C Oracle Fusion Middleware Audit Framework Reference

This appendix provides reference information for the Oracle Fusion Middleware Audit Framework. It contains these topics:

C.1 Audit Events

This section describes the components that are audited and the types of events that can be audited.

C.1.1 What Components Can be Audited?

In 11g Release 1 (11.1.1), specific Java components and system components can generate audit records; they are known as audit-aware components.

Java Components that can be Audited

The following components can be audited with Fusion Middleware Audit Framework:

  • Directory Integration Platform Server

  • Oracle Platform Security Services

  • Oracle Web Services Manager

    • Agent

    • Policy Manager

    • Policy Attachment

  • Oracle Web Services

  • Oracle Identity Federation

  • Reports Server

System Components that can be Audited

The following components can be audited with Fusion Middleware Audit Framework:

  • Oracle HTTP Server

  • Oracle Web Cache

  • Oracle Internet Directory

  • Oracle Virtual Directory

C.1.2 What Events can be Audited?

The set of tables in this section shows, for each audit-aware system components and subcomponent, what event types can be audited:

C.1.2.1 Oracle Directory Integration Platform Events and their Attributes

Table C-1 Oracle Directory Integration Platform Events

Event Category Event Type Attributes used by Event

ServiceUtilize

   
 

InvokeService

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

TerminateService

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

SynchronizationEvents

   
 

Add

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, AssociateProfileName, ProfileName, EntryDN

 

Modify

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, AssociateProfileName, ProfileName, EntryDN

 

Delete

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, AssociateProfileName, ProfileName, EntryDN

ProvisioningEvents

UserAdd

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

UserModify

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

UserDelete

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

GroupAdd

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

GroupModify

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

GroupDelete

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEven

 

IdentityAdd

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

IdentityModify

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

IdentityDelete

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

SubscriptionAdd

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

SubscriptionModify

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

 

SubscriptionDelete

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent

ProfileManagementEvents

DeleteProvProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

UpdateProvProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

ActivateProvProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

DeactivateProvProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

CreateSyncProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

DeleteSyncProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

UpdateSyncProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

ActivateSyncProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

DeactivateSyncProfile

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

SyncProfileUpdateChgNum

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

ExpressSyncSetup

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

SyncProfileBootstrap

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

SyncProfileExtAuthPlugins

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

 

ProvProfileBulkProv

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode

SchedulerEvents

   
 

AddJob

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, JobName, JobType

 

RemoveJob

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, JobName, JobType


C.1.2.2 Oracle Platform Security Services Events and their Attributes

Table C-2 Oracle Platform Security Services Events

Event Category Event Type Attributes used by Event

Authorization

   
 

CheckPermission

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, Subject, PermissionAction, PermissionTarget, PermissionClass

 

CheckSubject

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, Subject

     

CredentialManagement

CreateCredential

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID

 

DeleteCredential

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID

 

AccessCredential

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID

 

ModifyCredential

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID

     

PolicyManagement

PolicyGrant

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, PermissionAction, PermissionTarget, PermissionClass, PermissionScope

 

PolicyRevoke

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, PermissionAction, PermissionTarget, PermissionClass, PermissionScope

     

RoleManagement

RoleMembershipAdd

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, ApplicationRole, EnterpriseRoles, PermissionScope

 

RoleMembershipRemove

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, ApplicationRole, EnterpriseRoles, PermissionScope


C.1.2.3 Oracle HTTP Server Events and their Attributes

Table C-3 Oracle HTTP Server Events

Event Category Event Type Attributes used by Event

UserSession

UserLogin

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AuthenticationMethod, Reason

 

UserLogout

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AuthenticationMethod, Reason

 

Authentication

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AuthenticationMethod, Reason, SSLConnection

     

Authorization

CheckAuthorization

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, Reason, AuthorizationType


C.1.2.4 Oracle Internet Directory Events and their Attributes

Table C-4 Oracle Directory Integration Platform Events

Event Category Event Type Attributes used by Event

UserSession

UserLogin

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Roles, custEventStatusDetail, custEventOp, AuthenticationMethod

 

UserLogout

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Roles, custEventStatusDetail, custEventOp

     

Authorization

CheckAuthorization

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

     

DataAccess

ModifyDataItemAttributes

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, custEventStatusDetail, custEventOp

 

CompareDataItemAttributes

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, custEventStatusDetail, custEventOp

     

AccountManagement

ChangePassword

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

 

CreateAccount

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

 

DeleteAccount

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

 

DisableAccount

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

 

EnableAccount

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

 

ModifyAccount

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

 

LockAccount

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp

     

LDAPEntryAccess

custInternalOperation

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, custEventStatusDetail, custEventOp


C.1.2.5 Oracle Identity Federation Events and their Attributes

Table C-5 Oracle Identity Federation Events

Event Category Event Type Attributes used by Event

UserSession

LocalAuthentication

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID, AuthenticationMechanism, AuthenticationEngineID

 

LocalLogout

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID

 

CreateUserSession

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID, AuthenticationMechanism

 

DeleteUserSession

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID

 

CreateUserFederation

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, FederationID, UserID, FederationType

 

DeleteUserFederation

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, FederationID, UserID, FederationType

 

CreateActiveUserFederation

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, SessionID, FederationID, AuthenticationMethod, UserID, FederationType

 

DeleteActiveUserFederation

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, SessionID, FederationID, AuthenticationMethod, UserID, FederationType

 

UpdateUserFederation

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, FederationID, UserID, FederationType, OldNameIDQualifier, OldNameIDValue

     

ProtocolFlow

IncomingMessage

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, Binding, Role, UserID, MessageType, IncomingMessageString, IncomingMessageStringCLOB

 

OutgoingMessage

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, Binding, Role, UserID, MessageType, OutgoingMessageString, OutgoingMessageStringCLOB

 

AssertionCreation

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, UserID, AssertionVersion, IssueInstant, Issuer, AssertionID

 

AssertionConsumption

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, UserID, AssertionVersion, IssueInstant, Issuer, AssertionID

     

Security

CreateSignature

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type

 

VerifySignature

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type

 

EncryptData

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type

 

DecryptData

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type

     

ServerConfiguration

ChangeCOT

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, COTBefore, COTAfter

 

ChangeServerProperty

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, ServerConfigBefore, ServerConfigAfter

 

ChangeDataStore

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, DataStoreBefore, DataStoreAfter

 

CreateConfigProperty

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PropertyName, PropertyType, PeerProviderID, PropertyContext, NewValue

 

ChangeConfigProperty

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PropertyName, PropertyType, PeerProviderID, PropertyContext, OldValue, NewValue

 

DeleteConfigProperty

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PropertyName, PropertyType, PeerProviderID, PropertyContext, Description, OldValue

 

CreatePeerProvider

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PeerProviderID, Description, ProviderType

