DB2 v9.5 ESE on AIX v6.1

We need to trace when certain user is accessing tables (select, update, delete) in the database.
He can do it via application (C++ code) or command line and we want
to trace only his command line statements. Is there a way to audit only those?

another question - execute audit records in execute.del file do not really indicate what
sql statement it is but I can see actual statements in auditlobs file. But only statements.
The rest of the record is cripted:

^Aselect count(*) from ak_datawarehouseGEN_CMPL^A^P^Aø^A^D^A -8^B^D^A(^C^D^A0^D^A^A8^C3^E^A^A@^C3^A^F^A
^AH^C3^G^A^AP^C3^Ð^H^A^AX^C3^Ð ^E^A`^C3^Ð
^H^Ah^C3^K^K^Ap^C3^P
^A^À^C3^S^D^A^Ð^L^H^A^Ø^C3G^È^MP^A*^C3^O^

what is the format of this file and how do I work with it? could not find it in IBM documentation.
thanks in advance