7.264 UNIFIED_AUDIT_TRAIL
When unified auditing is enabled in Oracle Database, the audit records are populated in this new audit trail.
This view displays audit records in tabular form by retrieving the audit records from the audit trail.
Note:
This view is populated only in an Oracle Database where unified auditing is enabled.
-
See Oracle Database Security Guide for more information about unified auditing.
-
See Oracle Database Upgrade Guide for more information about migrating to unified auditing.
Column | Datatype | NULL | Description |
---|---|---|---|
|
|
|
Type of auditing:
|
|
|
|
Audit session identifier |
|
|
|
Audit session identifier of proxying session |
|
|
|
Name of the operating system user for the database session |
|
|
|
Name of the host machine from which the session was spawned |
|
|
|
The operating system terminal of the user session |
|
|
|
Instance number as specified in the initialization parameter file, init.ora |
|
|
|
Database identifier of the audited database |
|
|
|
Authentication information for the session user |
|
|
|
Database user name of the user whose actions were audited |
|
|
|
Proxying user name, in the case of proxy authentication |
|
|
|
External user name, in the case of network or external authentication |
|
|
|
Global user identifier for the user, for a user logged in as an enterprise user |
|
|
|
Name of the program used for the database session |
|
|
|
Value of |
|
|
|
Name of the Real Application Security user |
|
|
|
Identifer of the Real Application Security session |
|
|
|
Numeric ID for each audit trail entry in the session |
|
|
|
Numeric ID for each statement run (a statement may cause many actions) |
|
|
|
Timestamp of the creation of the audit trail entry in the local time zone |
|
|
Timestamp of the creation of the audit trail entry in UTC (Coordinated Universal Time) |
|
|
|
|
Name of the action executed by the user. The name should be read in conjunction with the |
|
|
|
Oracle error code generated by the action. Zero if the action succeeded |
|
|
|
Operating system process identifier of the Oracle database process |
|
|
|
Transaction identifier of the transaction in which the object is modified |
|
|
|
System change number (SCN) of the creation of the audit trail entry |
|
|
|
Execution context identifier for each action |
|
|
|
Schema name of object affected by the action |
|
|
|
Name of the object affected by the action |
|
|
|
SQL associated with the event |
|
|
|
List of bind variables, if any, associated with |
|
|
|
Semicolon-seperated list of Application Context Namespace, Attribute, Value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=<value>) format |
|
|
|
Client identifier in each Oracle session |
|
|
|
The schema of the object named in the NEW_NAME column |
|
|
|
New name of object after RENAME, or name of underlying object (for example, CREATE INDEX owner.obj_name ON new_owner.new_name) |
|
|
|
Name of the edition containing the audited object |
|
|
|
Comma-separated list of system privileges used to execute the action |
|
|
|
System privilege granted/revoked by a GRANT/REVOKE statement |
|
|
|
AUDIT/NOAUDIT SQL command |
|
|
|
Object privileges granted/revoked by a GRANT/REVOKE statement |
|
|
|
Roles granted or revoked or set by GRANT/REVOKE/SET ROLE command |
|
|
|
User on whom the GRANT/REVOKE/AUDIT/NOAUDIT statement was executed |
|
|
|
User who was excluded when the AUDIT/NOAUDIT statement was executed |
|
|
|
Displays the schema of the excluded objects |
|
|
|
Displays object excluded from the action |
|
|
|
Effective user for the statement execution |
|
|
|
Text comment on the audit trail entry, if any |
|
|
|
Lists the audit policies that caused the current audit record. For example, if If more than one policy was configured, the list of policies that caused the event to be recorded in the audit trail are displayed in a comma-separated list. This column has a NULL value for mandatory audit records. See Oracle Database Security Guide for information on activities that are mandatorily audited. |
|
|
|
Fine-grained auditing (FGA) policy name that generated this FGA audit record |
|
|
|
Inactivity timeout of the Real Application Security session |
|
|
|
Type of the Real Application Security entity. Possible values are |
|
|
|
Target principal name in Real Application Security operations. Possible operations are set verifier, set password, add proxy, remove proxy, switch user, assign user, create session,and grant roles. |
|
|
|
Name of the Real Application Security proxy user |
|
|
|
Name of the Real Application Security data security policy enabled or disabled |
|
|
|
Name of the schema in enable, disable data security policy and global callback operation |
|
|
|
Real Application Security global callback event type |
|
|
|
Real Application Security callback package name for the global callback |
|
|
|
Real Application Security callback procedure name for the global callback |
|
|
|
The role that is enabled |
|
|
|
Real Application Security session cookie |
|
|
|
Name of the Real Application Security session namespace |
|
|
|
Name of the Real Application Security session namespace attribute |
|
|
|
The old value of the Real Application Security session namespace attribute |
|
|
|
The new value of the Real Application Security session namespace |
|
|
|
Numeric action type code for Database Vault |
|
|
|
Name of the action whose numeric code appears in the |
|
|
|
Numeric action type code for Database Vault administration |
|
|
|
Name of the user whose Database Vault authorization was modified |
|
|
|
Database Vault specific error code |
|
|
|
The unique name of the Database Vault object that was modified |
|
|
|
The unique name of the rule set that was executing and caused the audit event to trigger |
|
|
|
Text comment on the audit trail entry, providing more information about the statement audited |
|
|
|
An XML document that contains all of the factor identifiers for the current session at the point when the audit event was triggered |
|
|
|
Indicates whether a particular Database Vault object is enabled or disabled. For example, if a Database Vault administrator enables or disables a realm, then this event will be audited and the
|
|
|
|
Name of the Oracle Label Security (OLS) policy for which this audit record is generated |