 

UpdatePeerProvider

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PeerProviderID, Description, ProviderType

 

DeletePeerProvider

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PeerProviderID, Description, ProviderType

 

LoadMetadata

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Description, Metadata

 

SetDataStoreType

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, OldValue, NewDataStoreType, DataStoreName


C.1.2.6 Oracle Virtual Directory Events and their Attributes

Table C-6 Oracle Virtual Directory Events

Event Category Event Type Attributes used by Event

UserSession

UserLogin

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, AuthenticationMethod

 

UserLogout

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

Authorization

CheckAuthorization

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

DataAccess

QueryDataItemAttributes

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

ModifyDataItemAttributes

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

CompareDataItemAttributes

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

ServiceManagement

RemoveService

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, ServiceOperation

 

ModifyServiceConfig

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, ServiceOperation

 

AddService

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, ServiceOperation

     

LDAPEntryAccess

Add

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

Delete

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

Modify

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

Rename

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

Compare

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles


C.1.2.7 OWSM-Agent Events and their Attributes

Table C-7 OWSM-Agent Events

Event Category Event Type Attributes used by Event

UserSession

Authentication

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol

     

Authorization

CheckAuthorization

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol

     

PolicyEnforcement

EnforceConfidentiality

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol

 

EnforceIntegrity

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol

 

EnforcePolicy

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol


C.1.2.8 OWSM-PM-EJB Events and their Attributes

Table C-8 OWSM-PM-EJB Events

Event Category Event Type Attributes used by Event

AssertionTemplateAuthoring

CreateAssertionTemplate

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version

 

DeleteAssertionTemplate

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version, ToVersion

 

ModifyAssertionTemplate

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version

     

PolicyAuthoring

CreatePolicy

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version

 

DeletePolicy

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version, ToVersion,

 

ModifyPolicy

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version


C.1.2.9 Reports Server Events and their Attributes

Table C-9 Reports Server Events

Event Category Event Type Attributes used by Event

UserSession

UserLogin

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

Authorization

CheckAuthorization

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles


C.1.2.10 WS-Policy Attachment Events and their Attributes

Table C-10 WS-Policy Attachment Events

Event Category Event Type Attributes used by Event

PolicyAttachment

PolicyAttachmentEvent

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, PolicyChangeType, PolicyURI, PolicyCategory, PolicyStatus, ServiceEndPoint, PolicySubjRescPattern


C.1.2.11 Oracle Web Cache Events and their Attributes

Table C-11 Oracle Web Cache Events

Event Category Event Type Attributes used by Event

UserSession

UserLogin

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, AuthenticationMethod

 

UserLogout

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, AuthenticationMethod

     

Authorization

CheckAuthorization

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

DataAccess

FilterRequest

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

ServiceManagement

ModifyServiceConfig

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

ConfigServicePermissions

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

ServiceUtilize

InvokeService

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

TerminateService

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

PeerAssocManagement

CreatePeerAssoc

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

TerminatePeerAssoc

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

ChallengePeerAssoc

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

     

Authentication

ClientAuthentication

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles

 

ServerAuthentication

ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles


C.1.2.12 Oracle Web Services Manager Events and their Attributes

Table C-12 Oracle Web Services Manager Events

Event Category Event Type Attributes used by Event

WS-Processing

RequestReceived

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Protocol, Endpoint, Operation, FaultUrl

 

ResponseSent

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Protocol, Endpoint, Operation, FaultUri

     

WS-Fault

SoapFaultEvent

ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, URI, Source, Protocol, Endpoint, Operation


C.1.3 Event Attribute Descriptions

lists all attributes for all audited events. Use this table to learn about the attributes used in the event of interest.

Table C-13 Attributes of Audited Events

Attribute Name Description

AgentMode

Mode in which agent performed policy enforcement.

ApplicationName

The Java EE application name

ApplicationRole

This attribute used for application roles audit for role membership management

AssertionID

The value of the "AssertionID" attribute of the assertion

AssertionName

Name of the assertion that failed enforcement.

AssertionVersion

The version number of the assertion corresponding to this event (ex. 2.0)

AssociateProfileName

This attribute is used to audit the Associate Profile Name

AuthenticationEngineID

The identifier of the authentication engine used during local authentication

AuthenticationMechanism

The authentication mechanism used during local authentication

AuthenticationMethod

The Authentication method - password / SSL / Kerberos and so on.

AuthorizationType

Access/authorization configuration directive: Regular = 'Require' directive, SSL = 'SSLRequire' directive

Binding

The binding used to send the message (SOAP, POST, GET, Aritifact,...)

COTAfter

The contents of the federations configuration file after the change

COTBefore

The contents of the federations configuration file before the change

CodeSource

This attribute used for code source audit for rolemembershipmanagement

ComponentName

ComponentName

ComponentType

Type of the component.

CompositeName

Name of the composite (apply to SOA application only) against which the policy is being enforced.

ContextFields

This attribute contains the context fields extracted from dms context.

custEventOp

This attribute specifies the LDAP operation name associated with this event, e.g. ldapbind, ldapadd, ldapsearch and so on.

custEventStatusDetail

This attribute conveys event status detail info, e.g. error code and other details in case of failure of the associated LDAP operation.

DataStoreAfter

The data stores configuration after the change

DataStoreBefore

The data stores configuration before the change

DataStoreName

The name of the data store being modified (examples: user data store, federation datastore)

Description

Description of the trusted provider

ECID

Identifies the thread of execution that the originating component participates in.

Endpoint

The URI which identifies the endpoint for which the event was triggered. For example, an HTTP require will record the URL.

EnterpriseRoles

This attribute used for enterprise roles audit for rolemembershipmanagement

EntryDN

This attribute is used to audit the entry Distinguished Name

EventCategory

The category of the audit event.

EventStatus

The outcome of the audit event - success or failure

EventType

The type of the audit event. Use wlst listAuditEvents to list out all the events.

FailureCode

The error code in case EventStatus = failure

FaultUri

If processing yielded a fault, the URI of the fault that will be sent.

FederationID

The ID of the federation

FederationType

The type of the federation that is being created or deleted (SP/IdP)

HomeInstance

The ORACLE_INSTANCE directory of the component

HostId

DNS hostname of originating host

HostNwaddr

IP or other network address of originating host

IncomingMessageString

null

IncomingMessageStringCLOB

null

Initiator

Identifies the UID of the user who is doing the operation

InitiatorGUID

This attribute used for initiator guid audit for authorization

InstanceId

Name of the Oracle Instance to which this component belongs.

IssueInstant

The value of the "IssueInstant" attribute of the assertion

Issuer

The value of the "Issuer" attribute of the assertion

JobName

This attribute is used to audit the Scheduler Job Name

JobType

This attribute is used to audit the Scheduler Job Name

key

This is the credential key for the Credential Store

mapName

This is the map name (alias name) for the Credential Store

MessageText

Description of the audit event

MessageType

The type of the message (ex. SSOLoginRequest/SSOLoginResponse/SSOLogoutRequest/...)

