SQL/Auditing Facility: Product Summary
The SQL/Auditing Facility (SQL/AF) records how users and programs access sensitive or vital corporate data in designated DB2/VSE tables. Audit Log

For each access to an audited table or table-column, the Audit Processor writes a record to a file, called the SQL/AF audit log. An audit record contains:

Log Archiving

The SQL/AF archiving function transfers the audit log to cartridge or tape, so that auditing results can be kept for a longer period of time. Archiving must be scheduled explicitly. Archiving does not disrupt the auditing process.

Inspecting the Audit Log

A part of the SQL/AF user interface, the Logscan program interactively searches the audit log or an audit archive tape for specific audit events. When performing the log scan, the user can formulate following search criteria:

One or more audit record fields
This provides for scan requests such as:
Table column names used in the text of an audited SQL statement
This scan method selects statements that reference a named table-column, for example:
Table column values used in the text of an audited SQL statement
This scan method selects statements that reference a named table-column with a specified value. It can be used to trace all audit events for a given table "key", for example:

Benefits

Centralized auditing as implemented by SQL/AF offers the following benefits: