Skip Headers
Oracle® Audit Vault Auditor's Guide
Release 10.2.3.1

Part Number E13842-02
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
View PDF

C Sybase Adaptive Server Enterprise Audit Events

This appendix contains:

C.1 About the Sybase Adaptive Server Enterprise Audit Events

This appendix lists the audit event names and IDs, and the attribute names and data types for Sybase Adaptive Server Enterprise (ASE). The audit events are organized by their respective categories; for example, Account Management. You can use these audit events as follows:

C.2 Account Management Events

Account management events track Transact-SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT command. The Account Management Report, described in Section 3.4.1, uses these events.

Table C-1 lists the Sybase ASE account management events and event IDs.

Table C-1 Sybase ASE Account Management Events and Event IDs

Event Name Event ID

Login Command

CREATE LOGIN COMMAND

DROP LOGIN COMMAND

Set SSA Command

SET SSA COMMAND

SSO Changed Password

SSO CHANGED PASSWORD

Unlock Admin Account

UNLOCK ADMIN ACCOUNT


Table C-2 lists the Sybase ASE account management event attributes.

Table C-2 Sybase ASE Account Management Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_ID

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.3 Application Management Events

Application management events track actions that were performed on the underlying Transact-SQL commands of system services and applications, such as the CREATE RULE command. The Procedure Management Report, described in Section 3.4.4, uses these events.

Table C-3 lists the Sybase ASE application management events and event IDs.

Table C-3 Sybase ASE Application Management Events and Event IDs

Event Name Event ID

Create Default

CREATE DEFAULT

Create Message

CREATE MESSAGE

Create Procedure

CREATE PROCEDURE

Create Rule

CREATE RULE

Create SQLJ Function

CREATE SQLJ FUNCTION

Create Trigger

CREATE TRIGGER

Drop Default

DROP DEFAULT

Drop Message

DROP MESSAGE

Drop Procedure

DROP PROCEDURE

Drop Rule

DROP RULE

Drop SQLJ Function

DROP SQLJ FUNCTION

Drop Trigger

DROP TRIGGER


Table C-4 lists the Sybase ASE application management event attributes.

Table C-4 Sybase ASE Application Management Event Attributes

Attribute Name Data Type

ASSOCIATED_OBJECT_NAME

VARCHAR2(4000)

ASSOCIATED_OBJECT_OWNER

VARCHAR2(4000)

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

NEW_OBJECT_NAME

VARCHAR2(4000)

NEW_OBJECT_OWNER

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.4 Audit Command Events

Audit command events track the use of auditing Transact-SQL commands on other Transact-SQL commands and on database objects. The Audit Command Report, described in Section 3.4.2, uses these events.

Table C-5 lists the Sybase ASE audit command events and event IDs.

Table C-5 Sybase ASE Audit Command Events and Event IDs

Event Name Event ID

Auditing Disabled

AUDITING DISABLED

Auditing Enabled

AUDITING ENABLED


Table C-6 lists the Sybase ASE audit command event attributes.

Table C-6 Sybase ASE Audit Command Event Attributes

Attribute Name Data Type

AUDIT_OPTION

VARCHAR2(4000)

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.5 Data Access Events

Data access events track audited Transact-SQL commands, such as all SELECT TABLE, INSERT TABLE, or UPDATE TABLE commands. The Data Access Report, described in Section 3.3.2, uses these events.

Table C-7 lists the Sybase ASE data access events and event IDs.

Table C-7 Sybase ASE Data Access Events and Event IDs

Event Name Event ID

Access To Audit Table

ACCESS TO AUDIT TABLE

BCP In

BCP IN

Delete Table

DELETE TABLE

Delete View

DELETE VIEW

Insert Table

INSERT TABLE

Insert View

INSERT VIEW

Select Table

SELECT TABLE

Select View

SELECT VIEW

Truncate Table

TRUNCATE TABLE

Truncation of audit table

TRUNCATION OF AUDIT TABLE

Update Table

UPDATE TABLE

Update View

UPDATE VIEW


Table C-8 lists the Sybase ASE data access event attributes.

Table C-8 Sybase ASE Data Access Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.6 Exception Events

Exception events track audited error and exception activity, such as network errors. The Exception Activity Report, described in Section 3.5.1, uses these events.

Table C-9 lists Sybase ASE exception events and event IDs.

Table C-9 Sybase ASE Exception Events and Event IDs

Event Name Event ID

Fatal Error

FATAL ERROR

Nonfatal Error

NONFATAL ERROR


Table C-10 lists the Sybase ASE exception event attributes.

Table C-10 Sybase ASE Exception Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.7 Invalid Record Events

Invalid record events track audited activity that Oracle Audit Vault cannot recognize, possibly due to a corrupted audit record. The Invalid Audit Record Report, described in Section 3.5.2, uses these events.

Table C-11 lists Sybase ASE invalid record event attributes.

Table C-11 Sybase ASE Invalid Record Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

ERROR_ID

NUMBER

ERROR_MESSAGE

VARCHAR2(30)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

MODULE_NAME

VARCHAR2(100)

OBJECT_ID

NUMBER

ORIGINAL_CONTENT2

VARCHAR2(4000)

ORIGINAL_CONTENT3

VARCHAR2(4000)

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SEVERITY

NUMBER

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.8 Object Management Events

Object management events track audited actions performed on database objects, such as CREATE TABLE commands. The Object Management Report, described in Section 3.4.3, uses these events.

Table C-12 lists the Sybase ASE object management events and event IDs.

Table C-12 Sybase ASE Object Management Events and Event IDs

Event Name Event ID

Access To Database

ACCESS TO DATABASE

Alter Table

ALTER TABLE

Bind Default

BIND DEFAULT

Bind Message

BIND MESSAGE

Bind Rule

BIND RULE

Create Index

CREATE INDEX

Create Table

CREATE TABLE

Create View

CREATE VIEW

Drop Index

DROP INDEX

Drop Table

DROP TABLE

Drop View

DROP VIEW

Unbind Default

UNBIND DEFAULT

Unbind Message

UNBIND MESSAGE

Unbind Rule

UNBIND RULE


Table C-13 lists the Sybase ASE object management event attributes.

Table C-13 Sybase ASE Object Management Event Attributes

Attribute Name Data Type

ASSOCIATED_OBJECT_NAME

VARCHAR2(4000)

ASSOCIATED_OBJECT_OWNER

VARCHAR2(4000)

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

NEW_OBJECT_NAME

VARCHAR2(4000)

NEW_OBJECT_OWNER

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.9 Peer Association Events

Peer association events track database link commands. The Distributed Database Report, described in Section 3.3.4, uses these events. (These events do not have any event names or event IDs; they only contain event attributes.)

Table C-14 lists the Sybase ASE peer association event attributes.

Table C-14 Sybase ASE Peer Association Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.10 Role and Privilege Management Events

Role and privilege management events track audited role and privilege management activity, such as revoking permissions from a user to use a specified command. The Role and Privilege Management Report, described in Section 3.4.5, uses these events.

Table C-15 lists the Sybase ASE role and privilege management events and event IDs.

Table C-15 Sybase ASE Role and Privilege Management Events and Event IDs

Event Name Event ID

Grant Command

GRANT COMMAND

Revoke Command

REVOKE COMMAND

Role Check Performed

ROLE CHECK PERFORMED

Role Toggling

ROLE TOGGLING

User-defined Function Command

ALTER ROLE FUNCTION EXECUTED

CREATE ROLE FUNCTION EXECUTED

DROP ROLE FUNCTION EXECUTED

GRANT ROLE FUNCTION EXECUTED

REVOKE ROLE FUNCTION EXECUTED


Table C-16 lists the Sybase ASE role and privilege management event attributes.

Table C-16 Sybase ASE Role and Privilege Management Event Attributes

Attribute Name Data Type

ADMIN_OPTION

NUMBER

CONTEXTID

VARCHAR2(4000)

COMMENT_TEXT

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

GRANTEE

VARCHAR2(4000)

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OBJECT_PRIVILEGE

VARCHAR2(255)

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

ROLE_NAME

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

SYSTEM_PRIVILEGE

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.11 Service and Application Utilization Events

Service and application utilization events track audited application access activity, such as the execution of Transact-SQL commands. The Procedure Executions Report, described in Section 3.3.5, uses these events.

Table C-17 lists the Sybase ASE service and application utilization events and event IDs.

Table C-17 Sybase ASE Service and Application Utilization Events and Event IDs

Event Name Event ID

Execution Of Stored Procedure

STORED PROCEDURE EXECUTION

Execution Of Trigger

TRIGGER EXECUTION

RPC In

RPC IN

RPC Out

RPC OUT

Trusted procedure execution

TRUSTED PROCEDURE EXECUTION

Trusted trigger execution

TRUSTED TRIGGER EXECUTION


Table C-18 lists the Sybase ASE service and application utilization event attributes.

Table C-18 Sybase ASE Service and Application Utilization Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.12 System Management Events

System management events track audited system management activity, such as the CREATE DATABASE and DISK INIT commands. The System Management Report, described in Section 3.4.6, uses these events.

Table C-19 lists the Sybase ASE system management events and event IDs.