Metadata

The provider metadata loaded

ModelObjectName

Name of the Web service or client name against which the policy is being enforced.

ModuleId

ID of the module that originated the message. Interpretation is specific to the Component ID.

NameIDFormat

The format of the NameID of the subject

NameIDQualifier

The qualifier of the nameID of the subject

NameIDValue

The value of the nameID of the subject

NewDataStoreType

The new type of the data store

NewValue

The value of the property after the configuration change

OldNameIDQualifier

The nameID qualifier before the update took place

OldNameIDValue

The nameID value before the update took place

OldValue

The value of the property before the configuration change

Operation

For SOAP requests, the operation for which the event was triggered.

OracleHome

The ORACLE_HOME directory of the component

OutgoingMessageString

null

OutgoingMessageStringCLOB

null

PeerProviderID

The ID of the trusted provider associated with the modified property (If the modified property does not correspond to a trusted provider, this attribute is empty.)

PermissionAction

This attribute used for permission action audit for authorization

PermissionClass

This attribute used for permission class audit for policy store

PermissionScope

This attribute used for permission scope audit for role membership management

PermissionTarget

This attribute used for permission target audit for policy store

PolicyCategory

The category of the policy for which the event was triggered.(comma-separated list)

PolicyChangeType

The type of change that occurred.

PolicyStatus

The status of the policy for which the event was triggered.(comma-separated list)

PolicySubjRescPattern

The policy subject resource pattern which identifies the policy subject for which the event was triggered.

PolicyURI

The URI which identifies the policy for which the event was triggered.(comma-separated list)

Principals

This attribute used for principals audit for role membership management

ProcessId

ID of the process that originated the message

ProcessingStage

Processing stage during which the policy enforcement occurred.

ProfileName

This attribute is used to audit the Sync Profile Name

PropertyContext

The location of the property in the configuration

PropertyName

The name of the configuration property

PropertyType

The type of the property (examples: PropertiesList, PropertiesMap, String, Boolean)

Protocol

The protocol of the request.

ProtocolVersion

The version of the protocol being used (examples: SAML2.0, Libv11)

ProvEvent

This attribute is used to audit the Prov Event

ProviderType

The type of the provider (examples: sp, idp, sp idp)

RID

This is the relationship identifier, it is used to provide the full and correct calling relationships between threads and processes.

Reason

The reason this event occurred

RemoteIP

IP address of the client initiating this event

RemoteProviderID

The provider ID of the remote server

Resource

Identifies a resource that is being accessed. A resource can be many things - web page, file, directory share, web service, XML document, a portlet. The resource can be named as a combination of a host name, and an URI.

Role

The role of Oracle Identity Federation during the protocol step performed (for example Service Provider/ Identity Provider/Attribute Authority/..)

Roles

The roles that the user was granted at the time of login.

SSLConnection

Was SSL connection used by client to transmit request?

ServerConfigAfter

The server configuration after the change

ServerConfigBefore

The server configuration before the change

ServiceEndPoint

The URI which identifies the service for which the event was triggered.

ServiceOperation

Name of the operation performed that changes the service configuration

SessionID

The ID of the current session

SessionId

ID of the login session.

Source

The source of the fault.

Subject

This attribute used for subject audit for authorization

Target

Identifies the UID of the user on whom the operation is being done. E.g. is Alice changes Bob's password, then Alice is the initiator and Bob is the target

TargetComponentType

This is the target component type.

ThreadId

ID of the thread that generated this event

ToVersion

Upper end when deleting a range of policy versions.

TstzOriginating

Date and time when the audit event was generated

Type

The type of cryptographic data being processed (XML, String)

URI

The URI of the fault.

UserID

The identifier of the user in this protocol step

Version

Version of policy that was modified.


C.2 Pre-built Audit Reports

Oracle Fusion Middleware Audit Framework provides a range of out-of-the-box reports that are accessible through Oracle Business Intelligence Publisher. The reports are grouped according to the type of audit data they contain:

C.2.1 Common Audit Reports

A list of common reports appears in Section 13.5, "Audit Report Details".

C.2.2 Component-Specific Audit Reports

Component-Specific reports are organized as follows:

  • Oracle Fusion Middleware Audit Framework

    • Configuration Changes

  • Oracle HTTP Server

    • Errors and Exceptions

    • User Activities

    • All Events

  • Oracle Internet Directory

    • Account Management

      • Account Profile History

      • Accounts Deleted

      • Accounts Enabled

      • Password Changes

      • Accounts Created

      • Accounts Disabled

      • Accounts Locked Out

    • User Activities

      • Authentication History

      • Authorization History

    • Errors and Exceptions

      • All Errors and Exceptions

      • Authentication Failures

      • Authorization Failures

    • All Events

  • Oracle Virtual Directory

    • User Activities

      • Authentication History

      • Authorization History

    • Errors and Exceptions

      • All Errors and Exceptions

      • Authentication Failures

      • Authorization Failures

    • All Events

  • Reports Server

    • User Activities

      • Authentication History

      • Authorization History

    • Errors and Exceptions

      • All Errors and Exceptions

      • Authentication Failures

      • Authorization Failures

    • All Events

  • Oracle Directory Integration Platform

    • All Errors and Exceptions

    • Profile Management Events

    • All Events

  • Oracle Identity Federation

    • Errors and Exceptions

      • All Errors and Exceptions

      • Authentication Failures

    • All Events

    • Federation user Activity

    • Authentication History

    • Assertion Activity

  • Oracle Platform Security Services

    • Errors and Exceptions

      • All Errors and Exceptions

      • Authentication Failures

    • All Events

    • Application Role Management

    • Credential Management

    • Authorization History

    • Application Policy Management

    • Credential Access

    • System Policy Management

  • Oracle Web Services Manager

    • User Activities

      • Authentication History

      • Authorization History

    • Errors and Exceptions

      • All Errors and Exceptions

      • Authentication Failures

      • Authorization Failures

    • All Events

    • Policy Management

      • Assertion Template Management

      • Web Services Policy Management

    • Policy Enforcements

      • Confidentiality Enforcements

      • Policy Enforcements

      • Message Integrity Enforcements

      • Violations

    • Request Response

    • Policy Attachments

  • Oracle Web Cache

    • User Activities

      • Authentication History

      • Authorization History

    • Errors and Exceptions

      • All Errors and Exceptions

      • Authentication Failures

      • Authorization Failures

    • All Events

C.3 The Audit Schema

If you have additional audit reporting requirements beyond the pre-built reports described in Section C.2, "Pre-built Audit Reports", you can create custom reports using your choice of reporting tools. For example, while the pre-built reports use a subset of the event attributes, you can make use of the entire audit attribute set for an event in creating custom reports.

