C Oracle Database Audit Events

Topics

• About the Oracle Database Audit Events

• Account Management Events

• Application Management Events

• Audit Command Events

• Data Access Events

• Database Vault Events

• Exception Events

• Invalid Record Events

• Object Management Events

• Peer Association Events

• Role and Privilege Management Events

• Service and Application Utilization Events

• System Management Events

• Unknown or Uncategorized Events

• User Session Events

About the Oracle Database Audit Events

This appendix maps audit event names used in the Oracle Database to their equivalent values in the command_class and target_type fields in the Oracle AVDF audit record. The audit events are organized in useful categories, for example, Account Management events. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools. See also "Oracle Audit Vault and Database Firewall Database Schemas" for Oracle AVDF data warehouse details that may be useful in designing your own reports.

Account Management Events

Account management events track SQL statements that affect user accounts, such as creating users or altering their profiles.

Table C-1 lists the Oracle Database account management audit events and the equivalent Oracle AVDF events.

Table C-1 Oracle Database Account Management Audit Events

Source Event	Event Description	command_class	target_type
ALTER PROFILE	Alter Profile	ALTER	PROFILE
ALTER USER	Alter User	ALTER	USER
CREATE PROFILE	Create Profile	CREATE	PROFILE
CREATE USER	Create User	CREATE	USER
DROP PROFILE	Drop Profile	DROP	PROFILE
DROP USER	Drop User	DROP	USER

Application Management Events

Application management events track actions that were performed on the underlying PL/SQL procedures or functions of system services and applications, such as ALTER FUNCTION statements.

Table C-2 lists the Oracle Database application management audit events and the equivalent Oracle AVDF events.

Table C-2 Oracle Database Application Management Audit Events

Source Event	Event Description	command_class	target_type
ALTER ASSEMBLY	Alter Assembly (Release 11.2)	ALTER	ASSEMBLY
ALTER FUNCTION	Alter Function	ALTER	FUNCTION
ALTER JAVA	Alter Java	ALTER	JAVA
ALTER PACKAGE	Alter Package	ALTER	PACKAGE
ALTER PACKAGE BODY	Alter Package Body	ALTER	PACKAGE BODY
ALTER PROCEDURE	Alter Procedure	ALTER	PROCEDURE
ALTER RESOURCE COST	Alter Resource Cost	ALTER	RESOURCE COST
ALTER REWRITE EQUIVALENCE	Alter Rewrite Equivalence	ALTER	REWRITE EQUIVALENCE
ALTER TRIGGER	Alter Trigger	ALTER	TRIGGER
ALTER TYPE	Alter Type	ALTER	TYPE
ALTER TYPE BODY	Alter Type Body	ALTER	TYPE BODY
ANALYZE INDEX	Analyze Index	ANALYZE	INDEX
ANALYZE TABLE	Analyze Table	ANALYZE	TABLE
ASSOCIATE STATISTICS	Associate Statistics	ASSOCIATE	STATISTICS
CREATE ASSEMBLY	Create Assembly (Release 11.2)	CREATE	ASSEMBLY
CREATE CONTEXT	Create Context	CREATE	CONTEXT
CREATE FUNCTION	Create Function	CREATE	FUNCTION
CREATE INDEXTYPE	Create IndexType	CREATE	INDEXTYPE
CREATE JAVA	Create Java	CREATE	JAVA
CREATE LIBRARY	Create Library	CREATE	LIBRARY
CREATE OPERATOR	Create Operator	CREATE	OPERATOR
CREATE PACKAGE	Create Package	CREATE	PACKAGE
CREATE PACKAGE BODY	Create Package Body	CREATE	PACKAGE BODY
CREATE PROCEDURE	Create Procedure	CREATE	PROCEDURE
CREATE TRIGGER	Create Trigger	CREATE	TRIGGER
CREATE TYPE	Create Type	CREATE	TYPE
CREATE TYPE BODY	Create Type Body	CREATE	TYPE BODY
DECLARE REWRITE EQUIVALENCE	Declare Rewrite Equivalence	SET	REWRITE EQUIVALENCE
DISABLE TRIGGER	Disable Trigger	DISABLE	TRIGGER
DISASSOCIATE STATISTICS	Disassociate Statistics	DISASSOCIATE	STATISTICS
DROP ASSEMBLY	Drop Assembly (Release 11.2)	DROP	ASSEMBLY
DROP CONTEXT	Drop Context	DROP	CONTEXT
DROP FUNCTION	Drop Function	DROP	FUNCTION
DROP INDEXTYPE	Drop Indextype	DROP	INDEXTYPE
DROP JAVA	Drop Java	DROP	JAVA
DROP LIBRARY	Drop Library	DROP	LIBRARY
DROP OPERATOR	Drop Operator	DROP	OPERATOR
DROP PACKAGE	Drop Package	DROP	PACKAGE
DROP PACKAGE BODY	Drop Package Body	DROP	PACKAGE BODY
DROP PROCEDURE	Drop Procedure	DROP	PROCEDURE
DROP REWRITE EQUIVALENCE	Drop Rewrite Equivalence	DROP	REWRITE EQUIVALENCE
DROP TRIGGER	Drop Trigger	DROP	TRIGGER
DROP TYPE	Drop Type	DROP	TYPE
DROP TYPE BODY	Drop Type Body	DROP	TYPE BODY
ENABLE TRIGGER	Enable Trigger	ENABLE	TRIGGER
EXECUTE TYPE	Execute Type	EXECUTE	TYPE
EXPLAIN	Explain	EXPLAIN	NULL

