D Sybase ASE Audit Events

This appendix contains:

About the Sybase ASE Audit Events

This appendix maps audit event names used in Sybase Adaptive Server Enterprise (ASE) to their equivalent values in the command_class and target_type fields in the Oracle AVDF audit record. The audit events are organized in useful categories, for example, Account Management events. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools. See also "Oracle Audit Vault and Database Firewall Database Schemas" for Oracle AVDF data warehouse details that may be useful in designing your own reports.

Account Management Events

Account management events track Transact-SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT command. Table D-1 lists the Sybase ASE account management events and the equivalent Oracle AVDF events.

Table D-1 Sybase ASE Account Management Audit Events

Source Event Event Description command_class target_type

CREATE LOGIN COMMAND

DROP LOGIN COMMAND

Create Login Command

Drop Login Command

CREATE

DROP

USER

USER

SET SSA COMMAND

Set SSA Command

ALTER

USER

SSO CHANGED PASSWORD

SSO Changed Password

ALTER

USER

UNLOCK ADMIN ACCOUNT

Unlock Admin Account

ALTER

USER

LOGIN HAS BEEN LOCKED

Login Has Been Locked

LOCK

ACCOUNT


Application Management Events

Application management events track actions that were performed on the underlying Transact-SQL commands of system services and applications, such as the CREATE RULE command.

Table D-2 lists the Sybase ASE application management events and the equivalent Oracle AVDF events.

Table D-2 Sybase ASE Application Management Audit Events

Source Event Event Description command_class target_type

CREATE DEFAULT

Create Default

CREATE

DEFAULT

CREATE MESSAGE

Create Message

CREATE

MESSAGE

CREATE PROCEDURE

Create Procedure

CREATE

PROCEDURE

CREATE RULE

Create Rule

CREATE

RULE

CREATE SQLJ FUNCTION

Create SQLJ Function

CREATE

FUNCTION

CREATE TRIGGER

Create Trigger

CREATE

TRIGGER

DROP DEFAULT

Drop Default

DROP

DEFAULT

DROP MESSAGE

Drop Message

DROP

MESSAGE

DROP PROCEDURE

Drop Procedure

DROP

PROCEDURE

DROP RULE

Drop Rule

DROP

RULE

DROP SQLJ FUNCTION

Drop SQLJ Function

DROP

FUNCTION

DROP TRIGGER

Drop Trigger

DROP

TRIGGER


Audit Command Events

Audit command events track the use of auditing Transact-SQL commands on other Transact-SQL commands and on database objects. Table D-3 lists the Sybase ASE audit command events and the equivalent Oracle AVDF events.

Table D-3 Sybase ASE Audit Command Audit Events

Source Event Event Description command_class target_type

AUDITING DISABLED

Auditing Disabled

NOAUDIT

SERVER

AUDITING ENABLED

Auditing Enabled

AUDIT

SERVER


Data Access Events

Data access events track audited Transact-SQL commands, such as all SELECT TABLE, INSERT TABLE, or UPDATE TABLE commands. The Data Access Report, described in "Data Access Report", uses these events.

Table D-4 lists the Sybase ASE data access events and the equivalent Oracle AVDF events.

Table D-4 Sybase ASE Data Access Audit Events

Source Event Event Description command_class target_type

ACCESS TO AUDIT TABLE

Access To Audit Table

ACCESS

TABLE

BCP IN

BCP In

INSERT

TABLE

DELETE TABLE

Delete Table

DELETE

TABLE

DELETE VIEW

Delete View

DELETE

VIEW

INSERT TABLE

Insert Table

INSERT

TABLE

INSERT VIEW

Insert View

INSERT

VIEW

SELECT TABLE

Select Table

SELECT

TABLE

SELECT VIEW

Select View

SELECT

VIEW

TRUNCATE TABLE

Truncate Table

TRUNCATE

TABLE

TRUNCATION OF AUDIT TABLE

Truncation of Audit Table

TRUNCATE

TABLE

UPDATE TABLE

Update Table

UPDATE

TABLE

UPDATE VIEW

Update View

UPDATE

VIEW


Exception Events

Exception events track audited error and exception activity, such as network errors. Table D-5 lists Sybase ASE exception events and the equivalent Oracle AVDF events.

Table D-5 Sybase ASE Exception Audit Events

Source Event Event Description command_class target_type

FATAL ERROR

Fatal Error

RAISE

ERROR

NONFATAL ERROR

Nonfatal Error

RAISE

ERROR


Invalid Record Events

Invalid record events track audited activity that Oracle AVDF cannot recognize, possibly due to a corrupted audit record.