Table C-14 describes the audit schema, which is useful when building custom reports.

Table C-14 The Audit Schema

Table Name Column Name Data Type Nullable Column ID

BASE TABLE

IAU_ID

NUMBER

Yes

1

 

IAU_ORGID

VARCHAR2(255 Bytes)

Yes

2

 

IAU_COMPONENTID

VARCHAR2(255 Bytes)

Yes

3

 

IAU_COMPONENTTYPE

VARCHAR2(255 Bytes)

Yes

4

 

IAU_INSTANCEID

VARCHAR2(255 Bytes)

Yes

5

 

IAU_HOSTINGCLIENTID

VARCHAR2(255 Bytes)

Yes

6

 

IAU_HOSTID

VARCHAR2(255 Bytes)

Yes

7

 

IAU_HOSTNWADDR

VARCHAR2(255 Bytes)

Yes

8

 

IAU_MODULEID

VARCHAR2(255 Bytes)

Yes

9

 

IAU_PROCESSID

VARCHAR2(255 Bytes)

Yes

10

 

IAU_ORACLEHOME

VARCHAR2(255 Bytes)

Yes

11

 

IAU_HOMEINSTANCE

VARCHAR2(255 Bytes)

Yes

12

 

IAU_UPSTREAMCOMPONENTID

VARCHAR2(255 Bytes)

Yes

13

 

IAU_DOWNSTREAMCOMPONENTID

VARCHAR2(255 Bytes)

Yes

14

 

IAU_ECID

VARCHAR2(255 Bytes)

Yes

15

 

IAU_RID

VARCHAR2(255 Bytes)

Yes

16

 

IAU_CONTEXTFIELDS

VARCHAR2(2000 Bytes)

Yes

17

 

IAU_SESSIONID

VARCHAR2(255 Bytes)

Yes

18

 

IAU_SECONDARYSESSIONID

VARCHAR2(255 Bytes)

Yes

19

 

IAU_APPLICATIONNAME

VARCHAR2(255 Bytes)

Yes

20

 

IAU_TARGETCOMPONENTTYPE

VARCHAR2(255 Bytes)

Yes

21

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

22

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

23

 

IAU_EVENTSTATUS

NUMBER

Yes

24

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

25

 

IAU_THREADID

VARCHAR2(255 Bytes)

Yes

26

 

IAU_COMPONENTNAME

VARCHAR2(255 Bytes)

Yes

27

 

IAU_INITIATOR

VARCHAR2(255 Bytes)

Yes

28

 

IAU_MESSAGETEXT

VARCHAR2(255 Bytes)

Yes

29

 

IAU_FAILURECODE

VARCHAR2(255 Bytes)

Yes

30

 

IAU_REMOTEIP

VARCHAR2(255 Bytes)

Yes

31

 

IAU_TARGET

VARCHAR2(255 Bytes)

Yes

32

 

IAU_RESOURCE

VARCHAR2(255 Bytes)

Yes

33

 

IAU_ROLES

VARCHAR2(255 Bytes)

Yes

34

 

IAU_AUTHENTICATIONMETHOD

VARCHAR2(255 Bytes)

Yes

35

 

IAU_TRANSACTIONID

VARCHAR2(255 Bytes)

Yes

36

 

IAU_DOMAINNAME

VARCHAR2(255 Bytes)

Yes

37

 

IAU_COMPONENTDATA

clob

yes

38

         

DIP

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_ASSOCIATEPROFILENAME

VARCHAR2(512 Bytes)

Yes

5

 

IAU_PROFILENAME

VARCHAR2(512 Bytes)

Yes

6

 

IAU_ENTRYDN

VARCHAR2(1024 Bytes)

Yes

7

 

IAU_PROVEVENT

VARCHAR2(2048 Bytes)

Yes

8

 

IAU_JOBNAME

VARCHAR2(128 Bytes)

Yes

9

 

IAU_JOBTYPE

VARCHAR2(128 Bytes)

Yes

10

         

IAU_DISP_NAME_TL

IAU_LOCALE_STR

VARCHAR2(7 Bytes)

 

1

 

IAU_DISP_NAME_KEY

VARCHAR2(255 Bytes)

 

2

 

IAU_COMPONENT_TYPE

VARCHAR2(255 Bytes)

 

3

 

IAU_DISP_NAME_KEY_TYPE

VARCHAR2(255 Bytes)

 

4

 

IAU_DISP_NAME_TRANS

VARCHAR2(4000 Bytes)

Yes

5

         

IAU_LOCALE_MAP_TL

IAU_LOC_LANG

VARCHAR2(2 Bytes)

Yes

1

 

IAU_LOC_CNTRY

VARCHAR2(3 Bytes)

Yes

2

 

IAU_LOC_STR

VARCHAR2(7 Bytes)

Yes

3

         

OPSS

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_CODESOURCE

VARCHAR2(1024 Bytes)

Yes

5

 

IAU_PRINCIPALS

VARCHAR2(1024 Bytes)

Yes

6

 

IAU_INITIATORGUID

VARCHAR2(1024 Bytes)

Yes

7

 

IAU_SUBJECT

VARCHAR2(1024 Bytes)

Yes

8

 

IAU_PERMISSIONACTION

VARCHAR2(1024 Bytes)

Yes

9

 

IAU_PERMISSIONTARGET

VARCHAR2(1024 Bytes)

Yes

10

 

IAU_PERMISSIONCLASS

VARCHAR2(1024 Bytes)

Yes

11

 

IAU_MAPNAME

VARCHAR2(1024 Bytes)

Yes

12

 

IAU_KEY

VARCHAR2(1024 Bytes)

Yes

13

 

IAU_PERMISSIONSCOPE

VARCHAR2(1024 Bytes)

Yes

14

 

IAU_APPLICATIONROLE

VARCHAR2(1024 Bytes)

Yes

15

 

IAU_ENTERPRISEROLES

VARCHAR2(1024 Bytes)

Yes

16

 

IAU_INITIATORDN

VARCHAR2(1024 Bytes)

Yes

17

 

IAU_GUID

VARCHAR2(1024 Bytes)

Yes

18

 

IAU_PERMISSION

VARCHAR2(1024 Bytes)

Yes

19

 

IAU_MODIFIEDATTRIBUTENAME

VARCHAR2(1024 Bytes)

Yes

20

 

IAU_MODIFIEDATTRIBUTEVALUE

VARCHAR2(2048 Bytes)

Yes

21

 

IAU_PERMISSIONSETNAME

VARCHAR2(1024 Bytes)

Yes

22

 

IAU_RESOURCEACTIONS

VARCHAR2(1024 Bytes)

Yes

23

 

IAU_RESOURCETYPE

VARCHAR2(1024 Bytes)

Yes

24

         

OHS/OHS Component

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_REASON

CLOB

Yes

5

 

