail is output for each event and a description of the output items, see 12.9.3 Audit trail output triggers and output items.

To Page Top