| |
 |
|
DBA_AUDIT_TRAIL view tips
Oracle Tips by Burleson Consulting |
DBA_AUDIT_TRAIL
<< Return to the index
Oracle 11g makes the following comments about the DBA_AUDIT_TRAIL table: "All audit trail entries"
Related notes on DBA_AUDIT_TRAIL:
Column description of the DBA_AUDIT_TRAIL view:OS_USERNAMEDescription of DBA_AUDIT_TRAIL.OS_USERNAME: "Operating System logon user name of the user whose actions were audited" USERNAMEDescription of DBA_AUDIT_TRAIL.USERNAME: "Name (not ID number) of the user whose actions were audited" USERHOSTDescription of DBA_AUDIT_TRAIL.USERHOST: "Client host machine name" TERMINALDescription of DBA_AUDIT_TRAIL.TERMINAL: "Identifier for the user's terminal" TIMESTAMPDescription of DBA_AUDIT_TRAIL.TIMESTAMP: "Date/Time of the creation of the audit trail entry (Date/Time of the user's logon for entries created by AUDIT SESSION) in session's time zone" OWNERDescription of DBA_AUDIT_TRAIL.OWNER: "Creator of object affected by the action" OBJ_NAMEDescription of DBA_AUDIT_TRAIL.OBJ_NAME: "Name of the object affected by the action" ACTIONDescription of DBA_AUDIT_TRAIL.ACTION: "Numeric action type code. The corresponding name of the action type (CREATE TABLE, INSERT, etc.) is in the column ACTION_NAME" ACTION_NAMEDescription of DBA_AUDIT_TRAIL.ACTION_NAME: "Name of the action type corresponding to the numeric code in ACTION" NEW_OWNERDescription of DBA_AUDIT_TRAIL.NEW_OWNER: "The owner of the object named in the NEW_NAME column" NEW_NAMEDescription of DBA_AUDIT_TRAIL.NEW_NAME: "New name of object after RENAME, or name of underlying object (e.g. CREATE INDEX owner.obj_name ON new_owner.new_name)" OBJ_PRIVILEGEDescription of DBA_AUDIT_TRAIL.OBJ_PRIVILEGE: "Object privileges granted/revoked by a GRANT/REVOKE statement" SYS_PRIVILEGEDescription of DBA_AUDIT_TRAIL.SYS_PRIVILEGE: "System privileges granted/revoked by a GRANT/REVOKE statement" ADMIN_OPTIONDescription of DBA_AUDIT_TRAIL.ADMIN_OPTION: "If role/sys_priv was granted WITH ADMIN OPTON, A/-" GRANTEEDescription of DBA_AUDIT_TRAIL.GRANTEE: "The name of the grantee specified in a GRANT/REVOKE statement" AUDIT_OPTIONDescription of DBA_AUDIT_TRAIL.AUDIT_OPTION: "Auditing option set with the audit statement" SES_ACTIONSDescription of DBA_AUDIT_TRAIL.SES_ACTIONS: "Session summary. A string of 12 characters, one for each action type, in thisorder: Alter, Audit, Comment, Delete, Grant, Index, Insert, Lock, Rename, Select, Update, Flashback. Values: "-" = None, "S" = Success, "F" = Failure, "B" = Both" LOGOFF_TIMEDescription of DBA_AUDIT_TRAIL.LOGOFF_TIME: "Timestamp for user logoff" LOGOFF_LREADDescription of DBA_AUDIT_TRAIL.LOGOFF_LREAD: "Logical reads for the session" LOGOFF_PREADDescription of DBA_AUDIT_TRAIL.LOGOFF_PREAD: "Physical reads for the session" LOGOFF_LWRITEDescription of DBA_AUDIT_TRAIL.LOGOFF_LWRITE: "Logical writes for the session" LOGOFF_DLOCKDescription of DBA_AUDIT_TRAIL.LOGOFF_DLOCK: "Deadlocks detected during the session" COMMENT_TEXTDescription of DBA_AUDIT_TRAIL.COMMENT_TEXT: "Text comment on the audit trail entry.
Also indicates how the user was authenticated. The method can be one of the
following:
1. "DATABASE" - authentication was done by password.
2. "NETWORK" - authentication was done by Net8 or the Advanced Networking
Option.
