This appendix maps audit event names used in the Oracle ACFS to their equivalent values in the Source Event, Command Class, Target Object, Associate Object fields and the Status of the event occurred on target object in the Oracle AVDF audit record.
Target Object can be either a Security Object, for example: Realm, Rules, Rulesets, and so on, or, a File System Object like File or Dir.
Event or Command Class can be of the following types.
For security objects CREATE
, MODIFY
, DELETE
and so on. For example, if a realm is getting created, realm is target object and ACFS_SEC_REALM_CREATE
is the event which is being mapped to the command class CREATE
(selected from a set given by Oracle AVDF).
For filesystem object READ
, WRITE
, OPEN
, DELETE
and so on. For example, if a file is being read, file is target object, and ACFS_EVENT_READ_OP
is event which is being mapped to command class READ
(selected from set given by Oracle AVDF).
Associate Objects are the objects which are associated while an event is performed on a Target Object. For example, in Security commands where we add files to the realm as follows: Target object- realm, Event- ACFS_SEC_REALM_ADD
(MODIFY
), Associate object- file. Another example would be where a file is being read by a user: Target object- file, Event- ACFS_AUDIT_READ_OP
(READ
), Associate objects- realms.
The Status column specifies whether the command class executed on the target object succeeded or not.
See also "Oracle Audit Vault and Database Firewall Database Schemas" for Oracle AVDF data warehouse details that may be useful in designing your own reports.
Table L-1 lists the Oracle ACFS Security Objects audit events and the equivalent Oracle AVDF events.
Table L-1 ACFS Security Objects Audit Events
Source Event | Command Class | Target Object | Associate Objects | Status |
---|---|---|---|---|
|
|
MountPoint |
Security |
|
|
|
Realm name |
None |
|
|
|
Realm name |
None |
|
|
|
Realm name |
|
|
|
|
Realm name |
|
|
|
|
Ruleset name |
None |
|
|
|
Ruleset name |
None |
|
|
|
Ruleset name |
Rulename |
|
|
|
Rule name |
None |
|
|
|
Rule name |
None |
|
|
|
Rule name |
None |
|
|
Realm/Ruleset/Rule name |
Mntpt1/Mntpt2 |
|
|
|
|
MountPoint |
None |
|
|
|
MountPoint |
None |
|
|
|
MountPoint |
AES-128/192/256 |
|
|
|
MountPoint |
AES-128/192/256 |
|
|
|
MountPoint |
Encryption |
|
|
|
MountPoint |
Encryption |
|
|
|
Filename |
AES-128/192/256 |
|
|
|
Filename |
None |
|
|
|
Filename |
None |
|
|
|
MountPoint |
Audit |
|
|
|
MountPoint |
Audit |
|
|
|
MountPoint |
Audit trail |
|
|
|
MountPoint |
Audit trail |
|
|
|
MountPoint |
Audit trail |
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
|
|
|
Acfsutil command |
|
Table L-2 lists the Oracle ACFS File System Objects audit events and the equivalent Oracle AVDF events.
Table L-2 ACFS File System Objects Audit Events
Source Event | Command Class | Target Object | Associate Objects | Status |
---|---|---|---|---|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
DirName |
Realms and command rules |
|
|
|
DirName |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename |
Realms and command rules |
|
|
|
Filename/DirName |
Realms and command rules |
|
|
|
Filename/DirName |
Realms and command rules |
|
|
|
Filename/DirName |
Realms and command rules |
|
|
|
Filename/DirName |
Realms and command rules |
|
|
|
Filename/DirName |
Realms and command rules |
|