Activity Auditing Overview

Activity Auditing lets you collect audit data from your target databases so that you can monitor database activities.

This article has the following topics:

About Activity Auditing

You entrust your databases to your database administrators, account owners, and end users. However, it’s important to monitor database activity regularly because accounts are always at risk for being compromised or misused. Activity Auditing in Oracle Data Safe helps to ensure accountability and improve regulatory compliance.

With Activity Auditing, you can collect and retain audit records per industry and regulatory compliance requirements and monitor user activities on Oracle databases. For example, you can audit access to sensitive data, security-relevant events, administrator and user activities, activities recommended by compliance regulations like the Center for Internet Security (CIS), and activities defined by your own organization. You can collect up to one million audit records per month per target database in Oracle Data Safe for free.

Activity Auditing Dashboard

By default, the Activity Auditing dashboard shows you a summary of audit events for the last one week for all target databases, in the form of charts and tables. This gives you a broad overview of audit events across all target databases monitored by Oracle Data Safe. You can modify the filters set on target database and time period as needed. The charts and tables are immediately updated.

Description of activity_auditing_dash.bmp follows
Description of the illustration activity_auditing_dash.bmp

The Failed Logins Activity chart shows you the number of failed logins on all or selected target databases for the specified time period.

The Admin Activity chart shows you the number of database schema changes, logins, audit setting changes, and entitlement changes on all or selected target databases for the specified time period.

The All Activity chart chart shows you the total count of audit events on all or selected target databases for the specified time period.

The Events summary tab lists the following audit event categories. For each category, you can view the number of target databases that have an audit event in each event category as well as the total number of events per category.

  • Login Failures By Admin
  • Schema Changes By Admin
  • Entitlement Changes By Admin
  • Login Failures
  • Schema Changes
  • Entitlement Changes
  • Audit Settings Changes
  • Database Vault All Violations
  • Database Vault Policy Changes
  • Data Access Events
  • All Activity By Admin
  • All Activity

The Targets Summary tab shows you various audit event counts per target database. Audit events include the number of login failures, schema changes, entitlement changes, audit settings changes, all activity (all audit events), database vault realm violations and command rule violations, and database vault policy changes. If there are no audit events for a target database, the target database isn't listed.

Audit Profiles, Audit Policies, Audit Trails, and Archive Data Retrievals

Activity Auditing resources that pertain to audit data collection, retention, and retrieval are audit profiles, audit policies, audit trails, and archive data retrievals.

An audit profile resource gives you the flexibility to compute how much audit data is available on the target database for each audit trail that Oracle Data Safe has not yet collected. This helps you evaluate the initial audit data volume when you configure collection in Oracle Data Safe. You also can compute how much audit data Oracle Data Safe has already collected from the target database.

An audit policy resource represents the audit policies for the target database, their corresponding provisioning status, and which policies are enabled or disabled on the target database..

An audit trail represents audit record collection from the target's database trail such as UNIFIED_AUDIT_TRAIL, which provides documentary evidence of the sequence of activities. Configuring audit trails in Oracle Data Safe, and enabling audit data collection on the audit trails copies the audit records from the target database's audit trail into the Oracle Data Safe repository.

An archive data retrieval represents an archive retrieve request for audit data. You can retrieve audit data for a target database from the archive and store it online.

Activity Auditing Reports

Oracle Data Safe generates several predefined audit reports that you can view from the Audit Reports page. The reports track general database activities, such as audited SQL statements, application access activities, and user login activities, as well as Oracle Data Safe activities.

The following table describes each report.

Report Name Description
All Activity All audited activities
Admin Activity Report tracking database activities on admin users as identified in the User Assessment feature. Please note that changes on users may not be reflected immediately in the report and might take up to 12 hours to appear.
User/Entitlement Changes User creation/deletion/privilege and role changes
Audit Policy Changes All changes in audit policies
Login Activity Database login attempts
Data Access Database query operations
Data Modification Data modification activities (DMLs)
Database Schema Changes Database schema changes (DDLs)
Data Safe Activity Activity generated by the Oracle Data Safe service
Database Vault Activity Auditable activities of enabled Oracle Database Vault policies in target databases, including mandatory Database Vault configuration changes, realm violations, and command rule violations
Common User Activity Report tracking database activities on common users as identified in the User Assessment feature.
Database Error Report tracking errors reported in database for activities that are audited.
Data Extraction Activity Report tracking DataPump and RMAN activities in database.
Sensitive Data Activity Report tracking database activities on sensitive objects as identified in the sensitive data models of the Data Discovery feature.


This report will only display data if there is a Sensitive Data Model for the target database.

Prerequisites for Using Activity Auditing

These are the prerequisites for using Activity Auditing:

  • Register the target databases that you want to use with Activity Auditing.
  • Grant the Audit Collection and Audit Setting roles on the target database. A Database Administrator can grant these roles to the Oracle Data Safe Service Account on the target database.
  • Obtain permission in Oracle Cloud Infrastructure Identity and Access Management (IAM) to use the Activity Auditing feature in Oracle Data Safe. An OCI administrator can grant view or manage permission as needed on the following resources:
    • data-safe-work-requests
    • data-safe-audit-profiles
    • data-safe-audit-trails
    • data-safe-audit-events
    • data-safe-archive-retrievals
    • data-safe-report-definitions
    • data-safe-reports
    • data-safe-audit-policies

See Also:

The Administering Oracle Data Safe guide provides these sections to help with establishing the prerequisites: