Skip Headers
Oracle® Audit Vault and Database Firewall Auditor's Guide
Release 12.1.2

E27777-10
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

C Oracle Database Audit Events

This appendix contains:

About the Oracle Database Audit Events

This appendix maps audit event names used in the Oracle Database to their equivalent values in the command_class and target_type fields in the Oracle AVDF audit record. The audit events are organized in useful categories, for example, Account Management events. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools. See also "Oracle Audit Vault and Database Firewall Database Schemas" for Oracle AVDF data warehouse details that may be useful in designing your own reports.

Account Management Events

Account management events track SQL statements that affect user accounts, such as creating users or altering their profiles.

Table C-1 lists the Oracle Database account management audit events and the equivalent Oracle AVDF events.

Table C-1 Oracle Database Account Management Audit Events

Source Event Event Description command_class target_type

ALTER PROFILE

Alter Profile

ALTER

PROFILE

ALTER USER

Alter User

ALTER

USER

CREATE PROFILE

Create Profile

CREATE

PROFILE

CREATE USER

Create User

CREATE

USER

DROP PROFILE

Drop Profile

DROP

PROFILE

DROP USER

Drop User

DROP

USER


Application Management Events

Application management events track actions that were performed on the underlying PL/SQL procedures or functions of system services and applications, such as ALTER FUNCTION statements.

Table C-2 lists the Oracle Database application management audit events and the equivalent Oracle AVDF events.

Table C-2 Oracle Database Application Management Audit Events

Source Event Event Description command_class target_type

ALTER ASSEMBLY

Alter Assembly (Release 11.2)

ALTER

ASSEMBLY

ALTER FUNCTION

Alter Function

ALTER

FUNCTION

ALTER JAVA

Alter Java

ALTER

JAVA

ALTER PACKAGE

Alter Package

ALTER

PACKAGE

ALTER PACKAGE BODY

Alter Package Body

ALTER

PACKAGE BODY

ALTER PROCEDURE

Alter Procedure

ALTER

PROCEDURE

ALTER RESOURCE COST

Alter Resource Cost

ALTER

RESOURCE COST

ALTER REWRITE EQUIVALENCE

Alter Rewrite Equivalence

ALTER

REWRITE EQUIVALENCE

ALTER TRIGGER

Alter Trigger

ALTER

TRIGGER

ALTER TYPE

Alter Type

ALTER

TYPE

ALTER TYPE BODY

Alter Type Body

ALTER

TYPE BODY

ANALYZE INDEX

Analyze Index

ANALYZE

INDEX

ANALYZE TABLE

Analyze Table

ANALYZE

TABLE

ASSOCIATE STATISTICS

Associate Statistics

ASSOCIATE

STATISTICS

CREATE ASSEMBLY

Create Assembly (Release 11.2)

CREATE

ASSEMBLY

CREATE CONTEXT

Create Context

CREATE

CONTEXT

CREATE FUNCTION

Create Function

CREATE

FUNCTION

CREATE INDEXTYPE

Create IndexType

CREATE

INDEXTYPE

CREATE JAVA

Create Java

CREATE

JAVA

CREATE LIBRARY

Create Library

CREATE

LIBRARY

CREATE OPERATOR

Create Operator

CREATE

OPERATOR

CREATE PACKAGE

Create Package

CREATE

PACKAGE

CREATE PACKAGE BODY

Create Package Body

CREATE

PACKAGE BODY

CREATE PROCEDURE

Create Procedure

CREATE

PROCEDURE

CREATE TRIGGER

Create Trigger

CREATE

TRIGGER

CREATE TYPE

Create Type

CREATE

TYPE

CREATE TYPE BODY

Create Type Body

CREATE

TYPE BODY

DECLARE REWRITE EQUIVALENCE

Declare Rewrite Equivalence

SET

REWRITE EQUIVALENCE

DISABLE TRIGGER

Disable Trigger

DISABLE

TRIGGER

DISASSOCIATE STATISTICS

Disassociate Statistics

DISASSOCIATE

STATISTICS

DROP ASSEMBLY

Drop Assembly (Release 11.2)