Audit Command Events

Audit command events track the use of AUDIT SQL statements on other SQL statements and on database objects.

Table C-3 lists the Oracle Database audit command audit events and the equivalent Oracle AVDF events.

Table C-3 Oracle Database Audit Command Audit Events

Source Event	Event Description	command_class	target_type
AUDIT DEFAULT	Audit Default	AUDIT	DEFAULT
AUDIT OBJECT	Audit Object	AUDIT	OBJECT
NOAUDIT DEFAULT	NoAudit default	NOAUDIT	DEFAULT
NOAUDIT OBJECT	NoAudit Subject	NOAUDIT	OBJECT
AUDIT SYSTEM	System Audit	AUDIT	SYSTEM
NOAUDIT SYSTEM	System No Audit	NOAUDIT	SYSTEM

Data Access Events

Data access events track audited data manipulation language (DML) activities, for example, all SELECT, INSERT, UPDATE, or DROP SQL statements. The Data Access Report, described in "Data Access Report", uses these events.

Table C-4 lists the Oracle Database data access audit events and the equivalent Oracle AVDF events.

Table C-4 Oracle Database Data Access Audit Events

Source Event	Event Description	command_class	target_type
DELETE	Delete	DELETE	NULL
INSERT	Insert	INSERT	NULL
SELECT	Select	SELECT	NULL
MINING MODEL	Select Mining Model (Release 11.2)	SELECT	MINING MODEL
TRUNCATE TABLE	Truncate Table	TRUNCATE	TRUNCATE TABLE
UPDATE	Update	UPDATE	NULL

Database Vault Events

Topics

• Database Vault Events in Oracle Database 11g

• Database Vault Events in Oracle Database 12c

Database Vault Events in Oracle Database 11g

Table C-5 lists Database Vault events for Oracle Database 11g databases that have Database Vault enabled.

