Audit event codes and fields

The secure-auditing facility audits certain database server events.

If you are using the onshowaudit utility, auditable events on each database server generate event codes. These codes represent actions on the server that can indicate possibly illegitimate usage or tampering.

Important: The HCL OneDB™ secure-auditing facility audits only the events that the following table lists. You might encounter additional SQL statements that the secure-auditing facility does not audit.
Audit events listed by event code shows the audit-event information in alphabetic order by event code:
  • The Event Code column has the acronym that database server utilities use to identify audit events.
  • The Event column shows the event name.
  • The Variable Contents column has other categories of onshowaudit information that are displayed for the event on that row. The categories of information are:
    • tabid
    • dbname
    • objname
    • extra_1
    • partno
    • row_num
    • login
    • flags
    • extra_2

    For some events, the onshowaudit utility puts two different pieces of information in the extra_2 field. In this case, the two parts are separated by a semicolon.

  • The Notes section after the table provides more information about some of the entries in the Variable Contents column.
Tip: Granted lists can be long for statements such as GRANT and REVOKE. If the list for an event to be audited does not fit into a single record, the database server creates several audit records to carry the complete information.
Table 1. Audit events listed by event code
Event Code Event Variable Contents
ACTB Access Table dbname: database_name

tabid: owner_name, table_id

ADCK Add Chunk dbname: dbspace, name

extra_1: offset

flags: mirror_status1

extra_2: path and size

ADLG Add Transaction Log dbname: dbspace, name

extra_1: log_size

ALFR Alter Fragement dbname: database_name

tabid: table_id

objname: index_name

extra_1: operation_type18

login: owner

flags: frag_flags15

extra_2: dbspaces

alter_type: 0 = normal, 1 = forced alter

ALIX Alter Index dbname: database_name

tabid: table_id

login: owner14

flags: cluster_flag9,14

extra_2: index_name14

ALLC Alter Security Label Component dbname: database_name

objname: component_name

extra_2: component_type

ALME Alter Access Method dbname: database_name

tabid: access, method_ID

objname: access_method, name

login: access_method, owner

ALOC Alter Operator Class dbname: database_name

extra_1: cluster_size

login: owner

extra_2: cluster_name

ALOP Alter Optical Cluster dbname: database_name

extra_1: cluster_size

login: owner

extra_2: cluster_name

ALSQ Alter Sequence dbname: database_name

tabid: table_id

ALTB Alter Table dbname: database_name

tabid: old_table_id

extra_1: new_table_id14

partno: frag_id

extra_2: new_part_number_list14

ALTX Alter trusted context dbname: database_name

objname: context_name

login: system_authid

ALUR Alter User objname: user_name
BGTX Begin Transaction none
CLDB Close Database dbname: database_name
CMTX Commit Transaction none
CRAG Create Aggregate dbname: database_name

objname: aggregate_name

login: owner

CRAM Create Audit Mask login: user_id
CRBS Create Storage Space dbname: storage_name, space_name

login: owner

flags: mirror_status1

extra_2: media

CRBT Create Opaque Type dbname: database_name

objname: opaque_type_name

login: opaque_type, owner

CRCT Create Cast dbname: database_name

tabid: from_type_ID

objname: function_name or "-"

extra_1: from_type_xid

partno: to_type_ID

row_num: to_type_xid

login: function_owner or "-"