Table C-19 Sybase ASE System Management Events and Event IDs

Event Name Event ID

AEK Add Encryption

AEK ADD ENCRYPTION

AEK Drop Encryption

AEK DROP ENCRYPTION

AEK Key Recovery

AEK KEY RECOVERY

AEK Modify Encryption

AEK MODIFY ENCRYPTION

AEK Modify Owner

AEK MODIFY OWNER

Alter Database

ALTER DATABASE

Alter Encryption Key

ALTER ENCRYPTION KEY

Audit Option Change

AUDIT OPTION CHANGE

Config

CONFIG

Create Database

CREATE DATABASE

Create Encryption Key

CREATE ENCRYPTION KEY

DBCC Command

DB CONSISTENCY CHECK

Deploy UDWS

DEPLOY UDWS

Disk Init

DISK INIT

Disk Mirror

DISK MIRROR

Disk Refit

DISK REFIT

Disk Reinit

DISK REINIT

Disk Release

DISK RELEASE

Disk Remirror

DISK REMIRROR

Disk Resize

DISK RESIZE

Disk Unmirror

DISK UNMIRROR

Drop Database

DROP DATABASE

Drop Encryption Key

DROP ENCRYPTION KEY

Dump Database

DUMP DATABASE

Dump Transaction

DUMP TRANSACTION

Encrypted Column Administration

ENCRYPTED COLUMN ADMINISTRATION

kill/terminate Command

KILL/TERMINATE COMMAND

Load Database

LOAD DATABASE

Load Transaction

LOAD TRANSACTION

Mount Database

MOUNT DATABASE

Online Database

ONLINE DATABASE

Quiesce Database Command

QUIESCE DATABASE COMMAND

Server Boot

SERVER BOOT

Server Shutdown

SERVER SHUTDOWN

SSL Administration

SSL ADMINISTRATION

Undeploy UDWS

UNDEPLOY UDWS

Unmount Database

UNMOUNT DATABASE


Table C-20 lists the Sybase ASE system management event attributes.

Table C-20 Sybase ASE System Management Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.13 Unknown or Uncategorized Events

Unknown or uncategorized events track audited activity that cannot be categorized. The Uncategorized Activity Report, described in Section 3.5.3, uses these events.

Table C-21 shows the Sybase ASE unknown or uncategorized event and event ID.

Table C-21 Sybase ASE Unknown or Uncategorized Events and Event IDs

Event Name Event ID

Ad Hoc Audit record

AD HOC AUDIT RECORD


Table C-22 lists the Sybase ASE unknown or uncategorized event attributes.

Table C-22 Sybase ASE Unknown or Uncategorized Event Attributes

Attribute Name Data Type

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)


C.14 User Session Events

User session events track audited authentication events for users who log in to the database. The User Sessions Report, described in Section 3.3.6, uses these events.

Table C-23 lists the Sybase ASE user session events and event IDs.

Table C-23 Sybase ASE User Session Events and Event IDs

Event Name Event ID

Connect to command

CONNECT TO COMMAND

Log In

LOG IN

Log Out

LOG OUT

Setuser Command

SETUSER COMMAND


Table C-24 lists the Sybase ASE user session event attributes.

Table C-24 Sybase ASE User Session Event Attributes

Attribute Name Data Type

AUTHENTICATION_METHOD

VARCHAR2(255)

COMMENT_TEXT

VARCHAR2(4000)

CONTEXTID

VARCHAR2(4000)

CURRENT_VALUE

VARCHAR2(4000)

DATABASE_ID

NUMBER

DATABASE_NAME

VARCHAR2(4000)

ENDUSER

VARCHAR2(4000)

EVENT_MOD

VARCHAR2(4000)

EVENT_STATUS

VARCHAR2(30)

EVENT_TIME

TIMESTAMP WITH LOCAL TIME ZONE

HOST_IP

VARCHAR2(255)

HOST_NAME

VARCHAR2(255)

HOST_TERMINAL

VARCHAR2(255)

KEYWORD

VARCHAR2(4000)

OBJECT_ID

NUMBER

OSUSER_NAME

VARCHAR2(4000)

PARENT_CONTEXTID

VARCHAR2(4000)

PREVIOUS_VALUE

VARCHAR2(4000)

PRIVILEGES_USED

VARCHAR2(4000)

PROCESS#

NUMBER

PROXY_INFORMATION

VARCHAR2(4000)

SEQUENCE

VARCHAR2(4000)

SOURCE_EVENTID

VARCHAR2(255)

SUB_CONTEXTID

VARCHAR2(4000)

TARGET_OBJECT

VARCHAR2(4000)

TARGET_OWNER

VARCHAR2(4000)

THREAD#

NUMBER

TOOLS_USED

VARCHAR2(4000)

USER_GUID

VARCHAR2(4000)

USERNAME

VARCHAR2(4000)