DROP

ASSEMBLY

DROP CONTEXT

Drop Context

DROP

CONTEXT

DROP FUNCTION

Drop Function

DROP

FUNCTION

DROP INDEXTYPE

Drop Indextype

DROP

INDEXTYPE

DROP JAVA

Drop Java

DROP

JAVA

DROP LIBRARY

Drop Library

DROP

LIBRARY

DROP OPERATOR

Drop Operator

DROP

OPERATOR

DROP PACKAGE

Drop Package

DROP

PACKAGE

DROP PACKAGE BODY

Drop Package Body

DROP

PACKAGE BODY

DROP PROCEDURE

Drop Procedure

DROP

PROCEDURE

DROP REWRITE EQUIVALENCE

Drop Rewrite Equivalence

DROP

REWRITE EQUIVALENCE

DROP TRIGGER

Drop Trigger

DROP

TRIGGER

DROP TYPE

Drop Type

DROP

TYPE

DROP TYPE BODY

Drop Type Body

DROP

TYPE BODY

ENABLE TRIGGER

Enable Trigger

ENABLE

TRIGGER

EXECUTE TYPE

Execute Type

EXECUTE

TYPE

EXPLAIN

Explain

EXPLAIN

NULL


Audit Command Events

Audit command events track the use of AUDIT SQL statements on other SQL statements and on database objects.

Table C-3 lists the Oracle Database audit command audit events and the equivalent Oracle AVDF events.

Table C-3 Oracle Database Audit Command Audit Events

Source Event Event Description command_class target_type

AUDIT DEFAULT

Audit Default

AUDIT

DEFAULT

AUDIT OBJECT

Audit Object

AUDIT

OBJECT

NOAUDIT DEFAULT

NoAudit default

NOAUDIT

DEFAULT

NOAUDIT OBJECT

NoAudit Subject

NOAUDIT

OBJECT

AUDIT SYSTEM

System Audit

AUDIT

SYSTEM

NOAUDIT SYSTEM

System No Audit

NOAUDIT

SYSTEM


Data Access Events

Data access events track audited data manipulation language (DML) activities, for example, all SELECT, INSERT, UPDATE, or DROP SQL statements. The Data Access Report, described in "Data Access Report", uses these events.

Table C-4 lists the Oracle Database data access audit events and the equivalent Oracle AVDF events.

Table C-4 Oracle Database Data Access Audit Events

Source Event Event Description command_class target_type

DELETE

Delete

DELETE

NULL

INSERT

Insert

INSERT

NULL

SELECT

Select

SELECT

NULL

MINING MODEL

Select Mining Model (Release 11.2)

SELECT

MINING MODEL

TRUNCATE TABLE

Truncate Table

TRUNCATE

TRUNCATE TABLE

UPDATE

Update

UPDATE

NULL


Database Vault Events

This section contains:

Database Vault Events in Oracle Database 11g

Table C-5 lists Database Vault events for Oracle Database 11g databases that have Database Vault enabled.

Table C-5 Database Vault Audit Events in Oracle Database 11g

Source Event Event Description command_class target_type

FACTOR EVALUATION

Factor Evaluation

EXECUTE

FACTOR

FACTOR ASSIGNMENT

Factor Assignment

ASSIGN

FACTOR

FACTOR EXPRESSION

Factor Expression

EXECUTE

FACTOR

REALM VIOLATION

Realm Violation

VIOLATE

REALM

REALM AUTHORIZATION

Realm Authorization

AUTHORIZE

REALM

COMMAND AUTHORIZATION

Command Authorization

AUTHORIZE

COMMAND

SECURE ROLE

Secure Role

SECURE

ROLE

ACCESS CTRL SESSION INIT

Access Control Session Initialization

INITIALIZE

ACCESS CONTROL SESSION

ACCESS CTRL COMMAND AUTH

Access Control Command Authorization

AUTHORIZE

ACCESS CONTROL COMMAND

LBL SEC SESSION INIT

Label Security Session Initialization

INITIALIZE

LABEL SECURITY SESSION

LBL SEC ATTEMPT TO UPGRADE

Label Security Attempt to Upgrade

UPDATE

LABEL SECURITY


Database Vault Events in Oracle Database 12c

Table C-6 lists Database Vault events for Oracle Database 12c databases that have Database Vault enabled.

