DB2 10.5 for Linux, UNIX, and Windows

Audit log file names

The audit log files have names that distinguish whether they are instance-level or database-level logs and which member they originate from in a multiple member database environment, such as a DB2 pureScale environment or a partitioned database environment. Archived audit logs have the timestamp of when the archive command was run appended to their file name.

Active audit log file names

In a multiple member database environment, the path for the active audit log can be a directory that is unique to each member so that each member writes to an individual file. In order to accurately track the origin of audit records, the member number is included as part of the audit log file name. For example, on member 20, the instance level audit log file name is db2audit.instance.log.20. For a database called testdb in this instance, the audit log file is db2audit.db.testdb.log.20.

In a single member database environment the member number is considered to be 0 (zero). In this case, the instance level audit log file name is db2audit.instance.log.0. For a database called testdb in this instance, the audit log file is db2audit.db.testdb.log.0.

Archived audit log file names

When the active audit log is archived, the current timestamp in the following format is appended to the filename: YYYYMMDDHHMMSS (where YYYY is the year, MM is the month, DD is the day, HH is the hour, MM is the minutes, and SS is the seconds.

The file name format for an archive audit log depends on the level of the audit log:

instance-level archived audit log: The file name of the instance-level archived audit log is: db2audit.instance.log.member.YYYYMMDDHHMMSS.
database-level archived audit log: The file name of the database-level archived audit log is: db2audit.dbdatabase.log.member.YYYYMMDDHHMMSS.
In a single member database environment, the value for member is 0 (zero).

The timestamp represents the time that the archive command was run, therefore it does not always precisely reflect the time of the last record in the log. The archived audit log file may contain records with timestamps a few seconds later than the timestamp in the log file name because:

When the archive command is issued, the audit facility waits for the writing of any in-process records to complete before creating the archived log file.
In a multi-machine environment, the system time on a remote machine may not be synchronized with the machine where the archive command is issued.

In a multiple member database environment, if the server is running when archive is run, the timestamp is consistent across members and reflects the timestamp generated at the member at which the archive was performed.