This appendix maps audit event names used in Sybase Adaptive Server Enterprise (ASE) to their equivalent values in the command_class and target_type fields in the Oracle AVDF audit record. The audit events are organized in useful categories, for example, Account Management events. You can use the audit events mapped here to create custom audit reports using other Oracle Database reporting products or third-party tools. See also "Oracle Audit Vault and Database Firewall Database Schemas" for Oracle AVDF data warehouse details that may be useful in designing your own reports.
Account management events track Transact-SQL commands that affect user accounts, such as the UNLOCK ADMIN ACCOUNT
command. Table D-1 lists the Sybase ASE account management events and the equivalent Oracle AVDF events.
Table D-1 Sybase ASE Account Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Create Login Command Drop Login Command |
|
|
|
Set SSA Command |
|
|
|
SSO Changed Password |
|
|
|
Unlock Admin Account |
|
|
|
Login Has Been Locked |
|
|
Application management events track actions that were performed on the underlying Transact-SQL commands of system services and applications, such as the CREATE RULE
command.
Table D-2 lists the Sybase ASE application management events and the equivalent Oracle AVDF events.
Table D-2 Sybase ASE Application Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Create Default |
|
|
|
Create Message |
|
|
|
Create Procedure |
|
|
|
Create Rule |
|
|
|
Create SQLJ Function |
|
|
|
Create Trigger |
|
|
|
Drop Default |
|
|
|
Drop Message |
|
|
|
Drop Procedure |
|
|
|
Drop Rule |
|
|
|
Drop SQLJ Function |
|
|
|
Drop Trigger |
|
|
Audit command events track the use of auditing Transact-SQL commands on other Transact-SQL commands and on database objects. Table D-3 lists the Sybase ASE audit command events and the equivalent Oracle AVDF events.
Data access events track audited Transact-SQL commands, such as all SELECT TABLE
, INSERT TABLE
, or UPDATE TABLE
commands. The Data Access Report, described in "Data Access Report", uses these events.
Table D-4 lists the Sybase ASE data access events and the equivalent Oracle AVDF events.
Table D-4 Sybase ASE Data Access Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Access To Audit Table |
|
|
|
BCP In |
|
|
|
Delete Table |
|
|
|
Delete View |
|
|
|
Insert Table |
|
|
|
Insert View |
|
|
|
Select Table |
|
|
|
Select View |
|
|
|
Truncate Table |
|
|
|
Truncation of Audit Table |
|
|
|
Update Table |
|
|
|
Update View |
|
|
Exception events track audited error and exception activity, such as network errors. Table D-5 lists Sybase ASE exception events and the equivalent Oracle AVDF events.
Invalid record events track audited activity that Oracle AVDF cannot recognize, possibly due to a corrupted audit record.
Object management events track audited actions performed on database objects, such as CREATE TABLE
commands. Table D-6 lists the Sybase ASE object management events and the equivalent Oracle AVDF events.
Table D-6 Sybase ASE Object Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Access To Database |
|
|
|
Alter Table |
|
|
|
Bind Default |
|
|
|
Bind Message |
|
|
|
Bind Rule |
|
|
|
Access Database Access Object Access Schema Access User Access Password |
|
|
|
Create Index |
|
|
|
Create Table |
|
|
|
Create View |
|
|
|
Creation of References to Tables |
|
|
|
Drop Index |
|
|
|
Drop Table |
|
|
|
Drop View |
|
|
|
Transfer Table |
|
TABLE |
|
Unbind Default |
|
|
|
Unbind Message |
|
|
|
Unbind Rule |
|
|
Peer association events track database link commands. These events do not have any event names.
Role and privilege management events track audited role and privilege management activity, such as revoking permissions from a user to use a specified command. Table D-7 lists the Sybase ASE role and privilege management events and the equivalent Oracle AVDF events.
Table D-7 Sybase ASE Role and Privilege Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Grant Command |
|
|
|
Revoke Command |
|
|
|
Role Check Performed |
|
|
|
Role Lock |
|
|
|
Role Toggling |
|
|
|
Alter Role Function Executed Create Role Function Executed Drop Role Function Executed Grant Role Function Executed Revoke Role Function Executed |
|
|
Service and application utilization events track audited application access activity, such as the execution of Transact-SQL commands.
Table D-8 lists the Sybase ASE service and application utilization events and the equivalent Oracle AVDF events.
Table D-8 Sybase ASE Service and Application Utilization Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
Ad Hoc Audit Record |
|
|
|
All Commands Execution |
|
|
|
Stored Procedure Execution |
|
|
|
Trigger Execution |
|
|
|
RPC In |
|
|
|
RPC Out |
|
|
|
Trusted procedure execution |
|
|
|
Trusted trigger execution |
|
|
System management events track audited system management activity, such as the CREATE DATABASE
and DISK INIT
commands. Table D-9 lists the Sybase ASE system management events and the equivalent Oracle AVDF events.
Table D-9 Sybase ASE System Management Audit Events
Source Event | Event Description | command_class | target_type |
---|---|---|---|
|
AEK Add Encryption |
|
|
|
AEK Drop Encryption |
|
|
|
AEK Key Recovery |
|
|
|
AEK Modify Encryption |
|
|
|
AEK Modify Owner |
|
|
|
Alter Database |
|
|
|
Alter Encryption Key |
|
|
|
Alter Modify Owner |
UPDATE |
OWNER |
|
Audit Option Change |
|
|
|
Config |
|
|
|
Create Database |
|
|
|
Create Encryption Key |
|
|
|
Create Manifest File |
CREATE |
MANIFEST FILE |
|
DB Consistency Check |
|
|
|
Deploy UDWS |
|
|
|
Deploy User-Defined Web Services |
|
|
|
Disk Init |
|
|
|
Disk Mirror |
|
|
|
Disk Refit |
|
|
|
Disk Reinit |
|
|
|
Disk Release |
|
|
|
Disk Remirror |
|
|
|
Disk Resize |
|
|
|
Disk Unmirror |
|
|
|
Drop Database |
|
|
|
Drop Encryption Key |
|
|
|
Dump Database |
|
|
|
Dump Transaction |
|
|
|
Encrypted Column Administration |
|
|
|
Errorlog Administration |
|
ERROR LOG |
|
JCS Install Command |
|
JCS |
|
JCS Remove Command |
|
JCS |
|
Kill/Terminate Command |
|
|
|
LDAP State Changes |
|
|
|
Load Database |
|
|
|
Load Transaction |
|
|
|
Mount Database |
|
|
|
Online Database |
|
|
|
Password Administration |
|
|
|
Quiesce Database Command |
|
|
|
Quiesce Hold Security |
|
QUIESCE |
|
Quiesce Release |
|
QUIESCE |
|
Regenerate Keypair |
|
|
|
Server Boot |
|
|
|
Server Shutdown |
|
|
|
SSL Administration |
|
|
|
Undeploy UDWS |
|
|
|
Undeploy User Defined Web Services |
|
|
|
Unmount Database |
|
|
Unknown or uncategorized events track audited activity that cannot be categorized. Table D-10 shows the Sybase ASE unknown or uncategorized event and the equivalent Oracle AVDF event.
User session events track audited authentication events for users who log in to the database.
Table D-11 lists the Sybase ASE user session events and the equivalent Oracle AVDF events.