Table C-5 Database Vault Audit Events in Oracle Database 11g

Source Event	Event Description	command_class	target_type
FACTOR EVALUATION	Factor Evaluation	EXECUTE	FACTOR
FACTOR ASSIGNMENT	Factor Assignment	ASSIGN	FACTOR
FACTOR EXPRESSION	Factor Expression	EXECUTE	FACTOR
REALM VIOLATION	Realm Violation	VIOLATE	REALM
REALM AUTHORIZATION	Realm Authorization	AUTHORIZE	REALM
COMMAND AUTHORIZATION	Command Authorization	AUTHORIZE	COMMAND
SECURE ROLE	Secure Role	SECURE	ROLE
ACCESS CTRL SESSION INIT	Access Control Session Initialization	INITIALIZE	ACCESS CONTROL SESSION
ACCESS CTRL COMMAND AUTH	Access Control Command Authorization	AUTHORIZE	ACCESS CONTROL COMMAND
LBL SEC SESSION INIT	Label Security Session Initialization	INITIALIZE	LABEL SECURITY SESSION
LBL SEC ATTEMPT TO UPGRADE	Label Security Attempt to Upgrade	UPDATE	LABEL SECURITY

Database Vault Events in Oracle Database 12c

Table C-6 lists Database Vault events for Oracle Database 12c databases that have Database Vault enabled.