Object Management Events

Object management events track audited actions performed on database objects, such as CREATE TABLE commands. Table D-6 lists the Sybase ASE object management events and the equivalent Oracle AVDF events.

Table D-6 Sybase ASE Object Management Audit Events

Source Event Event Description command_class target_type

ACCESS TO DATABASE

Access To Database

ACCESS

DATABASE

ALTER TABLE

Alter Table

ALTER

TABLE

BIND DEFAULT

Bind Default

BIND

DEFAULT

BIND MESSAGE

Bind Message

BIND

MESSAGE

BIND RULE

Bind Rule

BIND

RULE

BUILT-IN FUNCTION

Access Database

Access Object

Access Schema

Access User

Access Password

ACCESS

DATABASE

OBJECT

SCHEMA

USER

PASSWORD

CREATE INDEX

Create Index

CREATE

INDEX

CREATE TABLE

Create Table

CREATE

TABLE

CREATE VIEW

Create View

CREATE

VIEW

CREATION OF REFERENCES TO TABLES

Creation of References to Tables

ASSOCIATE

TABLE

DROP INDEX

Drop Index

DROP

INDEX

DROP TABLE

Drop Table

DROP

TABLE

DROP VIEW

Drop View

DROP

VIEW

TRANSFER TABLE

Transfer Table

MOVE

TABLE

UNBIND DEFAULT

Unbind Default

UNBIND

DEFAULT

UNBIND MESSAGE

Unbind Message

UNBIND

MESSAGE

UNBIND RULE

Unbind Rule

UNBIND

RULE


Peer Association Events

Peer association events track database link commands. These events do not have any event names.

Role and Privilege Management Events

Role and privilege management events track audited role and privilege management activity, such as revoking permissions from a user to use a specified command. Table D-7 lists the Sybase ASE role and privilege management events and the equivalent Oracle AVDF events.

Table D-7 Sybase ASE Role and Privilege Management Audit Events

Source Event Event Description command_class target_type

GRANT COMMAND

Grant Command

GRANT

OBJECT

REVOKE COMMAND

Revoke Command

REVOKE

OBJECT

ROLE CHECK PERFORMED

Role Check Performed

VALIDATE

ROLE

ROLE LOCK

Role Lock

LOCK

ROLE

ROLE TOGGLING

Role Toggling

SET

ROLE

USER-DEFINED FUNCTION COMMAND

Alter Role Function Executed

Create Role Function Executed

Drop Role Function Executed

Grant Role Function Executed

Revoke Role Function Executed

ALTER

CREATE

DROP

GRANT

REVOKE

ROLE

ROLE

ROLE

ROLE

ROLE


Service and Application Utilization Events

Service and application utilization events track audited application access activity, such as the execution of Transact-SQL commands.

Table D-8 lists the Sybase ASE service and application utilization events and the equivalent Oracle AVDF events.

Table D-8 Sybase ASE Service and Application Utilization Audit Events

Source Event Event Description command_class target_type

AD HOC AUDIT RECORD

Ad Hoc Audit Record

INSERT

AUDIT RECORD

ALL COMMANDS

All Commands Execution

EXECUTE

COMMAND

EXECUTION OF STORED PROCEDURE

Stored Procedure Execution

EXECUTE

PROCEDURE

EXECUTION OF TRIGGER

Trigger Execution

EXECUTE

TRIGGER

RPC IN

RPC In

REMOTE CALL

PROCEDURE

RPC OUT

RPC Out

REMOTE CALL

PROCEDURE

TRUSTED PROCEDURE EXECUTION

Trusted procedure execution

EXECUTE

PROCEDURE

TRUSTED TRIGGER EXECUTION

Trusted trigger execution

EXECUTE

TRIGGER


System Management Events

System management events track audited system management activity, such as the CREATE DATABASE and DISK INIT commands. Table D-9 lists the Sybase ASE system management events and the equivalent Oracle AVDF events.

Table D-9 Sybase ASE System Management Audit Events

Source Event Event Description command_class target_type

AEK ADD ENCRYPTION

AEK Add Encryption

INSERT

ENCRYPTION KEY

AEK DROP ENCRYPTION

AEK Drop Encryption

DROP

ENCRYPTION KEY

AEK KEY RECOVERY

AEK Key Recovery

RECOVER

ENCRYPTION KEY

AEK MODIFY ENCRYPTION

AEK Modify Encryption

UPDATE

ENCRYPTION KEY

AEK MODIFY OWNER

AEK Modify Owner

UPDATE

OWNER

ALTER DATABASE

Alter Database

ALTER

DATABASE

ALTER ENCRYPTION KEY

Alter Encryption Key

ALTER

ENCRYPTION KEY

ALTER...MODIFY OWNER

Alter Modify Owner

UPDATE

OWNER

AUDIT OPTION CHANGE

Audit Option Change

UPDATE

AUDIT OPTION

CONFIG

Config

CONFIGURE

SYSTEM

CREATE DATABASE

Create Database

CREATE

DATABASE

CREATE ENCRYPTION KEY

Create Encryption Key

CREATE

ENCRYPTION KEY

CREATE MANIFEST FILE

Create Manifest File

CREATE

MANIFEST FILE

DBCC COMMAND

DB Consistency Check

VALIDATE

DATABASE

DEPLOY UDWS

Deploy UDWS

ALTER

SYSTEM

DEPLOY USER-DEFINED WEB SERVICES

Deploy User-Defined Web Services

INSTALL

WEB SERVICE

DISK INIT

Disk Init

INITIALIZE

DISK

DISK MIRROR

Disk Mirror

COPY

DISK

DISK REFIT

Disk Refit

REFRESH

DISK

DISK REINIT

Disk Reinit

INITIALIZE

DISK

DISK RELEASE

Disk Release

RELEASE

DISK

DISK REMIRROR

Disk Remirror

RESUME

DISK

DISK RESIZE

Disk Resize

UPDATE

SYSTEM

DISK UNMIRROR

Disk Unmirror

SUSPEND

DISK

DROP DATABASE

Drop Database

DROP

DATABASE

DROP ENCRYPTION KEY

Drop Encryption Key

DROP

ENCRYPTION KEY

DUMP DATABASE

Dump Database

BACKUP

DATABASE

DUMP TRANSACTION

Dump Transaction

BACKUP

TRANSACTION

ENCRYPTED COLUMN ADMINISTRATION

Encrypted Column Administration

CONFIGURE

ENCRYPTION

ERRORLOG ADMINISTRATION

Errorlog Administration

CONFIGURE

ERROR LOG

JCS INSTALL COMMAND

JCS Install Command

INSTALL

JCS

JCS REMOVE COMMAND

JCS Remove Command

UNINSTALL

JCS

KILL/TERMINATE COMMAND

Kill/Terminate Command

ABORT

COMMAND

LDAP STATE CHANGES

LDAP State Changes

UPDATE

LDAP STATE

LOAD DATABASE

Load Database

LOAD

DATABASE

LOAD TRANSACTION

Load Transaction

LOAD

TRANSACTION

MOUNT DATABASE

Mount Database

MOUNT

DATABASE

ONLINE DATABASE

Online Database

PUBLISH

DATABASE

PASSWORD ADMINISTRATION

Password Administration

CONFIGURE

PASSWORD POLICY

QUIESCE DATABASE COMMAND

Quiesce Database Command

QUIESCE

DATABASE

QUIESCE HOLD SECURITY

Quiesce Hold Security

SUSPEND

QUIESCE

QUIESCE RELEASE

Quiesce Release

RESUME

QUIESCE

REGENERATE KEYPAIR

Regenerate Keypair

CREATE

KEYPAIR

SERVER BOOT

Server Boot

STARTUP

DATABASE

SERVER SHUTDOWN

Server Shutdown

SHUTDOWN

DATABASE

SSL ADMINISTRATION

SSL Administration

CONFIGURE

SSL

UNDEPLOY UDWS

Undeploy UDWS

ALTER

SYSTEM

UNDEPLOY USER DEFINED WEB SERVICES

Undeploy User Defined Web Services

UNINSTALL

WEB SERVICE

UNMOUNT DATABASE

Unmount Database

UNMOUNT

DATABASE


Unknown or Uncategorized Events

Unknown or uncategorized events track audited activity that cannot be categorized. Table D-10 shows the Sybase ASE unknown or uncategorized event and the equivalent Oracle AVDF event.

Table D-10 Sybase ASE Unknown or Uncategorized Audit Events

Source Event Event Description command_class target_type

AD HOC AUDIT RECORD

Ad Hoc Audit record

UNKNOWN

NULL


User Session Events

User session events track audited authentication events for users who log in to the database.

Table D-11 lists the Sybase ASE user session events and the equivalent Oracle AVDF events.

Table D-11 Sybase ASE User Session Audit Events

Source Event Event Description command_class target_type

CONNECT TO COMMAND

Connect to command

CONNECT

CIS

LOG IN

Log In

LOGIN

SERVER

LOG OUT

Log Out

LOGOUT

SERVER

SETUSER COMMAND

Setuser Command

SET

USER