Table C-6 Database Vault Audit Events in Oracle Database 12c

Source Event Event Description command_class target_type

FACTOR EVALUATION AUDIT

Factor Evaluation Audit

EXECUTE

FACTOR

FACTOR ASSIGNMENT AUDIT

Factor Assignment Audit

ASSIGN

FACTOR

FACTOR EXPRESSION AUDIT

Factor Expression Audit

EXECUTE

FACTOR

REALM VIOLATION AUDIT

Realm Violation Audit

VIOLATE

REALM

REALM AUTHORIZATION AUDIT

Realm Authorization Audit

AUTHORIZE

REALM

COMMAND AUTHORIZATION AUDIT

Command Authorization Audit

AUTHORIZE

COMMAND

SECURE ROLE AUDIT

Secure Role Audit

SECURE

ROLE

SESSION INITIALIZATION AUDIT

Session Initialization Audit

INITIALIZE

SESSION

OLS SESSION INITIALIZATION AUDIT

OLS Session Initialization Audit

INITIALIZE

LABEL SESSION

OLS ATTEMPT TO UPGRADE LABEL AUDIT

OLS Attempt To Upgrade Label Audit

UPDATE

LABEL SECURITY

ENABLE DV ENFORCEMENT AUDIT

Enable DV Enforcement Audit

ENABLE

DV ENFORCEMENT

DISABLE DV ENFORCEMENT AUDIT

Disable DV Enforcement Audit

DISABLE

DV ENFORCEMENT

REALM CREATION AUDIT

Realm Creation Audit

CREATE

REALM

REALM UPDATE AUDIT

REALM UPDATE AUDIT

UPDATE

REALM

REALM RENAME AUDIT

Realm Rename Audit

RENAME

REALM

REALM DELETION AUDIT

Realm Deletion Audit

DELETE

REALM

ADD REALM AUTH AUDIT

Add Realm Auth Audit

ADD

REALM AUTH

DELETE REALM AUTH AUDIT

Delete Realm Auth Audit

DELETE

REALM AUTH

UPDATE REALM AUTH AUDIT

Update Realm Auth Audit

UPDATE

REALM AUTH

ADD REALM OBJECT AUDIT

Add Realm Object Audit

ADD

REALM OBJECT

UPDATE REALM OBJECT AUDIT

Update Realm Object Audit

UPDATE

REALM OBJECT

DELETE REALM OBJECT AUDIT

Delete Realm Object Audit

DELETE

REALM OBJECT

ENABLE EVENT AUDIT

Enable Event Audit

ENABLE

EVENT

DISABLE EVENT AUDIT

Disable Event Audit

DISABLE

EVENT

RULE SET CREATION AUDIT

Rule Set Creation Audit

CREATE

RULE SET

RULE SET UPDATE AUDIT

Rule Set Update Audit

UPDATE

RULE SET

RULE SET RENAME AUDIT

Rule Set Rename Audit

RENAME

RULE SET

RULE SET DELETION AUDIT

Rule Set Deletion Audit

DELETE

RULE SET

ADD RULE TO RULE SET AUDIT

Add Rule to Rule Set Audit

ADD

RULE SET

DELETE RULE FROM RULE SET AUDIT

Delete Rule from Rule Set Audit

DELETE

RULE SET

RULE CREATION AUDIT

Rule Creation Audit

CREATE

RULE

RULE UPDATE AUDIT

Rule Update Audit

UPDATE

RULE

RULE RENAME AUDIT

Rule Rename Audit

RENAME

RULE

RULE DELETION AUDIT

Rule Deletion Audit

DELETE

RULE

COMMANDRULE CREATION AUDIT

Command Rule Creation Audit

CREATE

COMMANDRULE

COMMANDRULE UPDATE AUDIT

Command Rule Update Audit

UPDATE

COMMANDRULE

COMMANDRULE DELETION AUDIT

Command Rule Deletion Audit

DELETE

COMMANDRULE

AUTHORIZE DATAPUMP USER AUDIT

Authorize Datapump User Audit

AUTHORIZE

DATAPUMP USER

UNAUTHORIZE DATAPUMP USER AUDIT

Unauthorize Datapump User Audit

REVOKE

DATAPUMP USER

AUTHORIZE JOB USER AUDIT

Authorize Job User Audit

AUTHORIZE

JOB USER

UNAUTHORIZE JOB USER AUDIT

Unauthorize Job User Audit

REVOKE

JOB USER

FACTOR_TYPE CREATION AUDIT

Factor Type Creation Audit

CREATE

FACTOR TYPE