Table C-6 Database Vault Audit Events in Oracle Database 12c

Source Event	Event Description	command_class	target_type
FACTOR EVALUATION AUDIT	Factor Evaluation Audit	EXECUTE	FACTOR
FACTOR ASSIGNMENT AUDIT	Factor Assignment Audit	ASSIGN	FACTOR
FACTOR EXPRESSION AUDIT	Factor Expression Audit	EXECUTE	FACTOR
REALM VIOLATION AUDIT	Realm Violation Audit	VIOLATE	REALM
REALM AUTHORIZATION AUDIT	Realm Authorization Audit	AUTHORIZE	REALM
COMMAND AUTHORIZATION AUDIT	Command Authorization Audit	AUTHORIZE	COMMAND
SECURE ROLE AUDIT	Secure Role Audit	SECURE	ROLE
SESSION INITIALIZATION AUDIT	Session Initialization Audit	INITIALIZE	SESSION
OLS SESSION INITIALIZATION AUDIT	OLS Session Initialization Audit	INITIALIZE	LABEL SESSION
OLS ATTEMPT TO UPGRADE LABEL AUDIT	OLS Attempt To Upgrade Label Audit	UPDATE	LABEL SECURITY
ENABLE DV ENFORCEMENT AUDIT	Enable DV Enforcement Audit	ENABLE	DV ENFORCEMENT
DISABLE DV ENFORCEMENT AUDIT	Disable DV Enforcement Audit	DISABLE	DV ENFORCEMENT
REALM CREATION AUDIT	Realm Creation Audit	CREATE	REALM
REALM UPDATE AUDIT	REALM UPDATE AUDIT	UPDATE	REALM
REALM RENAME AUDIT	Realm Rename Audit	RENAME	REALM
REALM DELETION AUDIT	Realm Deletion Audit	DELETE	REALM
ADD REALM AUTH AUDIT	Add Realm Auth Audit	ADD	REALM AUTH
DELETE REALM AUTH AUDIT	Delete Realm Auth Audit	DELETE	REALM AUTH
UPDATE REALM AUTH AUDIT	Update Realm Auth Audit	UPDATE	REALM AUTH
ADD REALM OBJECT AUDIT	Add Realm Object Audit	ADD	REALM OBJECT
UPDATE REALM OBJECT AUDIT	Update Realm Object Audit	UPDATE	REALM OBJECT
DELETE REALM OBJECT AUDIT	Delete Realm Object Audit	DELETE	REALM OBJECT
ENABLE EVENT AUDIT	Enable Event Audit	ENABLE	EVENT
DISABLE EVENT AUDIT	Disable Event Audit	DISABLE	EVENT
RULE SET CREATION AUDIT	Rule Set Creation Audit	CREATE	RULE SET
RULE SET UPDATE AUDIT	Rule Set Update Audit	UPDATE	RULE SET
RULE SET RENAME AUDIT	Rule Set Rename Audit	RENAME	RULE SET
RULE SET DELETION AUDIT	Rule Set Deletion Audit	DELETE	RULE SET
ADD RULE TO RULE SET AUDIT	Add Rule to Rule Set Audit	ADD	RULE SET
DELETE RULE FROM RULE SET AUDIT	Delete Rule from Rule Set Audit	DELETE	RULE SET
RULE CREATION AUDIT	Rule Creation Audit	CREATE	RULE
RULE UPDATE AUDIT	Rule Update Audit	UPDATE	RULE
RULE RENAME AUDIT	Rule Rename Audit	RENAME	RULE
RULE DELETION AUDIT	Rule Deletion Audit	DELETE	RULE
COMMANDRULE CREATION AUDIT	Command Rule Creation Audit	CREATE	COMMANDRULE
COMMANDRULE UPDATE AUDIT	Command Rule Update Audit	UPDATE	COMMANDRULE
COMMANDRULE DELETION AUDIT	Command Rule Deletion Audit	DELETE	COMMANDRULE
AUTHORIZE DATAPUMP USER AUDIT	Authorize Datapump User Audit	AUTHORIZE	DATAPUMP USER
UNAUTHORIZE DATAPUMP USER AUDIT	Unauthorize Datapump User Audit	REVOKE	DATAPUMP USER
AUTHORIZE JOB USER AUDIT	Authorize Job User Audit	AUTHORIZE	JOB USER
UNAUTHORIZE JOB USER AUDIT	Unauthorize Job User Audit	REVOKE	JOB USER