CRDB Create Database dbname: dbspace

extra_2: database_name

CRDS Create Dbspace dbname: dbspace, name

flags: mirror_status1

CRDT Create Distinct Type dbname: database_name

objname: distinct_type_name

login: distinct_type, owner

CRIX Create Index dbname: database_name

tabid: table_id

objname: index_name

login: owner

flags: frag_flags15

extra_2: dbspace_list

CRLB Create Security Label dbname: database_name

objname: policy.label_name

CRLC Create Security Label Component dbname: database_name

objname: component_name

CRME Create Access Method dbname: database_name

tabid: access_method_ID

objname: access_method_name

login: access_method_owner

CROC Create Operator Class dbname: database_name

tabid: operator_class_ID

objname: operator_class_name

login: owner

CROP Create Optical Cluster dbname: database_name

tabid: table_id

extra_1: cluster_size

login: owner

extra_2: cluster_name

CRPL Create Security Policy dbname: database_name

objname: policy_name

CRPT Decryption Failure or Attempt dbname: database_name

objname: statement

CRRL Create Role dbname: database_name

objname: rolename

CRRT Create Named Row Type dbname: database_name

tabid: row_type_xid

objname: named_row_type_name

login: named_row_type_owner

CRSN Create Synonym dbname: database_name

tabid: synonym_table_id

extra_1: base_table_id

login: owner

flags: synonym_type7

extra_2: synonym_name

CRSP Create SPL Routine dbname: database_name

tabid: proc_id

login: owner

extra_2: procedure_name

CRSQ Create Sequence dbname: database_name

tabid: table_id

objname: owner

CRTB Create Table dbname: database_name

tabid: table_id

objname: owner

login: table_name

flags: frag_flags15

extra_2: dbspace_list

CRTR Create Trigger dbname: database_name

tabid: table_id

row_num: trigger_id14

login: owner14

extra_2: trigger_name14

CRTX Create trusted context dbname: database_name

objname: context_name

login: system_authorization_id

CRUR Create User objname: user_name
CRVW Create View dbname: database_name

tabid: view_table_id

login: owner

extra_2: view_name

CRXD Create XADatasource dbname: database_name

objname: owner

objname: XA_data_source_name

CRXT Create XADatasource Type dbname: database_name

objname: owner

objname: XA_data_source_type_name

DLRW Delete Row dbname: database_name

tabid: table_id

extra_1: part_number

partno: frag_id

row_num: row_number14

DNCK Bring Chunk Offline extra_1: chunk_number

flags: mirror_status1

DNDM Disable Disk Mirroring extra_1: dbspace_number
DRAG Drop Aggregate dbname: database_name

objname: aggregate_name

login: owner

DRAM Delete Audit Mask login: user_id
DRBS Drop Storage Space dbname: storage_space_name
DRCK Drop Chunk dbname: dbspace_name

flags: mirror_status1

extra_2: path

DRCT Drop Cast dbname: database_name

tabid: from_type_ID

extra_1: from_type_xid

partno: to_type_ID

row_num: to_type_xid

DRDB Drop Database dbname: database_name
DRDS Drop Dbspace dbname: dbspace_name
DRIX Drop Index dbname: database_name

tabid: table_id

login: owner

extra_2: index_name

DRLB Drop Security Label dbname: database_name

objname: policy.label_name

DRLC Drop Security Label Component dbname: database_name

objname: component_name

DRLG Drop Transaction Log extra_1: log_number
DRME Drop Access Method dbname: database_name

tabid: access_method_ID

objname: access_method_name

login: access_method_owner

DROC Drop Operator Class dbname: database_name

objname: operator_class_name

login: owner

DROP Drop Optical Cluster dbname: database_name

login: owner

extra_2: cluster_name

DRPL Drop Security Policy dbname: database_name

objname: policy_name

DRRL Drop Role dbname: database_name

objname: role_name

DRRT Drop Named Row Type dbname: database_name

tabid: dropped_type_xid

DRSN Drop Synonym dbname: database_name

tabid: synonym_table_id

login: owner

extra_2: synonym_name

DRSP Drop SPL Routine dbname: database_name

login: owner

extra_2: spname

DRSQ Drop Sequence dbname: database_name

tabid: table_id

DRTB Drop Table dbname: database_name

tabid: table_id

objname: table_name

login: owner

flags: drop_flags21

extra_2: part_number_list

DRTR Drop Trigger dbname: database_name

row_num: trigger_id

login: owner

extra_2: trigger_name

DRUR Drop User objname: user_name
DRTX Drop trusted context objname: context_name
DRTY Drop Type dbname: database_name

objname: type_name

login: type_owner

DRVW Drop View dbname: database_name

tabid: view_table_id

flags: drop_flags21

DRXD Drop XADatasource dbname: database_name

objname: owner

objname: XA_data_source_name

DRXT Drop XADatasource Type dbname: database_name

objname: owner

objname: XA_data_source_type_name

EXSP Execute SPL Routine dbname: database_name

tabid: proc_id

GRDB Grant Database Access dbname: database_name

extra_1: privilege5

extra_2: grantees4

GRDR Grant Default Role dbname: database_name

objname: role_name

login:grantor

extra_2: grantees4

GRFR Grant Fragment Access dbname: database_name

tabid: table_id

objname: fragment

extra_1: privilege5, 14

login: grantor

extra_2: grantees4, 14

GRLB Grant Security Label dbname: database_name

objname: policy.label_name

login: grantee4

extra_2: access_type

GRRL Grant Role dbname: database_name

objname: role_name

login: grantor

extra_2: grantees4

GRSA Grant DBSECADM login: grantee
GRSS Grant SETSESSIONAUTH dbname: database_name

