A component of an audit record. Each audit record field represents an attribute of the event that the record represents. If the record is in a table, then its fields are columns.
A location of audit records on the secured target. For example:
If the secured target writes audit records into files (called audit files), then the directory path plus the file mask is an audit trail.
If the source writes audit records into a database table (called an audit table), then the name of the table is an audit trail.
If the source writes some audit records into files of directory x, some into database table y, and some into files of directory z, then the source has three different audit trails: directory x plus the file mask, table y, and directory z plus the file mask.
The process that purges audit records from the secured target after they are stored in Audit Vault Server repository. The collection plug-in provides the checkpoint to either the source or a utility that has permission to delete records from the source, and the source or utility purges the original records.
An audit record field in Oracle Audit Vault and Database Firewall, as opposed to an audit record field on a secured target (see collection plug-in). An Audit Vault Server field is either a core field, an extension field, or a large field.
The point in an audit trail after which a collection plug-in will start collecting audit records. If the collection plug-in has collected no records from the audit trail, then the checkpoint is immediately before the first record. If the collection plug-in started collecting records and then stopped, then the checkpoint is immediately after the last record that it collected.
A plug-in that adds an audit trail collection capability to Oracle Audit Vault and Database Firewall. It gets audit record semantics from a mapper file and reads audit records from either an audit table or XML audit files.
A large field that contains the text of the command that caused the event.
A large field that contains the parameters of the command that caused the event.
An Audit Vault Server field that has a corresponding field in audit records generated by almost every source. That is, almost every collection plug-in maps a source audit record field to each core field. Oracle Audit Vault and Database Firewall uses core fields for filtering and reporting. The core fields are described and listed in "Core Fields".
An XML file that describes the audit records that a specific secured target writes into either an audit table or XML audit files. The mapper file specifies the audit record fields to collect from the source, how to map them to Audit Vault Server fields, and which fields to use for recovery. A mapper file always specifies the secured target type, the maximum version of the source type that the mapper file supports, and the mapper file version. A mapper file can also specify the minimum version of the source type that it supports and an incremental field for calculating the checkpoint. The default for the incremental field is the event time field.
An application that adds a capability to another application (and usually cannot run independently).
The phase of data collection where an collection plug-in that stopped and restarted tries to reach its checkpoint. Resuming collection immediately after the checkpoint ensures that the collector does not miss any records. To avoid collecting duplicate records during recovery, the collector checks the Marker field of each record.
A secured target is a supported database or non-database product that you secure using an Audit Vault Agent, a Database Firewall, or both.
A category of auditing source. For example, Oracle Database is a secured target type, a collection of Oracle Database instances that generate audit records with the same fields. Secured target types generate semantically identical audit records (that is, audit records that have the same fields).