FACTOR_TYPE CREATION AUDIT	Factor Type Creation Audit	CREATE	FACTOR TYPE
FACTOR_TYPE DELETION AUDIT	Factor Type Deletion Audit	DELETE	FACTOR TYPE
FACTOR_TYPE UPDATE AUDIT	Factor Type Update Audit	UPDATE	FACTOR TYPE
FACTOR_TYPE RENAME AUDIT	Factor Type Rename Audit	RENAME	FACTOR TYPE
FACTOR CREATION AUDIT	Factor Creation Audit	CREATE	FACTOR
FACTOR DELETION AUDIT	Factor Deletion Audit	DELETE	FACTOR
FACTOR UPDATE AUDIT	Factor Update Audit	UPDATE	FACTOR
FACTOR RENAME AUDIT	Factor Rename Audit	RENAME	FACTOR
ADD FACTOR LINK AUDIT	Add Factor Link Audit	ADD	FACTOR LINK
DELETE FACTOR LINK AUDIT	Delete Factor Link Audit	DELETE	FACTOR LINK
ADD POLICY FACTOR AUDIT	Add Policy Factor Audit	ADD	POLICY FACTOR
DELETE POLICY FACTOR AUDIT	Delete Policy Factor Audit	DELETE	POLICY FACTOR
CREATE IDENTITY AUDIT	Create Identity Audit	CREATE	IDENTITY
DELETE IDENTITY AUDIT	Delete Identity Audit	DELETE	IDENTITY
UPDATE IDENTITY AUDIT	Update Identity Audit	UPDATE	IDENTITY
CHANGE IDENTITY FACTOR AUDIT	Change Identity Factor Audit	UPDATE	IDENTITY FACTOR
CHANGE IDENTITY VALUE AUDIT	Change Identity Value Audit	UPDATE	IDENTITY VALUE
CREATE IDENTITY MAP AUDIT	Create Identity Map Audit	CREATE	IDENTITY MAP
DELETE IDENTITY MAP AUDIT	Delete Identity Map Audit	DELETE	IDENTITY MAP
CREATE POLICY LABEL AUDIT	Create Policy Label Audit	CREATE	LABEL POLICY
DELETE POLICY LABEL AUDIT	Delete Policy Label Audit	DELETE	LABEL POLICY
CREATE MAC POLICY AUDIT	Create Mac Policy Audit	CREATE	MAC POLICY
UPDATE MAC POLICY AUDIT	Update MAC Policy Audit	UPDATE	MAC POLICY
DELETE MAC POLICY AUDIT	Delete MAC Policy Audit	DELETE	MAC POLICY
CREATE ROLE AUDIT	Create Role Audit	CREATE	ROLE
DELETE ROLE AUDIT	Delete Role Audit	DELETE	ROLE
UPDATE ROLE AUDIT	Update Role Audit	UPDATE	ROLE
RENAME ROLE AUDIT	Rename Role Audit	RENAME	ROLE
CREATE DOMAIN IDENTITY AUDIT	Create Domain Identity Audit	CREATE	DOMAIN IDENTITY
DROP DOMAIN IDENTITY AUDIT	Drop Domain Identity Audit	DROP	DOMAIN IDENTITY
ENABLE ORADEBUG AUDIT	Enable ORADEBUG Audit	ENABLE	ORADEBUG
DISABLE ORADEBUG AUDIT	Disable ORADEBUG Audit	DISABLE	ORADEBUG
COMMAND FAILURE AUDIT	Command Failure Audit	FAIL	COMMAND
AUTHORIZE PROXY USER AUDIT	Authorize Proxy User Audit	AUTHORIZE	PROXY USER
UNAUTHORIZE PROXY USER AUDIT	Unauthorize Proxy User Audit	REVOKE	PROXY USER
ENABLE DV DICTIONARY ACCOUNTS AUDIT	Enable DV Dictionary Accounts Audit	ENABLE	DV DICTIONARY ACCOUNT
DISABLE DV DICTIONARY ACCOUNTS AUDIT	Disable DV Dictionary Accounts Audit	DISABLE	DV DICTIONARY ACCOUNT
AUTHORIZE DDL AUDIT	Authorize DDL Audit	AUTHORIZE	DDL
UNAUTHORIZE DDL AUDIT	Unauthorize DDL Audit	REVOKE	DDL
AUTHORIZE TTS AUDIT	Authorize Transportable Tablespace Audit	AUTHORIZE	TRANSPORTABLE TABLESPACE
UNAUTHORIZE TTS AUDIT	Unauthorize Transportable Tablespace Audit	REVOKE	TRANSPORTABLE TABLESPACE