login: grantee

extra_2: surrogate_user_list

GRTB Grant Table Access dbname: database_name

tabid: table_id

extra_1: privilege5, 14

login: grantor

extra_2: grantee4, 14, update_columns, select_columns4, 14

GRXM Grant Exemption dbname: database_name

objname: policy_name

login: grantee

extra_2: rule

INRW Insert Row dbname: database_name

tabid: table_id

partno: frag_id

row_num: row_id

LGDB Change Database Log Mode dbname: database_name

flags: log_status6

LKTB Lock Table dbname: database_name

tabid: table_id

flags: lock_mode8

LSAM List Audit Masks none
LSDB List Databases none
MDLG Modify Transaction Logging flags: buffered_log_flags2
ONAU onaudit extra_2: command_line
ONBR onbar extra_2: command_line
ONCH oncheck extra_2: command_line
ONIN oninit extra_2: command_line
ONLG onlog extra_2: command_line
ONMN onmonitor extra_2: command_line
ONMO onmode extra_2: command_line
ONPA onparams extra_2: command_line
ONPL onpload extra_2: command_line
ONSP onspaces extra_2: command_line
ONST onstat extra_2: command_line
OPDB Open Database dbname: database_name

flags: exclusive_flag

extra_2: database_password

OPST Optimize Storage

fragment <parameters>: part_numbers

table <parameters>: table_name:database_name:owner_name

compression purge_dictionary: date

PWUR Set User Password objname: user_name
RBSV Rollback to Savepoint dbname: database_name

extra_1: transaction_id

objname: savepoint_name

RDRW Read Row dbname: database_name

tabid: table_id

extra_1: part_number

partno: frag_id

row_num: row_id14

RLOP Release Optical Cluster dbname: family_name

row_num: volume_number

RLSV Release Savepoint dbname: database_name

extra_1: transaction_id

objname: savepoint_name

RLTX Rollback Transaction none
RMCK Clear Mirrored Chunks extra_1: dbspace_number
RNUR Rename User objname: old_user_name

extra_2: new_user_name

RNDB Rename Database dbname: database_name

objname: new_dbname

login: user_id

RNDS Rename dbspace dbname: dbspace_name

objname: new_dbspace_name

RNIX Rename Index dbname: index_name

objname: new_index_name

RNLB Rename Security Label dbname: database_name

objname: old_policy.label_name

extra_2: new_policy.label_name

RNLC Rename Security Label Component dbname: database_name

objname: old_component_name

extra_2: new_component_name

RNPL Rename Security Policy dbname: database_name

objname: old_policy_name

extra_2: new_policy_name

RNSQ Rename Sequence dbname: database_name

tabid: table_id

RNTC Rename Table/Column dbname: database_name

tabid: table_id

objname: new_table/column_name

extra_1: colno(*)

login: owner

extra_2: table_name(**)

RNTX Rename trusted context objname: context_name

extra_2: new_context name

RSOP Reserve Optical Cluster dbname: family_name

row_num: volume_number

RVDB Revoke Database Access dbname: database_name

extra_1: privilege5

extra_2: revokees4

RVDR Revoke Default Role dbname: database_name

objname: role_name

login: revoker

extra_2: revokees4

RVFR Revoke Fragment Access dbname: database_name

tabid: table_id

objname: fragment

extra_1: privilege5, 14

login: revoker

extra_2: revokees4, 14

RVLB Revoke Security Label dbname: database_name

objname: policy.label_name

login: grantee

extra_2: access_type

RVRL Revoke Role dbname: database_name

objname: role_name

login: revoker

extra_2: revokees4

RVSA Revoke DBSECADM login: grantee
RVSS Revoke SETSESSIONAUTH dbname: database_name

login: grantee

extra_2: surrogate_user_list

RVTB Revoke Table Access dbname: database_name

tabid: table_id

extra_1: privilege5, 14

login: revoker

flags: drop_flags21

extra_2: revokees4, 14

RVXM Revoke Exemption dbname: database_name

objname: policy_name

login: grantee

extra_2: rule

SCSP System Command, SPL Routine extra_2: command_string
STCO Set Collation dbname: database_name

objname: locale_name

STCN Set Constraint dbname: database_name

flags: constraint_mode11

extra_2: constraint_names

STDF Set Debug File dbname: database_name

extra_2: file_path

STDP Set Database Password dbname: database_name

login: user_id

STDS Set Dataskip flags: skip flags16

extra_2: dbspace_list

STEP Set Encryption Password dbname: database_name
STEV Set Environment objname: environment_variable_and_value
STEX Set Explain flags: explain_flags12
STIL Set Isolation Level extra_1: isolation_level3
STLM Set Lock Mode flags: wait_flags13
STNC Set No Collation dbname: database_name

objname: locale_name

STOM Set Object Mode dbname: database_name

tabid: table_id

extra_1: command_mode_flag22

flags: object_type_flag23

extra_2: object_names

STOP Stop Violations dbname: database_name

tabid: table_id

STPR Set Pdqpriority flags: priority_level17
STRL Set Role dbname: database_name

objname: role_name

STRS Set Resident dbname: database_name

objname: fragment_list

extra_1: fragment_information

STRT Start Violations dbname: database_name

tabid: table_id

extra_1: Vio_tid

flags: Dia_tid

STSA Set Session Authorization dbname: database_name

login: new_user_name

STSC Set Statement Cache objname: statement_name
STSN Start New Session none
STSV Set Savepoint dbname: database_name

extra_1: transaction_id

objname: savepoint_name

STTX Set Transaction Mode extra_1: operation20

flags: mode_flags19

extra_2:

SVXD Save External Directives dbname: database_name

objname: active/inactive/test

objname: directive_text

TCTB Truncate Table dbname: database_name

tabid: table_id

objname: table_name

TMOP Time Optical Cluster flags: time flag13
ULTB Unlock Table dbname: database_name

tabid: table_id

UPAM Update Audit Mask login: user id
UPCK Bring Chunk Online extra_1: chunk_number

flags: mirror_status1

UPDM Enable Disk Mirroring extra_1: dbspace_number
UPRW Update Current® Row dbname: database_name

tabid: table_id

extra_1: old_part_number

row_num: old_row_id14

flags: new_row_id

extra_2: new_part_number

USSP Update Statistics, SPL Routine dbname: database_name

tabid: proc_id

USTB Update Statistics, Table dbname: database_name

tabid: table_id

Notes®

  1. Mirror Status:
    0
    Not mirrored
    1
    Mirrored
  2. Buffered Log Flag:
    0
    Buffering turned off
    1
    Buffering turned on
  3. Isolation Level:
    0
    No transactions
    1
    Dirty Read
    2
    Committed Read
    3
    Cursor Stability
    5
    Repeatable Read
  4. Grantees, Revokees, Select Columns, Update Columns:

    These can be lists of comma-separated names. If longer than 166 bytes, the audit processing described in Audit analysis with SQL truncates the lists to 166 bytes.

  5. Database Privileges:

    Table-Level Privileges:

    1
    Select
    2
    Insert
    4
    Delete
    8
    Update
    16
    Alter
    32
    Index
    64
    Reference
    4096
    Execute Procedure (When Grant privilege is executed. tabid is the procedure ID.)

    Database-Level Privileges:

    256
    Connect
    512
    DBA
    1024
    Resource
  6. Log Status:
    1
    Logging on
    2
    Buffered logging
    4
    ANSI-compliant
  7. Synonym Type:
    0
    Private
    1
    Public
  8. Lock Mode:
    0
    Exclusive
    1
    Shared
  9. Cluster Flag:
    0
    Not cluster
    1
    Cluster
  10. Chunk Flag:
    0
    Check root reserve size
    1
    Check entire chunk
    <0
    Check silently
  11. Constraint Mode:
    0
    Deferred
    1
    Immediate
  12. Explain Flag:
    0
    Explain turned off
    1
    Explain turned on
  13. Wait Flag:
    -1
    Wait forever
    0
    Do not wait
    >0
    Waiting period (in seconds)
  14. If the user request is turned down because of the authorization, those fields are either 0 or blank, depending on the data type.
  15. Fragmentation (frag) Flag:
    0
    Not fragmented
    1
    In dbspace
    2
    Fragment by round robin
    4
    Fragment by expression
    8
    Fragment same as table
  16. Skip Flag:
    0
    DATASKIP for all the dbspaces is turned OFF
    1
    DATASKIP for the following dbspaces is turned ON
    2
    DATASKIP for all the dbspaces is turned ON
    3
    DATASKIP is set to the default
  17. Priority Level:
    -1
    PDQPRIORITY is set to the default
    0
    PDQPRIORITY is turned OFF
    1
    PDQPRIORITY is LOW
    100
    PDQPRIORITY is HIGH
    n
    any other positive integer less than 100 that the user entered in the SET PDQPRIORITY statement
  18. Operation Type:
    4
    Add a new fragment
    8
    Modify fragmentation
    16
    Drop a fragment
    32
    Initialize fragmentation
    64
    Attach table(s)
    128
    Detach fragment
  19. Mode Flag:
    0
    Read/Write if operation is Set Access Mode; Dirty Read if operation is Set Isolation Level
    1
    Read-only if operation is Set Access Mode; Committed Read if operation is Set Isolation Level
    2
    Cursor Stability
    3
    Repeatable Read
  20. Operation:
    0
    Set Access Mode
    1
    Set Isolation Level
  21. Dropflags:
    0
    Cascade
    1
    Restrict
  22. Command Mode Flag:
    1
    Disabled
    2
    Filtering without error
    4
    Filtering with error
    8
    Enabled
  23. Object Type Flag:
    1
    Constraint
    2
    Index
    3
    Constraints and indexes
    4
    Trigger
    5
    Triggers and constraints
    6
    Triggers and indexes
    7
    All