FACTOR_TYPE DELETION AUDIT

Factor Type Deletion Audit

DELETE

FACTOR TYPE

FACTOR_TYPE UPDATE AUDIT

Factor Type Update Audit

UPDATE

FACTOR TYPE

FACTOR_TYPE RENAME AUDIT

Factor Type Rename Audit

RENAME

FACTOR TYPE

FACTOR CREATION AUDIT

Factor Creation Audit

CREATE

FACTOR

FACTOR DELETION AUDIT

Factor Deletion Audit

DELETE

FACTOR

FACTOR UPDATE AUDIT

Factor Update Audit

UPDATE

FACTOR

FACTOR RENAME AUDIT

Factor Rename Audit

RENAME

FACTOR

ADD FACTOR LINK AUDIT

Add Factor Link Audit

ADD

FACTOR LINK

DELETE FACTOR LINK AUDIT

Delete Factor Link Audit

DELETE

FACTOR LINK

ADD POLICY FACTOR AUDIT

Add Policy Factor Audit

ADD

POLICY FACTOR

DELETE POLICY FACTOR AUDIT

Delete Policy Factor Audit

DELETE

POLICY FACTOR

CREATE IDENTITY AUDIT

Create Identity Audit

CREATE

IDENTITY

DELETE IDENTITY AUDIT

Delete Identity Audit

DELETE

IDENTITY

UPDATE IDENTITY AUDIT

Update Identity Audit

UPDATE

IDENTITY

CHANGE IDENTITY FACTOR AUDIT

Change Identity Factor Audit

UPDATE

IDENTITY FACTOR

CHANGE IDENTITY VALUE AUDIT

Change Identity Value Audit

UPDATE

IDENTITY VALUE

CREATE IDENTITY MAP AUDIT

Create Identity Map Audit

CREATE

IDENTITY MAP

DELETE IDENTITY MAP AUDIT

Delete Identity Map Audit

DELETE

IDENTITY MAP

CREATE POLICY LABEL AUDIT

Create Policy Label Audit

CREATE

LABEL POLICY

DELETE POLICY LABEL AUDIT

Delete Policy Label Audit

DELETE

LABEL POLICY

CREATE MAC POLICY AUDIT

Create Mac Policy Audit

CREATE

MAC POLICY

UPDATE MAC POLICY AUDIT

Update MAC Policy Audit

UPDATE

MAC POLICY

DELETE MAC POLICY AUDIT

Delete MAC Policy Audit

DELETE

MAC POLICY

CREATE ROLE AUDIT

Create Role Audit

CREATE

ROLE

DELETE ROLE AUDIT

Delete Role Audit

DELETE

ROLE

UPDATE ROLE AUDIT

Update Role Audit

UPDATE

ROLE

RENAME ROLE AUDIT

Rename Role Audit

RENAME

ROLE

CREATE DOMAIN IDENTITY AUDIT

Create Domain Identity Audit

CREATE

DOMAIN IDENTITY

DROP DOMAIN IDENTITY AUDIT

Drop Domain Identity Audit

DROP

DOMAIN IDENTITY

ENABLE ORADEBUG AUDIT

Enable ORADEBUG Audit

ENABLE

ORADEBUG

DISABLE ORADEBUG AUDIT

Disable ORADEBUG Audit

DISABLE

ORADEBUG

COMMAND FAILURE AUDIT

Command Failure Audit

FAIL

COMMAND

AUTHORIZE PROXY USER AUDIT

Authorize Proxy User Audit

AUTHORIZE

PROXY USER

UNAUTHORIZE PROXY USER AUDIT

Unauthorize Proxy User Audit

REVOKE

PROXY USER

ENABLE DV DICTIONARY ACCOUNTS AUDIT

Enable DV Dictionary Accounts Audit

ENABLE

DV DICTIONARY ACCOUNT

DISABLE DV DICTIONARY ACCOUNTS AUDIT

Disable DV Dictionary Accounts Audit

DISABLE

DV DICTIONARY ACCOUNT

AUTHORIZE DDL AUDIT

Authorize DDL Audit

AUTHORIZE

DDL

UNAUTHORIZE DDL AUDIT

Unauthorize DDL Audit

REVOKE

DDL

AUTHORIZE TTS AUDIT

Authorize Transportable Tablespace Audit

AUTHORIZE

TRANSPORTABLE TABLESPACE

UNAUTHORIZE TTS AUDIT

Unauthorize Transportable Tablespace Audit

REVOKE

TRANSPORTABLE TABLESPACE


Exception Events

Exception events track audited error and exception activity, such as network errors. Table C-7 lists the Oracle Database exception audit events and the equivalent Oracle AVDF event.