3. "PROXY" - the client was authenticated by another user. The name of the
proxy user follows the method type." SESSIONIDDescription of DBA_AUDIT_TRAIL.SESSIONID: "Numeric ID for each Oracle session" ENTRYIDDescription of DBA_AUDIT_TRAIL.ENTRYID: "Numeric ID for each audit trail entry in the session" STATEMENTIDDescription of DBA_AUDIT_TRAIL.STATEMENTID: "Numeric ID for each statement run (a statement may cause many actions)" RETURNCODEDescription of DBA_AUDIT_TRAIL.RETURNCODE: "Oracle error code generated by the action. Zero if the action succeeded" PRIV_USEDDescription of DBA_AUDIT_TRAIL.PRIV_USED: "System privilege used to execute the action" CLIENT_IDDescription of DBA_AUDIT_TRAIL.CLIENT_ID: "Client identifier in each Oracle session" ECONTEXT_IDDescription of DBA_AUDIT_TRAIL.ECONTEXT_ID: "Execution Context Identifier for each action" SESSION_CPUDescription of DBA_AUDIT_TRAIL.SESSION_CPU: "Amount of cpu time used by each Oracle session" EXTENDED_TIMESTAMPDescription of DBA_AUDIT_TRAIL.EXTENDED_TIMESTAMP: "Timestamp of the creation of audit trail entry (Timestamp of the user's logon for entries created by AUDIT SESSION) in session's time zone" PROXY_SESSIONIDDescription of DBA_AUDIT_TRAIL.PROXY_SESSIONID: "Proxy session serial number, if enterprise user has logged through proxy mechanism" GLOBAL_UIDDescription of DBA_AUDIT_TRAIL.GLOBAL_UID: "Global user identifier for the user, if the user had logged in as enterprise user" INSTANCE_NUMBERDescription of DBA_AUDIT_TRAIL.INSTANCE_NUMBER: "Instance number as specified in the initialization parameter file 'init.ora'" OS_PROCESSDescription of DBA_AUDIT_TRAIL.OS_PROCESS: "Operating System process identifier of the Oracle server process" TRANSACTIONIDDescription of DBA_AUDIT_TRAIL.TRANSACTIONID: "Transaction identifier of the transaction in which the object is accessed or modified" SCNDescription of DBA_AUDIT_TRAIL.SCN: "SCN (System Change Number) of the query" SQL_BINDDescription of DBA_AUDIT_TRAIL.SQL_BIND: "Bind variable data of the query" SQL_TEXTDescription of DBA_AUDIT_TRAIL.SQL_TEXT: "SQL text of the query" OBJ_EDITION_NAMEDescription of DBA_AUDIT_TRAIL.OBJ_EDITION_NAME: "Edition containing audited object"
DBA_AUDIT_TRAIL View SourceOracle 11g's data dictionary defines the DBA_AUDIT_TRAIL view using the following source query:
select spare1 /* OS_USERNAME */,
userid /* USERNAME */,
userhost /* USERHOST */,
terminal /* TERMINAL */,
cast ( /* TIMESTAMP */
(from_tz(ntimestamp#,'00:00') at local) as date),
obj$creator /* OWNER */,
obj$name /* OBJECT_NAME */,
aud.action# /* ACTION */,
act.name /* ACTION_NAME */,
new$owner /* NEW_OWNER */,
new$name /* NEW_NAME */,
decode(aud.action#,
108 /* grant sys_priv */, null,
109 /* revoke sys_priv */, null,
114 /* grant role */, null,
115 /* revoke role */, null,
auth$privileges)
/* OBJ_PRIVILEGE */,
decode(aud.action#,
108 /* grant sys_priv */, spm.name,
109 /* revoke sys_priv */, spm.name,
null)
/* SYS_PRIVILEGE */,
decode(aud.action#,
108 /* grant sys_priv */, substr(auth$privileges,1,1),
109 /* revoke sys_priv */, substr(auth$privileges,1,1),
114 /* grant role */, substr(auth$privileges,1,1),
115 /* revoke role */, substr(auth$privileges,1,1),
null)
/* ADMIN_OPTION */,
auth$grantee /* GRANTEE */,
decode(aud.action#,
104 /* audit */, aom.name,
105 /* noaudit */, aom.name,
null)
/* AUDIT_OPTION */,
ses$actions /* SES_ACTIONS */,
cast((from_tz(cast(logoff$time as timestamp),'00:00') at local) as date)
/* LOGOFF_TIME */,
logoff$lread /* LOGOFF_LREAD */,
logoff$pread /* LOGOFF_PREAD */,
logoff$lwrite /* LOGOFF_LWRITE */,
decode(aud.action#,
104 /* audit */, null,
105 /* noaudit */, null,
108 /* grant sys_priv */, null,
109 /* revoke sys_priv */, null,
114 /* grant role */, null,
115 /* revoke role */, null,
aud.logoff$dead)
/* LOGOFF_DLOCK */,
comment$text /* COMMENT_TEXT */,
sessionid /* SESSIONID */,
entryid /* ENTRYID */,
statement /* STATEMENTID */,
returncode /* RETURNCODE */,
spx.name /* PRIVILEGE */,
clientid /* CLIENT_ID */,
auditid /* ECONTEXT_ID */,
sessioncpu /* SESSION_CPU */,
from_tz(ntimestamp#,'00:00') at local,
/* EXTENDED_TIMESTAMP */
proxy$sid /* PROXY_SESSIONID */,
user$guid /* GLOBAL_UID */,
instance# /* INSTANCE_NUMBER */,
process# /* OS_PROCESS */,
xid /* TRANSACTIONID */,
scn /* SCN */,
to_nchar(substr(sqlbind,1,2000)) /* SQL_BIND */,
to_nchar(substr(sqltext,1,2000)) /* SQL_TEXT */,
obj$edition /* OBJ_EDITION_NAME */
from sys.aud$ aud, system_privilege_map spm, system_privilege_map spx,
STMT_AUDIT_OPTION_MAP aom, audit_actions act
where aud.action# = act.action (+)
and - aud.logoff$dead = spm.privilege (+)
and aud.logoff$dead = aom.option# (+)
and - aud.priv$used = spx.privilege (+)
 |
If you like Oracle tuning, see the book "Oracle
Tuning: The Definitive Reference", with 950 pages of tuning tips and
scripts.
You can buy it direct from the publisher for 30%-off and get
instant access to the code depot of Oracle tuning scripts. |
 |
 |
|
Download your Oracle scripts now:
www.oracle-script.com
The
definitive Oracle Script collection for every Oracle professional DBA
|
|