IAU_SSLCONNECTION

VARCHAR2(255 Bytes)

Yes

6

 

IAU_AUTHORIZATIONTYPE

VARCHAR2(255 Bytes)

Yes

7

         

OID/OID Component

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_CUSTEVENTSTATUSDETAIL

VARCHAR2(255 Bytes)

Yes

5

 

IAU_CUSTEVENTOP

VARCHAR2(255 Bytes)

Yes

6

         

OIF

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_REMOTEPROVIDERID

VARCHAR2(255 Bytes)

Yes

5

 

IAU_PROTOCOLVERSION

VARCHAR2(255 Bytes)

Yes

6

 

IAU_NAMEIDQUALIFIER

VARCHAR2(255 Bytes)

Yes

7

 

IAU_NAMEIDVALUE

VARCHAR2(255 Bytes)

Yes

8

 

IAU_NAMEIDFORMAT

VARCHAR2(255 Bytes)

Yes

9

 

IAU_SESSIONID

VARCHAR2(255 Bytes)

Yes

10

 

IAU_FEDERATIONID

VARCHAR2(255 Bytes)

Yes

11

 

IAU_USERID

VARCHAR2(255 Bytes)

Yes

12

 

IAU_FEDERATIONTYPE

VARCHAR2(255 Bytes)

Yes

13

 

IAU_AUTHENTICATIONMECHANISM

VARCHAR2(255 Bytes)

Yes

14

 

IAU_AUTHENTICATIONENGINEID

VARCHAR2(255 Bytes)

Yes

15

 

IAU_OLDNAMEIDQUALIFIER

VARCHAR2(255 Bytes)

Yes

16

 

IAU_OLDNAMEIDVALUE

VARCHAR2(255 Bytes)

Yes

17

 

IAU_BINDING

VARCHAR2(255 Bytes)

Yes

18

 

IAU_ROLE

VARCHAR2(255 Bytes)

Yes

19

 

IAU_MESSAGETYPE

VARCHAR2(255 Bytes)

Yes

20

 

IAU_ASSERTIONVERSION

VARCHAR2(255 Bytes)

Yes

21

 

IAU_ISSUEINSTANT

VARCHAR2(255 Bytes)

Yes

22

 

IAU_ISSUER

VARCHAR2(255 Bytes)

Yes

23

 

IAU_ASSERTIONID

VARCHAR2(255 Bytes)

Yes

24

 

IAU_INCOMINGMESSAGESTRING

VARCHAR2(3999 Bytes)

Yes

25

 

IAU_INCOMINGMESSAGESTRINGCLOB

CLOB

Yes

26

 

IAU_OUTGOINGMESSAGESTRING

VARCHAR2(3999 Bytes)

Yes

27

 

IAU_OUTGOINGMESSAGESTRINGCLOB

CLOB

Yes

28

 

IAU_TYPE

VARCHAR2(255 Bytes)

Yes

29

 

IAU_PROPERTYNAME

VARCHAR2(255 Bytes)

Yes

30

 

IAU_PROPERTYTYPE

VARCHAR2(255 Bytes)

Yes

31

 

IAU_PEERPROVIDERID

VARCHAR2(255 Bytes)

Yes

32

 

IAU_PROPERTYCONTEXT

VARCHAR2(255 Bytes)

Yes

33

 

IAU_DESCRIPTION

VARCHAR2(255 Bytes)

Yes

34

 

IAU_OLDVALUE

VARCHAR2(255 Bytes)

Yes

35

 

IAU_NEWVALUE

VARCHAR2(255 Bytes)

Yes

36

 

IAU_PROVIDERTYPE

VARCHAR2(255 Bytes)

Yes

37

 

IAU_COTBEFORE

CLOB

Yes

38

 

IAU_COTAFTER

CLOB

Yes

39

 

IAU_SERVERCONFIGBEFORE

CLOB

Yes

40

 

IAU_SERVERCONFIGAFTER

CLOB

Yes

41

 

IAU_DATASTOREBEFORE

CLOB

Yes

42

 

IAU_DATASTOREAFTER

CLOB

Yes

43

 

IAU_METADATA

VARCHAR2(255 Bytes)

Yes

44

 

IAU_NEWDATASTORETYPE

VARCHAR2(255 Bytes)

Yes

45

 

IAU_DATASTORENAME

VARCHAR2(255 Bytes)

Yes

46

         

OVD/OVD Component

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_SERVICEOPERATION

VARCHAR2(255 Bytes)

Yes

5

         

OWSM Agent

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_APPNAME

VARCHAR2(255 Bytes)

Yes

5

 

IAU_ASSERTIONNAME

VARCHAR2(255 Bytes)

Yes

6

 

IAU_COMPOSITENAME

VARCHAR2(255 Bytes)

Yes

7

 

IAU_ENDPOINT

VARCHAR2(4000 Bytes)

Yes

8

 

IAU_AGENTMODE

VARCHAR2(255 Bytes)

Yes

9

 

IAU_MODELOBJECTNAME

VARCHAR2(255 Bytes)

Yes

10

 

IAU_OPERATION

VARCHAR2(255 Bytes)

Yes

11

 

IAU_PROCESSINGSTAGE

VARCHAR2(255 Bytes)

Yes

12

 

IAU_VERSION

NUMBER

Yes

13

 

IAU_PROTOCOL

VARCHAR2(255 Bytes)

Yes

14

         

OWSM_PM_EJB

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_VERSION

NUMBER

Yes

5

 

IAU_TOVERSION

NUMBER

Yes

6

         

ReportsServer/ReportsServer Components

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

         
         

WebCache/ WebCache Component

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

         
         

WebServices

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_PROTOCOL

VARCHAR2(255 Bytes)

Yes

5

 

IAU_ENDPOINT

VARCHAR2(4000 Bytes)

Yes

6

 

IAU_OPERATION

VARCHAR2(255 Bytes)

Yes

7

 

IAU_FAULTURI

VARCHAR2(4000 Bytes)

Yes

8

 

IAU_URI

VARCHAR2(4000 Bytes)

Yes

9

 

IAU_SOURCE

VARCHAR2(255 Bytes)

Yes

10

         

WS_Policy Attachment

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255 Bytes)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255 Bytes)

Yes

4

 

IAU_PROTOCOL

VARCHAR2(255 Bytes)

Yes

5

 

IAU_ENDPOINT

VARCHAR2(4000 Bytes)

Yes

6

 

IAU_OPERATION

VARCHAR2(255 Bytes)

Yes

7

 

IAU_FAULTURI

VARCHAR2(4000 Bytes)

Yes

8

 

IAU_URI

VARCHAR2(4000 Bytes)

Yes

9

 

IAU_SOURCE

VARCHAR2(255 Bytes)

Yes

10

         

OAM (Oracle Access Manager)

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255)

Yes

4

 