Table C-7 Oracle Database Exception Audit Event

Source Event Event Description command_class target_type

ERROR NETWORK

Network Error

ERROR

NETWORK


Invalid Record Events

Invalid record events track audited activity that Oracle AVDF cannot recognize, possibly due to a corrupted audit record.

Table C-8 lists the Oracle Database invalid record audit events and the equivalent Oracle AVDF event.

Table C-8 Oracle Database Invalid Record Audit Event

Source Event Event Description command_class target_type

INVALID RECORD

Invalid Record

INVALID

RECORD


Object Management Events

Object management events track audited actions performed on database objects, such as CREATE TABLE statements.

Table C-9 lists the Oracle Database object management audit events and the equivalent Oracle AVDF events.

Table C-9 Oracle Database Object Management Audit Events

Source Event Event Description command_class target_type

ALTER DIMENSION

Alter Dimension

ALTER

DIMENSION

ALTER EDITION

Alter Edition (Release 11.2)

ALTER

EDITION

ALTER INDEX

Alter Index

ALTER

INDEX

ALTER MATERIALIZED VIEW

Alter Materialized View

ALTER

MATERIALIZED VIEW

ALTER MATERIALIZED VIEW LOG

Alter Materialized View Log

ALTER

MATERIALIZED VIEW LOG

ALTER MINING MODEL

Alter Mining Model (Release 11.2)

ALTER

MINING MODEL

ALTER OPERATOR

Alter Operator

ALTER

OPERATOR

ALTER OUTLINE

Alter Outline

ALTER

OUTLINE

ALTER PUBLIC SYNONYM

Alter Public Synonym (Release 11.2)

ALTER

PUBLIC SYNONYM

ALTER SEQUENCE

Alter Sequence

ALTER

SEQUENCE

ALTER SYNONYM

Alter Synonym (Release 11.2)

ALTER

SYNONYM

ALTER TABLE

Alter Table

ALTER

TABLE

APPLY TABLE

Apply Table or Schema PolicyFoot 1 

APPLY

TABLE

CREATE MINING MODEL

Create Mining Model (Release 11.2)

CREATE

MINING MODEL

CREATE DIMENSION

Create Dimension

CREATE

DIMENSION

CREATE DIRECTORY

Create Directory

CREATE

DIRECTORY

CREATE EDITION

Create Edition (Release 11.2

CREATE

EDITION

CREATE INDEX

Create Index

CREATE

INDEX

CREATE MATERIALIZED VIEW

Create Materialized View

CREATE

MATERIALIZED VIEW

CREATE MATERIALIZED VIEW LOG

Create Materialized View Log

CREATE

MATERIALIZED VIEW LOG

CREATE OUTLINE

Create Outline

CREATE

OUTLINE

CREATE PUBLIC DATABASE LINK

Create Public Database Link

CREATE

PUBLIC DATABASE LINK

CREATE PUBLIC SYNONYM

Create Public Synonym

CREATE

PUBLIC SYNONYM

CREATE SCHEMA

Create Schema

CREATE

SCHEMA

CREATE SEQUENCE

Create Sequence

CREATE

SEQUENCE

CREATE SYNONYM

Create Synonym

CREATE

SYNONYM

CREATE TABLE

Create Table

CREATE

TABLE

CREATE VIEW

Create View

CREATE

VIEW

DROP DIMENSION

Drop Dimension

DROP

DIMENSION

DROP DIRECTORY

Drop Directory

DROP

DIRECTORY

DROP EDITION

Drop Edition (Release 11.2)

