Oracle E-Business Suite, the Oracle E-Business Suite technology stack, and optional Oracle Technology integrations provide various auditing and logging capabilities. Deciding which one to use and how to use it will depend on what you're trying to achieve.
The auditing and logging features described in this chapter can assist with analyzing the following:
Recent and current activity
"Recent and Current Activity" encompasses information about what is happening in the system currently, or what the last activity was performed on particular record or done by a particular session. This includes the following Oracle E-Business Suite Applications features:
Data changes tracked with row who columns - Records information about who and when each record was created and last updated
Sign-on Audit and Session Audit information - Records information about each user session, as well as the last activity performed on that session
Database connection tagging - Records Oracle E-Business Suite session information in v$session
Historical Activity features capture similar information to the information described in the previous section, but retain historical data about what has been changed. This is sometimes switched off by default in the Oracle E-Business Suite environment and can be switched on for targeted areas of Oracle E-Business Suite. Auditing mechanisms that fall into this category include the following features:
Page Access Tracking - Captures historical information about what users were doing in the system and what the performance was, as well as allowing to what a specific user and sessions were accessing
Oracle E-Business Suite Audit Trail - Uses database triggers and shadow tables to record historical data about changes to specific tables (not to be confused with the similar Database Audit Trail feature). It provides a straightforward user interface for defining which tables you wish to audit in this manner. Because the auditing tables reside in the Oracle E-Business Suite database, it's easier to report on them, but this mechanism does not provide the performance and integrity of the audit records that can be achieved with Oracle Database Auditing discussed in the next section.
Proxy User Auditing - Tracks the usage of the Oracle E-Business Suite Proxy User feature and provides reports which can be used to audit the use of this feature. This auditing is on by default.
OHS Apache Access Logs - Tracks all HTTP GET requests that come into Oracle E-Business Suite, along with their parameters. This auditing is on by default.
Database Listener Logs - Tracks database listener commands and connections to the database.
Database Auditing - Monitors and records configured database actions. It can be used to track table changes, in a manner similar to the Audit Trail feature discussed above.
Fine-Grained Auditing - Allows detailed conditions to trigger auditing of data access based on content
Certain areas of Oracle E-Business Suite in the underlying technology stack report on unexpected errors. These unexpected events can include security related events.
Unsuccessful Login Attempts - Captures information about unsuccessful login attempts
Debug Logging (Unexpected Logging) - Captures debug information at a variety of levels. At the default level of "Unexpected" Oracle E-Business Suite captures information about unexpected events.
OHS Apache Error Logs - Captures unexpected events that occur at the Oracle HTTP Server level. This includes potential attacks that have been blocked by Mod Security.
Oracle Database Listener Log - Captures unexpected connection errors
Oracle Database Alert Log - Captures unexpected database errors
Throughout this document, we will be referring to SQL scripts that can be used as follows:
Configure auditing for the database
Query various auditing tables described in this guide
Validate that your auditing configuration meets the recommendations described in this guide
Note: Many of the scripts that are provided serve as examples only. The intent is that administrators and auditors can leverage and customize these scripts to meet their specific needs. Scripts mentioned here, as well as other security related scripts, can be found as an attachment to My Oracle Support Knowledge Document 2069190.1, Security Configuration and Auditing Scripts for Oracle E-Business Suite.