IAU_APPLICATIONDOMAINNAME

VARCHAR2(40)

Yes

5

 

IAU_AUTHENTICATIONSCHEMEID

VARCHAR2(40)

Yes

6

 

IAU_AGENTID

VARCHAR2(40)

Yes

7

 

IAU_SSOSESSIONID

VARCHAR2(100)

Yes

8

 

IAU_ADDITIONALINFO

VARCHAR2(1000)

Yes

9

 

IAU_AUTHORIZATIONSCHEME

VARCHAR2(40)

Yes

10

 

IAU_USERDN

VARCHAR2(255)

Yes

11

 

IAU_RESOURCEID

VARCHAR2(40)

Yes

12

 

IAU_AUTHORIZATIONPOLICYID

VARCHAR2(40)

Yes

13

 

IAU_AUTHENTICATIONPOLICYID

VARCHAR2(255)

Yes

14

 

IAU_USERID

VARCHAR2(40)

Yes

15

 

IAU_RESOURCEHOST

VARCHAR2(255)

Yes

16

 

IAU_REQUESTID

VARCHAR2(255)

Yes

17

 

IAU_POLICYNAME

VARCHAR2(40)

Yes

18

 

IAU_SCHEMENAME

VARCHAR2(40)

Yes

19

 

IAU_RESOURCEHOSTNAME

VARCHAR2(100)

Yes

20

 

IAU_OLDATTRIBUTES

VARCHAR2(1000)

Yes

21

 

IAU_NEWATTRIBUTES

VARCHAR2(1000)

Yes

22

 

IAU_SCHMETYPE

VARCHAR2(40)

Yes

23

 

IAU_RESPONSETYPE

VARCHAR2(40)

Yes

24

 

IAU_AGENTTYPE

VARCHAR2(40)

Yes

25

 

IAU_CONSTRAINTTYPE

VARCHAR2(40)

Yes

26

 

IAU_INSTANCENAME

VARCHAR2(40)

Yes

27

 

IAU_DATASOURCENAME

VARCHAR2(100)

Yes

28

 

IAU_DATASOURCETYPE

VARCHAR2(100)

Yes

29

 

IAU_HOSTIDENTIFIERNAME

VARCHAR2(100)

Yes

30

 

IAU_RESOURCEURI

VARCHAR2(255)

Yes

31

 

IAU_RESOURCETEMPLATENAME

VARCHAR2(100)

Yes

32

         

OAAM (Oracle Adaptive Access Manager)

IAU_ID

NUMBER

Yes

1

 

IAU_TSTZORIGINATING

TIMESTAMP(6)

Yes

2

 

IAU_EVENTTYPE

VARCHAR2(255)

Yes

3

 

IAU_EVENTCATEGORY

VARCHAR2(255)

Yes

4

 

IAU_ACTIONNOTES

VARCHAR2(4000)

Yes

5

 

IAU_CASEACTIONENUM

NUMBER(38)

Yes

6

 

IAU_CASEACTIONRESULT

NUMBER

Yes

7

 

IAU_CASECHALLENGEQUESTION

VARCHAR2(4000)

Yes

8

 

IAU_CASECHALLENGERESULT

NUMBER(38)

Yes

9

 

IAU_CASEDISPOSITION

NUMBER(38)

Yes

10

 

IAU_CASEEXPRDURATIONINHRS

NUMBER(38)

Yes

11

 

IAU_CASEID

NUMBER

Yes

12

 

IAU_CASEIDS

VARCHAR2(4000)

Yes

13

 

IAU_CASESEVERITY

NUMBER(38)

Yes

14

 

IAU_CASESTATUS

NUMBER(38)

Yes

15

 

IAU_CASESUBACTIONENUM

NUMBER(38)

Yes

16

 

IAU_DESCRIPTION

VARCHAR2(4000)

Yes

17

 

IAU_GROUPID

NUMBER

Yes

18

 

IAU_GROUPIDS

VARCHAR2(4000)

Yes

19

 

IAU_GROUPNAME

VARCHAR2(4000)

Yes

20

 

IAU_GROUPDETAILS

VARCHAR2(4000)

Yes

21

 

IAU_GROUPELEMENTID

NUMBER

Yes

22

 

IAU_GROUPELEMENTIDS

NUMBER

Yes

23

 

IAU_GROUPELEMENTVALUE

VARCHAR2(4000)

Yes

24

 

IAU_GROUPELEMENTSDETAILS

VARCHAR2(4000)

Yes

25

 

IAU_KBACATEGORYID

NUMBER

Yes

26

 

IAU_KBACATEGORYIDS

VARCHAR2(4000)

Yes

27

 

IAU_KBACATEGORYNAME

VARCHAR2(4000)

Yes

28

 

IAU_KBACATEGORYDETAILS

VARCHAR2(4000)

Yes

29

 

IAU_KBAQUESTIONID

NUMBER

Yes

30

 

IAU_KBAQUESTIONIDS

VARCHAR2(4000)

Yes

31

 

IAU_KBAQUESTION

VARCHAR2(4000)

Yes

32

 

IAU_KBAQUESTIONTYPE

NUMBER(38)

Yes

33

 

IAU_KBAQUESTIONDETAILS

VARCHAR2(4000)

Yes

34

 

IAU_KBAVALIDATIONID

NUMBER

Yes

35

 

IAU_KBAVALIDATIONIDS

VARCHAR2(4000)

Yes

36

 

IAU_KBAVALIDATIONNAME

VARCHAR2(4000)

Yes

37

 

IAU_KBAVALIDATIONDETAILS

VARCHAR2(4000)

Yes

38

 

IAU_KBAREGLOGICDETAILS

VARCHAR2(4000)

Yes

39

 

IAU_KBAANSWERLOGICDETAILS

VARCHAR2(4000)

Yes

40

 

IAU_LOGINID

VARCHAR2(255)

Yes

41

 

IAU_POLICYDETAILS

VARCHAR2(4000)

Yes

42

 

IAU_POLICYID

NUMBER

Yes

43

 

IAU_POLICYIDS

VARCHAR2(4000)

Yes

44

 

IAU_POLICYNAME

NUMBER

Yes

45

 

IAU_POLICYOVERRIDEDETAILS

VARCHAR2(4000)

Yes

46

 

IAU_POLICYOVERRIDEID

NUMBER

Yes

47

 

IAU_POLICYOVERRIDEIDS

VARCHAR2(4000)

Yes

48

 

IAU_POLICYOVERRIDEROWID

NUMBER

Yes

49

 

IAU_POLICYRULEMAPID

NUMBER

Yes

50

 

IAU_POLICYRULEMAPIDS

VARCHAR2(4000)

Yes

51

 

IAU_POLICYRULEMAPDETAILS

VARCHAR2(4000)

Yes

52

 

IAU_RULEID

NUMBER

Yes

53

 

IAU_RULECONDITIONID

NUMBER

Yes

54

 