Exception Events

Exception events track audited error and exception activity, such as network errors. Table C-7 lists the Oracle Database exception audit events and the equivalent Oracle AVDF event.

Table C-7 Oracle Database Exception Audit Event

Source Event	Event Description	command_class	target_type
ERROR NETWORK	Network Error	ERROR	NETWORK

Invalid Record Events

Invalid record events track audited activity that Oracle AVDF cannot recognize, possibly due to a corrupted audit record.

Table C-8 lists the Oracle Database invalid record audit events and the equivalent Oracle AVDF event.

Table C-8 Oracle Database Invalid Record Audit Event

Source Event	Event Description	command_class	target_type
INVALID RECORD	Invalid Record	INVALID	RECORD

Object Management Events

Object management events track audited actions performed on database objects, such as CREATE TABLE statements.

Table C-9 lists the Oracle Database object management audit events and the equivalent Oracle AVDF events.

Table C-9 Oracle Database Object Management Audit Events

Source Event	Event Description	command_class	target_type
ALTER DIMENSION	Alter Dimension	ALTER	DIMENSION
ALTER EDITION	Alter Edition (Release 11.2)	ALTER	EDITION
ALTER INDEX	Alter Index	ALTER	INDEX
ALTER MATERIALIZED VIEW	Alter Materialized View	ALTER	MATERIALIZED VIEW
ALTER MATERIALIZED VIEW LOG	Alter Materialized View Log	ALTER	MATERIALIZED VIEW LOG
ALTER MINING MODEL	Alter Mining Model (Release 11.2)	ALTER	MINING MODEL
ALTER OPERATOR	Alter Operator	ALTER	OPERATOR
ALTER OUTLINE	Alter Outline	ALTER	OUTLINE
ALTER PUBLIC SYNONYM	Alter Public Synonym (Release 11.2)	ALTER	PUBLIC SYNONYM
ALTER SEQUENCE	Alter Sequence	ALTER	SEQUENCE
ALTER SYNONYM	Alter Synonym (Release 11.2)	ALTER	SYNONYM
ALTER TABLE	Alter Table	ALTER	TABLE
APPLY TABLE	Apply Table or Schema PolicyFoot 1	APPLY	TABLE
CREATE MINING MODEL	Create Mining Model (Release 11.2)	CREATE	MINING MODEL
CREATE DIMENSION	Create Dimension	CREATE	DIMENSION
CREATE DIRECTORY	Create Directory	CREATE	DIRECTORY
CREATE EDITION	Create Edition (Release 11.2	CREATE	EDITION
CREATE INDEX	Create Index	CREATE	INDEX
CREATE MATERIALIZED VIEW	Create Materialized View	CREATE	MATERIALIZED VIEW
CREATE MATERIALIZED VIEW LOG	Create Materialized View Log	CREATE	MATERIALIZED VIEW LOG
CREATE OUTLINE	Create Outline	CREATE	OUTLINE
CREATE PUBLIC DATABASE LINK	Create Public Database Link	CREATE	PUBLIC DATABASE LINK
CREATE PUBLIC SYNONYM	Create Public Synonym	CREATE	PUBLIC SYNONYM
CREATE SCHEMA	Create Schema	CREATE	SCHEMA
CREATE SEQUENCE	Create Sequence	CREATE	SEQUENCE
CREATE SYNONYM	Create Synonym	CREATE	SYNONYM
CREATE TABLE	Create Table	CREATE	TABLE
CREATE VIEW	Create View	CREATE	VIEW
DROP DIMENSION	Drop Dimension	DROP	DIMENSION
DROP DIRECTORY	Drop Directory	DROP	DIRECTORY
DROP EDITION	Drop Edition (Release 11.2)	DROP	EDITION
DROP INDEX	Drop Index	DROP	INDEX
DROP MATERIALIZED VIEW	Drop Materialized View	DROP	MATERIALIZED VIEW
DROP MATERIALIZED VIEW LOG	Drop Materialized View Log	DROP	MATERIALIZED VIEW LOG
DROP OUTLINE	Drop Outline	DROP	OUTLINE
DROP PUBLIC DATABASE LINK	Drop Public Database Link	DROP	PUBLIC DATABASE LINK
DROP PUBLIC SYNONYM	Drop Public Synonym	DROP	PUBLIC SYNONYM
DROP SEQUENCE	Drop Sequence	DROP	SEQUENCE
DROP SYNONYM	Drop Synonym	DROP	SYNONYM
DROP TABLE	Drop Table	DROP	TABLE
DROP VIEW	Drop View	DROP	VIEW
FLASHBACK TABLE	Flashback Table	RETRIEVE	TABLE
LOCK	Lock	LOCK	NULL
PURGE INDEX	Purge Index	DROP	INDEX
PURGE TABLE	Purge Table	DROP	TABLE
REMOVE TABLE OR SCHEMA	Remove Table or SchemaFoot 2	DROP	TABLE OR SCHEMA
RENAME	Rename	RENAME	NULL
UNDROP OBJECT	Undrop Object	UNDO	OBJECT
UPDATE INDEXES	Update Indexes	UPDATE	INDEXES
VALIDATE INDEX	Validate Index	VALIDATE	INDEX

^Footnote 1 APPLY TABLE OR SCHEMA POLICY is an Oracle Label Security audit event.

^Footnote 2 REMOVE TABLE OR SCHEMA is an Oracle Label Security audit event.