DROP

EDITION

DROP INDEX

Drop Index

DROP

INDEX

DROP MATERIALIZED VIEW

Drop Materialized View

DROP

MATERIALIZED VIEW

DROP MATERIALIZED VIEW LOG

Drop Materialized View Log

DROP

MATERIALIZED VIEW LOG

DROP OUTLINE

Drop Outline

DROP

OUTLINE

DROP PUBLIC DATABASE LINK

Drop Public Database Link

DROP

PUBLIC DATABASE LINK

DROP PUBLIC SYNONYM

Drop Public Synonym

DROP

PUBLIC SYNONYM

DROP SEQUENCE

Drop Sequence

DROP

SEQUENCE

DROP SYNONYM

Drop Synonym

DROP

SYNONYM

DROP TABLE

Drop Table

DROP

TABLE

DROP VIEW

Drop View

DROP

VIEW

FLASHBACK TABLE

Flashback Table

RETRIEVE

TABLE

LOCK

Lock

LOCK

NULL

PURGE INDEX

Purge Index

DROP

INDEX

PURGE TABLE

Purge Table

DROP

TABLE

REMOVE TABLE OR SCHEMA

Remove Table or SchemaFoot 2 

DROP

TABLE OR SCHEMA

RENAME

Rename

RENAME

NULL

UNDROP OBJECT

Undrop Object

UNDO

OBJECT

UPDATE INDEXES

Update Indexes

UPDATE

INDEXES

VALIDATE INDEX

Validate Index

VALIDATE

INDEX


Footnote 1 APPLY TABLE OR SCHEMA POLICY is an Oracle Label Security audit event.

Footnote 2 REMOVE TABLE OR SCHEMA is an Oracle Label Security audit event.

Peer Association Events

Peer association events track database link statements. Table C-10 lists the Oracle Database peer association audit events and the equivalent Oracle AVDF events.

Table C-10 Oracle Database Peer Association Audit Events

Source Event Event Description command_class target_type

CREATE DATABASE LINK

Create Database Link

CREATE

DATABASE LINK

DROP DATABASE LINK

Drop Database Link

DROP

DATABASE LINK


Role and Privilege Management Events

Role and privilege management events track audited role and privilege management activity, such as granting object permissions to a user.

Table C-11 lists the Oracle Database role and privilege management audit events and the equivalent Oracle AVDF events.

Table C-11 Oracle Database Role and Privilege Management Audit Events

Source Event Event Description command_class target_type

ALTER ROLE

Alter Role

ALTER

ROLE

CREATE ROLE

Create Role

CREATE

ROLE

DROP ROLE

Drop Role

DROP

ROLE

GRANT OBJECT

Grant Object

GRANT

OBJECT

GRANT ROLE

Grant Role

GRANT

ROLE

ERROR OBJECT

Object Exists ErrorsFoot 1 

FAIL

OBJECT

REVOKE OBJECT

Revoke Object

REVOKE

OBJECT

REVOKE ROLE

Revoke Role

REVOKE

ROLE

SET USER

PROGRAM UNIT LABEL

Set User or Program Unit Label1

SET

PROGRAM

USER

UNIT LABEL

PRIVILEGED OPERATION

Privileged Operation

EXECUTE

SYSTEM PRIVILEGE

PRIVILEGED ACTION

Privileged Action1

PRIVILEGED

ACTION


Footnote 1 OBJECT EXISTS ERRORS, SET USER OR PROGRAM UNIT LABEL, and PRIVILEGED ACTION are Oracle Label Security events.

Service and Application Utilization Events

Service and application utilization events track audited application access activity, such as the execution of PL/SQL procedures or functions.

Table C-12 lists the Oracle Database service and application utilization audit events and the equivalent Oracle AVDF events.

Table C-12 Oracle Database Service and Application Utilization Audit Events

Source Event Event Description command_class target_type

CALL METHOD

Call Method

CALL

METHOD

EXECUTE PROCEDURE

Execute Procedure

EXECUTE

PROCEDURE

EXECUTE PL/SQL

PL/SQL Execute

EXECUTE

PL/SQL


System Management Events

System management events track audited system management activity, such as STARTUP and SHUTDOWN operations. Table C-13 lists the Oracle Database system management audit events and the equivalent Oracle AVDF events.

Table C-13 Oracle Database System Management Audit Events

Source Event Event Description command_class target_type

ALTER CLUSTER

Alter Cluster

ALTER

CLUSTER

ALTER DATABASE

Alter Database

ALTER

DATABASE

ALTER FLASHBACK ARCHIVE

Alter Flashback Archive (Release 11.2)

ALTER

FLASHBACK ARCHIVE

ALTER ROLLBACK SEG

Alter Rollback Seg

ALTER

ROLLBACK SEG

ALTER SYSTEM

Alter System

ALTER

SYSTEM

ALTER TABLESPACE

Alter Tablespace

ALTER

TABLESPACE

ANALYZE CLUSTERS

Analyze Cluster

ANALYZE

CLUSTERS

CREATE CLUSTER

Create Cluster

CREATE

CLUSTER

CREATE CONTROL FIL

Create Control File

CREATE

CONTROL FILE

CREATE DATABASE

Create Database

CREATE

DATABASE

CREATE FLASHBACK ARCHIVE

Create Flashback Archive (Release 11.2)