IAU_RULECONDITIONIDS

VARCHAR2(4000)

Yes

55

 

IAU_RULENAME

VARCHAR2(4000)

Yes

56

 

IAU_RULEDETAILS

VARCHAR2(4000)

Yes

57

 

IAU_RULECONDITIONMAPID

NUMBER

Yes

58

 

IAU_RULECONDITIONMAPIDS

VARCHAR2(4000)

Yes

59

 

IAU_RULEPARAMVALUEDETAILS

VARCHAR2(4000)

Yes

60

 

IAU_SOURCEPOLICYID

NUMBER

Yes

61

 

IAU_USERGROUPNAME

VARCHAR2(255)

Yes

62

 

IAU_USERID

NUMBER

Yes

63

 

IAU_USERIDS

VARCHAR2(4000)

Yes

64


C.4 WLST Commands for Auditing

WLST is the command-line utility for administration of Oracle Fusion Middleware components and applications. It provides another option for administration in addition to Oracle Enterprise Manager Fusion Middleware Control.

Use the WLST commands listed in Table C-15 to view and manage audit policies and the audit store configuration.

Note:

When running audit WLST commands, you must invoke the WLST script from the Oracle Common home. See "Using Custom WLST Commands" in the Oracle Fusion Middleware Administrator's Guide for more information.

See Also:

Oracle Fusion Middleware Third-Party Application Server Guide for details about executing audit commands on third-party application servers.

Table C-15 WLST Audit Commands

Use this command... To... Use with WLST...

getNonJava EEAuditMBeanName

Display the mBean name for a system component.

Online

getAuditPolicy

Display audit policy settings.

Online

setAuditPolicy

Update audit policy settings.

Online

getAuditRepository

Display audit store settings.

Online

setAuditRepository

Update audit store settings.

Online

listAuditEvents

List audit events for one or all components.

Online

exportAuditConfig

Export a component's audit configuration.

Online

importAuditConfig

Import a component's audit configuration.

Online


C.4.1 getNonJava EEAuditMBeanName

Online command that displays the mbean name for system components.

The MBean name must be provided when using WLST commands for system components; since the MBean name can have a complex composition, use this command to get the name.

C.4.1.1 Description

This command displays the mbean name for system components given the instance name, component name, component type, and the name of the Oracle WebLogic Server on which the component's audit mbean is running. The mbean name is a required parameter to other audit WLST commands when managing a system component.

C.4.1.2 Syntax

getNonJava EEAuditMBeanName('instance-name', 'component-name', 'component-type')
Argument Definition
instName Specifies the name of the application server instance.
compName Specifies the name of the component instance.
compType Specifies the type of component. Valid values are ohs, oid, ovd, and WebCache.

C.4.1.3 Example

The following interactive command displays the mBean name for an Oracle Internet Directory component:

wls:/mydomain/serverConfig> getNonJava EEAuditMBeanName(instName='inst1', compName='oid1', compType='oid')

C.4.2 getAuditPolicy

Online command that displays the audit policy settings.

C.4.2.1 Description

Online command that displays audit policy settings including the audit level, special users, custom events, maximum log file size, and maximum log directory size. The component mbean name is an optional parameter. If no parameter is provided, the domain audit policy is displayed.

C.4.2.2 Syntax

getAuditPolicy(['mbeanName'])
Argument Definition
mbeanName Specifies the name of the component audit MBean for system components.

C.4.2.3 Example

The following command displays the audit settings for all Java EE components configured in the WebLogic Server domain:

wls:/mydomain/serverConfig> getAuditPolicy()

The following command displays the audit settings for MBean CSAuditProxyMBean:

wls:/mydomain/serverConfig> getAuditPolicy(on='oracle.security.audit.test:type=CSAuditMBean,
name=CSAuditProxyMBean')

C.4.3 setAuditPolicy

Online command that updates an audit policy.

C.4.3.1 Description

Online command that configures the audit policy settings. You can set the audit level, add or remove special users, and add or remove custom events. The component mbean name is required for system components like Oracle Internet Directory and Oracle Virtual Directory.

Remember to call save after issuing setAuditPolicy for system components. Otherwise, the new settings will not take effect.

C.4.3.2 Syntax

setAuditPolicy(['mbeanName'],['filterPreset'],['addSpecialUsers'],
['removeSpecialUsers'],['addCustomEvents'],['removeCustomEvents'])
Argument Definition
mbeanName Specifies the name of the component audit MBean for system components.
filterPreset Specifies the audit level to be changed.
addSpecialUsers Specifies the special users to be added.
removeSpecialUsers Specifies the special users to be removed.
addCustomEvents Specifies the custom events to be added.
removeCustomEvents Specifies the custom events to be removed.

C.4.3.3 Example

The following interactive command a) sets the audit level to Low, and b) adds users user2 and user3 while removing user user1 from the policy:

wls:/mydomain/serverConfig> setAuditPolicy (filterPreset='Low',addSpecialUsers='user2,user3',removeSpecialUsers='user1')

The following interactive command adds login events while removing logout events from the policy:

wls:/mydomain/serverConfig> setAuditPolicy(filterPreset='Custom',addCustomEvents='UserLogin',removeCustomEvents='UserLogout') 

C.4.4 getAuditRepository

Online command that displays audit store settings.

C.4.4.1 Description

Online command that displays audit store settings for Java components and applications (for system components like Oracle Internet Directory, the configuration resides in opmn.xml). Also displays database configuration if the data is stored in a database.

C.4.4.2 Syntax

getAuditRepository 

C.4.4.3 Example

The following command displays audit store configuration:

wls:/mydomain/serverConfig> getAuditRepository()

C.4.5 setAuditRepository

Online command that updates audit store settings.

C.4.5.1 Description

Online command that sets the audit store settings for Java components and applications (for system components like Oracle Internet Directory, the store is configured by editing opmn.xml).

C.4.5.2 Syntax

setAuditRepository(['switchToDB'],['dataSourceName'],['interval'])
Argument Definition
switchToDB If true, switches the store from file to database.
dataSourceName Specifies the name of the data source.
interval Specifies intervals at which the audit loader moves file records to the database.

C.4.5.3 Example

The following interactive command changes audit store to a database defined by the data source jdbcAuditDB and sets the audit loader interval to 14 seconds:

wls:/mydomain/serverConfig> setAuditRepository(switchToDB='true',dataSourceName='jdbcAuditDB',interval='14')

Note:

The data source is created using the Oracle WebLogic Server administration console.

C.4.6 listAuditEvents

Online command that displays the definition of a component's audit events, including its attributes.

C.4.6.1 Description

This command displays a component's audit events and attributes. For system components, pass the component mbean name as a parameter. Java applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter. Without a component type, all generic attributes applicable to all components are displayed.