Peer Association Events

Peer association events track database link statements. Table C-10 lists the Oracle Database peer association audit events and the equivalent Oracle AVDF events.

Table C-10 Oracle Database Peer Association Audit Events

Source Event	Event Description	command_class	target_type
CREATE DATABASE LINK	Create Database Link	CREATE	DATABASE LINK
DROP DATABASE LINK	Drop Database Link	DROP	DATABASE LINK

Role and Privilege Management Events

Role and privilege management events track audited role and privilege management activity, such as granting object permissions to a user.

Table C-11 lists the Oracle Database role and privilege management audit events and the equivalent Oracle AVDF events.

Table C-11 Oracle Database Role and Privilege Management Audit Events

Source Event	Event Description	command_class	target_type
ALTER ROLE	Alter Role	ALTER	ROLE
CREATE ROLE	Create Role	CREATE	ROLE
DROP ROLE	Drop Role	DROP	ROLE
GRANT OBJECT	Grant Object	GRANT	OBJECT
GRANT ROLE	Grant Role	GRANT	ROLE
ERROR OBJECT	Object Exists ErrorsFoot 1	FAIL	OBJECT
REVOKE OBJECT	Revoke Object	REVOKE	OBJECT
REVOKE ROLE	Revoke Role	REVOKE	ROLE
SET USER PROGRAM UNIT LABEL	Set User or Program Unit Label1	SET PROGRAM	USER UNIT LABEL
PRIVILEGED OPERATION	Privileged Operation	EXECUTE	SYSTEM PRIVILEGE
PRIVILEGED ACTION	Privileged Action1	PRIVILEGED	ACTION

^Footnote 1 OBJECT EXISTS ERRORS, SET USER OR PROGRAM UNIT LABEL, and PRIVILEGED ACTION are Oracle Label Security events.

Service and Application Utilization Events

Service and application utilization events track audited application access activity, such as the execution of PL/SQL procedures or functions.

Table C-12 lists the Oracle Database service and application utilization audit events and the equivalent Oracle AVDF events.

Table C-12 Oracle Database Service and Application Utilization Audit Events

Source Event	Event Description	command_class	target_type
CALL METHOD	Call Method	CALL	METHOD
EXECUTE PROCEDURE	Execute Procedure	EXECUTE	PROCEDURE
EXECUTE PL/SQL	PL/SQL Execute	EXECUTE	PL/SQL

System Management Events

System management events track audited system management activity, such as STARTUP and SHUTDOWN operations. Table C-13 lists the Oracle Database system management audit events and the equivalent Oracle AVDF events.

Table C-13 Oracle Database System Management Audit Events

Source Event	Event Description	command_class	target_type
ALTER CLUSTER	Alter Cluster	ALTER	CLUSTER
ALTER DATABASE	Alter Database	ALTER	DATABASE
ALTER FLASHBACK ARCHIVE	Alter Flashback Archive (Release 11.2)	ALTER	FLASHBACK ARCHIVE
ALTER ROLLBACK SEG	Alter Rollback Seg	ALTER	ROLLBACK SEG
ALTER SYSTEM	Alter System	ALTER	SYSTEM
ALTER TABLESPACE	Alter Tablespace	ALTER	TABLESPACE
ANALYZE CLUSTERS	Analyze Cluster	ANALYZE	CLUSTERS
CREATE CLUSTER	Create Cluster	CREATE	CLUSTER
CREATE CONTROL FIL	Create Control File	CREATE	CONTROL FILE
CREATE DATABASE	Create Database	CREATE	DATABASE
CREATE FLASHBACK ARCHIVE	Create Flashback Archive (Release 11.2)	CREATE	FLASHBACK ARCHIVE
CREATE ROLLBACK SEG	Create Rollback Seg	CREATE	ROLLBACK SEG
CREATE TABLESPACE	Create Tablespace	CREATE	TABLESPACE
DISABLE ALL TRIGGERS	Disable All Triggers	DISABLE	ALL TRIGGERS
DROP CLUSTER	Drop Cluster	DROP	CLUSTER
DROP FLASHBACK ARCHIVE	Drop Flashback Archive (Release 11.2)	DROP	FLASHBACK ARCHIVE
DROP ROLLBACK SEG	Drop Rollback Seg	DROP	ROLLBACK SEG
DROP TABLESPACE	Drop Tablespace	DROP	TABLESPACE
ENABLE ALL TRIGGERS	Enable All Triggers	ENABLE	ALL TRIGGERS
FLASHBACK	Flashback	RETRIEVE	NULL
FLASHBACK DATABASE	Flashback Database	RETRIEVE	DATABASE
PURGE DBA_RECYCLEBIN	Purge DBA Recycle Bin	DROP	DBA_RECYCLEBIN
PURGE TABLESPACE	Purge Tablespace	DROP	TABLESPACE
SHUTDOWN	Shutdown	STOP	DATABASE
STARTUP	Startup	START	DATABASE
SUPER USER TRANSACTION CONTROL	Super User Transaction Control (Release 11.2)	TRANSACTION CONTROL	SUPER USER
SUPER USER DDL	Super User DDL	DDL	SUPER USER
SUPER USER DML	Super User DML	DML	SUPER USER
SYSTEM GRANT	System Grant	GRANT	SYSTEM
REVOKE SYSTEM	System Revoke	REVOKE	SYSTEM
TRUNCATE CLUSTER	Truncate Cluster	TRUNCATE	CLUSTER

Unknown or Uncategorized Events

Unknown or uncategorized events track audited activity that cannot be categorized, such as ALTER SUMMARY statements.

Table C-14 lists the Oracle Database unknown or uncategorized audit events and the equivalent Oracle AVDF events.

Table C-14 Oracle Database Unknown or Uncategorized Audit Events

Source Event	Event Description	command_class	target_type
ALTER SUMMARY	Alter Summary	ALTER	SUMMARY
COMMENT	Comment	COMMENT	NULL
CREATE SUMMARY	Create Summary	CREATE	SUMMARY
DROP SUMMARY	Drop Summary	DROP	SUMMARY
NO-OP	No-Op	NO-OP	NO-OP
SUPER USER UNKNOWN	Super User Unknown	UNKNOWN	SUPER USER
UNKNOWN	Unknown	UNKNOWN	UNKNOWN
USER COMMENT	User Comment	COMMENT	USER

User Session Events

User session events track audited authentication events for users who log in to the database.

Table C-15 lists the Oracle Database user session audit events and the equivalent Oracle AVDF events.

Table C-15 Oracle Database User Session Audit Events

Source Event	Event Description	command_class	target_type
ALTER SESSION	Alter Session	ALTER	SESSION
COMMIT	Commit	COMMIT	NULL
CREATE RESTORE POINT	Create Restore Point	CREATE	RESTORE POINT
CREATE SESSION	Create Session	CREATE	SESSION
DROP RESTORE POINT	Drop Restore Point	DROP	RESTORE POINT
LOGOFF	Logoff	LOGOUT	NULL
LOGOFF BY CLEANUP	Logoff by Cleanup	LOGOFF BY CLEANUP	NULL
LOGON	Logon	LOGIN	NULL
PROXY AUTHENTICATION ONLY	Proxy Authentication Only	PROXY	AUTHENTICATION ONLY
PURGE USER_RECYCLEBIN	Purge User Recycle Bin	DROP	USER_RECYCLEBIN
ROLLBACK	Rollback	ROLLBACK	NULL
SAVEPOINT	Savepoint	SAVEPOINT	NULL
REC SESSION	Session Record	MERGE	SESSION RECORD
SET ROLE	Set Role	SET	ROLE
SET TRANSACTION	Set Transaction	SET	TRANSACTION
SUPER USER LOGON	Super User Logon	LOGON	SUPER USER