CREATE

FLASHBACK ARCHIVE

CREATE ROLLBACK SEG

Create Rollback Seg

CREATE

ROLLBACK SEG

CREATE TABLESPACE

Create Tablespace

CREATE

TABLESPACE

DISABLE ALL TRIGGERS

Disable All Triggers

DISABLE

ALL TRIGGERS

DROP CLUSTER

Drop Cluster

DROP

CLUSTER

DROP FLASHBACK ARCHIVE

Drop Flashback Archive (Release 11.2)

DROP

FLASHBACK ARCHIVE

DROP ROLLBACK SEG

Drop Rollback Seg

DROP

ROLLBACK SEG

DROP TABLESPACE

Drop Tablespace

DROP

TABLESPACE

ENABLE ALL TRIGGERS

Enable All Triggers

ENABLE

ALL TRIGGERS

FLASHBACK

Flashback

RETRIEVE

NULL

FLASHBACK DATABASE

Flashback Database

RETRIEVE

DATABASE

PURGE DBA_RECYCLEBIN

Purge DBA Recycle Bin

DROP

DBA_RECYCLEBIN

PURGE TABLESPACE

Purge Tablespace

DROP

TABLESPACE

SHUTDOWN

Shutdown

STOP

DATABASE

STARTUP

Startup

START

DATABASE

SUPER USER TRANSACTION CONTROL

Super User Transaction Control (Release 11.2)

TRANSACTION CONTROL

SUPER USER

SUPER USER DDL

Super User DDL

DDL

SUPER USER

SUPER USER DML

Super User DML

DML

SUPER USER

SYSTEM GRANT

System Grant

GRANT

SYSTEM

REVOKE SYSTEM

System Revoke

REVOKE

SYSTEM

TRUNCATE CLUSTER

Truncate Cluster

TRUNCATE

CLUSTER


Unknown or Uncategorized Events

Unknown or uncategorized events track audited activity that cannot be categorized, such as ALTER SUMMARY statements.

Table C-14 lists the Oracle Database unknown or uncategorized audit events and the equivalent Oracle AVDF events.

Table C-14 Oracle Database Unknown or Uncategorized Audit Events

Source Event Event Description command_class target_type

ALTER SUMMARY

Alter Summary

ALTER

SUMMARY

COMMENT

Comment

COMMENT

NULL

CREATE SUMMARY

Create Summary

CREATE

SUMMARY

DROP SUMMARY

Drop Summary

DROP

SUMMARY

NO-OP

No-Op

NO-OP

NO-OP

SUPER USER UNKNOWN

Super User Unknown

UNKNOWN

SUPER USER

UNKNOWN

Unknown

UNKNOWN

UNKNOWN

USER COMMENT

User Comment

COMMENT

USER


User Session Events

User session events track audited authentication events for users who log in to the database.

Table C-15 lists the Oracle Database user session audit events and the equivalent Oracle AVDF events.

Table C-15 Oracle Database User Session Audit Events

Source Event Event Description command_class target_type

ALTER SESSION

Alter Session

ALTER

SESSION

COMMIT

Commit

COMMIT

NULL

CREATE RESTORE POINT

Create Restore Point

CREATE

RESTORE POINT

CREATE SESSION

Create Session

CREATE

SESSION

DROP RESTORE POINT

Drop Restore Point

DROP

RESTORE POINT

LOGOFF

Logoff

LOGOUT

NULL

LOGOFF BY CLEANUP

Logoff by Cleanup

LOGOFF BY CLEANUP

NULL

LOGON

Logon

LOGIN

NULL

PROXY AUTHENTICATION ONLY

Proxy Authentication Only

PROXY

AUTHENTICATION ONLY

PURGE USER_RECYCLEBIN

Purge User Recycle Bin

DROP

USER_RECYCLEBIN

ROLLBACK

Rollback

ROLLBACK

NULL

SAVEPOINT

Savepoint

SAVEPOINT

NULL

REC SESSION

Session Record

MERGE

SESSION RECORD

SET ROLE

Set Role

SET

ROLE

SET TRANSACTION

Set Transaction

SET

TRANSACTION

SUPER USER LOGON

Super User Logon

LOGON

SUPER USER