C.4.6.2 Syntax

listAuditEvents(['mbeanName'],['componentType'])
Argument Definition
mbeanName Specifies the name of the component MBean.
componentType Specifies the component type.

C.4.6.3 Example

The following command displays audit events for an Oracle Internet Directory instance:

wls:/mydomain/serverConfig> listAuditEvents(on='oracle.as.management.mbeans.register:
type=component.auditconfig,name=auditconfig1,instance=oid1,component=oid')

The following command displays audit events for Oracle Identity Federation:

wls:/mydomain/serverConfig> listAuditEvents(componentType='oif')

C.4.7 exportAuditConfig

Online command that exports a component's audit configuration.

See Also:

This command is useful in migrating to production environments. For details, see Section 6.5.3, "Migrating Audit Policies".

C.4.7.1 Description

This command exports the audit configuration to a file. For system components, pass the component mbean name as a parameter. Java applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

C.4.7.2 Syntax

exportAuditConfig(['mbeanName'],fileName')
Argument Definition
mbeanName Specifies the name of the system component MBean.
fileName Specifies the path and file name to which the audit configuration should be exported.

C.4.7.3 Example

The following interactive command exports the audit configuration for a component:

wls:/mydomain/serverConfig> exportAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,name=CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following interactive command exports the audit configuration for a component; no mBean is specified:

wls:/mydomain/serverConfig> exportAuditConfig(fileName='/tmp/auditconfig')

C.4.8 importAuditConfig

Online command that imports a component's audit configuration.

See Also:

This command is useful in migrating to production environments. For details, see Section 6.5.3, "Migrating Audit Policies".

C.4.8.1 Description

This command imports the audit configuration from an external file. For system components, pass the component mbean name as a parameter. Java applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.

Remember to call save after issuing importAuditConfig for system components. Otherwise, the new settings will not take effect.

C.4.8.2 Syntax

importAuditConfig(['mbeanName'],'fileName')
Argument Definition
mbeanName Specifies the name of the system component MBean.
fileName Specifies the path and file name from which the audit configuration should be imported.

C.4.8.3 Example

The following interactive command imports the audit configuration for a component:

wls:/mydomain/serverConfig> importAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,name=CSAuditProxyMBean',fileName='/tmp/auditconfig')

The following interactive command imports the audit configuration for a Java EE application (no mBean is specified):

wls:/mydomain/serverConfig> importAuditConfig(fileName='/tmp/auditconfig')

C.5 Audit Filter Expression Syntax

When you select a custom audit policy, you have the option of specifying a filter expression along with an event.

For example, you can use the following expression:

Host Id -eq "myhost123"

to enable the audit event for a particular host only.


You enter this expression either through the Fusion Middleware Control Edit Filter Dialog or through the setAuditPolicy WLST command.

There are some syntax rules you should follow when creating a filter expression.

The expression can either be a Boolean expression or a literal.

<Expr> ::= <BooleanExpression> | <BooleanLiteral>

A boolean expression can use combinations of RelationalExpression with –and, -or , -not and parenthesis. For example, (Host Id -eq "stadl17" -or ").

<BooleanExpression> ::=  <RelationalExpression>
   | “(” <BooleanExpression> “)”
   | <BooleanExpression> “-and” <BooleanExpression>
   | <BooleanExpression> “-or” <BooleanExpression>
   | “-not” <BooleanExpression>

A relational expression compares an attribute name (on the left hand side) with a literal (on the right-hand side). The literal and the operator must be of the correct data type for the attribute.

<RelationalExpression> ::= <AttributeName> <RelationalOperator> <Literal>

Relational operators are particular to data types:

  • -eq, -ne can be used with all data types

  • -contains, -startswith, -endswith can be only used with strings

  • -contains_case, -startswith_case and -endswith_case are case sensitive versions of the above three functions

  • -lt, -le, -gt, -ge can be used with numeric and datetime

<RelationalOperator> : = "-eq" | "-ne" | "-lt" | "-le" | "-gt" | "-ge"
   | "-contains" | "-contains_case"
   | "-startswith" | "-startswith_case"
   | "-endswith" | "-endswith_case"

Rules for literals are as follows:

  • Boolean literals are true or false, without quotes

  • Date time literals have to be in double quotes and can be in many different formats; "June 25, 2006", "06/26/2006 2:00 pm" are all valid

  • String literals have to be quotes, back-slash can be used to escape an embedded double quote

  • Numeric literals are in their usual format

<Literal> ::=  <NumericLiteral> | <BooleanLiteral> | <DateTimeLiteral> | <StringLiteral><BooleanLiteral> ::= "true” | "false”

C.6 Naming and Logging Format of Audit Files

This section explains the rules that are used to maintain audit files.

For Java components (both Java EE and Java SE), the file containing audit records is named "audit.log".

When that file is full (it reaches the configured maximum audit file size which is 100MB), it is renamed to "audit1.log" and a new "audit.log" is created. If this file too gets full, the audit.log file is renamed to "audit2.log" and a new audit.log is created.

This continues until the configured maximum audit directory size is reached (default is 0, which means unlimited size). When the max directory size is reached, the oldest auditn.log file is deleted.

If you have configured a database audit store, then the audit loader reads these files and transfers the records to the database in batches. After reading a complete audit<n>.log file, it deletes the file.

Note:

The audit loader never deletes the "current" file, that is, audit.log; it only deletes archive files audit<n>.log.

OPMN-managed components follow the same model, except the file name is slightly different. It has the process ID embedded in the file name; thus, if the process id is 11925 the current file is called "audit-pid11925.log", and after rotation it will be called audit-pid11925-1.log

Here is a sample audit.log file:

#Fields:Date Time Initiator EventType EventStatus MessageText HomeInstance ECID RID ContextFields SessionId TargetComponentType ApplicationName EventCategory ThreadId InitiatorDN TargetDN FailureCode RemoteIP Target Resource Roles CodeSource InitiatorGUID Principals PermissionAction PermissionClass mapName key
#Remark Values:ComponentType="JPS"
2008-12-08 10:46:05.492 - "CheckAuthorization" true "Oracle Platform Security Authorization Check Permission SUCCEEDED." - - - - - - - "Authorization" "48" - - "true" - - "(oracle.security.jps.service.policystore.PolicyStoreAccessPermission context=APPLICATION,name=SimpleServlet getApplicationPolicy)" - "file:/oracle/work/middleware/oracle_common/modules/oracle.jps_11.1.1/jps-internal.jar" - "[]" - - - - 

This file follows the W3C extended logging format, which is a very common log format that is used by many Web Servers e.g. Apache and IIS:

  • The first line is a "#Fields" line; it specifies all the fields in the rest of the file.

  • The second line is a comment like "#Remark" which has a comment indicating some common attributes like the ComponentType.

  • All subsequent lines are data lines; they follow the exact format defined in the "#Fields" line. All attributes are separated by spaces, mussing attributes are indicated by a dash.