|
|
|
Name of the user whose OLS authorization was modified |
|
|
|
Maximum read label assigned to a user |
|
|
|
Maximum write label assigned to a user |
|
|
|
Minimum write label assigned to a user |
|
|
|
OLS privileges assigned to a user or a trusted stored procedure |
|
|
|
Name of the trusted stored procedure whose authorization was modified or was executed |
|
|
|
OLS privileges used for an event |
|
|
|
String representation of the OLS label |
|
|
|
Type of the OLS label component |
|
|
|
Name of the OLS label component |
|
|
|
Name of the parent of the OLS group |
|
|
|
Old value for OLS ALTER events |
|
|
|
New value for OLS ALTER events |
|
|
|
RMAN session identifier. Together with |
|
|
|
Timestamp for the session |
|
|
|
The RMAN operation executed by the job. One row will be added for each distinct operation within an RMAN session. For example, a backup job would contain |
|
|
|
Type of objects involved for backup or restore/recover or change/delete/crosscheck commands. It contains one of the following values. If RMAN command does not satisfy one of them, then preference is given in order, from top to bottom of the list:
|
|
|
|
Device involved in the RMAN job. It may be For a backup job, it will be the output device type. For other commands (such as restore or crosscheck), it will be the input device type. |
|
|
|
Parameters during a Data Pump operation that have a text/string value. This may contain the values for:
For descriptions and more information about the settings that can appear for these Data Pump text parameters, see Table 7-2. |
|
|
|
Parameters during a Data Pump operation that have a boolean value. This may contain the values for:
|
|
|
Contains warnings issued during a Data Pump operation If no warnings were issued, this column contains |
|
|
|
|
Shows the number of columns that were loaded using the SQL*Loader direct path load method |
|
|
|
Stores virtual private database (VPD), Oracle Label Security (OLS), Real Application Security (RAS), and redaction policy names and predicates separated by a delimiter. In the case of redaction policies, the policy expression is displayed in place of the predicate. To format the output into individual rows, use the |
|
|
|
The connecting user name The value in this column is meaningful only when the |
|
|
|
The target database service name The value in this column is meaningful only when the |
|
|
|
The source location of the initiating connection The value in this column is meaningful only when the |
|
|
Oracle XML DB session ID The You can use this column to identify audit records from the same Oracle XML DB session. |
|
|
|
Return code for the Oracle XML DB protocol request This value is logged in the audit records for both the reply message containing the return code and its corresponding request message. For HTTP requests, a return code of |
|
|
|
Indicates the protocol and method for the Oracle XML DB protocol message This value is of the form Possible values for Examples: Note that the HTTP Unrecognized methods are logged as |
|
|
|
IP address of the client |
|
|
|
Text of the Oracle XML DB protocol message |
|
|
|
Unique database name of the audited database, which is defined by the |
|
|
|
Object type of the object being audited |
Footnote 1 This column is available starting with Oracle Database 21c.
Table 7-2 Data Pump Text Parameter Descriptions
Parameter | Description |
---|---|
|
The method used to load the data. Settings can be:
|
|
Indicates how certain types of data were handled during import operations. Settings are in bit-mask format, which are as follows:
|
|
Not in use |
|
Is either |
|
Specifies the version of database objects that were imported |
|
Indicates the name of the master table. By default, it appears as follows for export operations: schema_name.SYS_EXPORT_TABLE_n For import operations, it appears as follows: schema_name.SYS_IMPORT_TABLE_n The |
|
Type of export or import operation. For example a table export would be |
|
Indicates how table partitions were created during an import operation. Settings can be:
|
|
Indicates that the export was performed from a (source) database identified by a valid database link. The data from the source database instance was written to a dump file set on the connected database instance. |
|
Indicates the action that was taken on an import operation when the target table already existed. The values are as follows:
|
AUTHENTICATION_TYPE Description
The AUTHENTICATION_TYPE
column of UNIFIED_AUDIT_TRAIL
displays authentication information for the session user.
The value of this column is a string with the following syntax:
(TYPE=(auth_string));(CLIENT ADDRESS=((PROTOCOL=protocol)(HOST=client_ip_address)(PORT=client_port_number)));[(LOGON_INFO=((VERIFIER=%s-%s)(CLIENT_CAPABILITIES=%s));]
-
(TYPE=(auth_string));
Indicates the type of authentication for the session user.
Possible values for
auth_string
:DATABASE
- Username/password authenticationDIRECTORY
PASSWORD
- Directory-based user authenticationNETWORK
SERVICE
- Authentication was performed by Oracle Net Services or strong authenticationOS
- Operating system external user authenticationPROXY
- OCI proxy connection authentication
-
(CLIENT ADDRESS=((PROTOCOL=protocol)(HOST=client_ip_address)(PORT=client_port_number)));
Displays the protocol used by the client, such as
ipc
,sdp
,tcp
, ortcps
, the client IP address, and the client port number. -
(LOGON_INFO=((VERIFIER=version-rollover_state)(CLIENT_CAPABILITIES=capability_list));
This syntax is displayed only if authentication was completed during gradual database password rollover.
The value of
VERIFIER
comprises the following two values, separated by a hyphen:-
version
- Indicates the password version (11G
or12C
) -
rollover_state
- Indicates whether the user was authenticated with theOLD
password or theNEW
password
For
CLIENT_CAPABILITIES
, the value ofcapabilitiy_list
is a comma-separated list of one or more of the following client capabilities:O5L_NP
,O7L_MR
, orO8L_LI
. See Oracle Database Net Services Reference for more information about client capabilities. -
See Also:
-
Oracle Database PL/SQL Packages and Types Reference for more information about the
DBMS_AUDIT_MGMT
package -
Oracle Database PL/SQL Packages and Types Reference for more information about the
DBMS_AUDIT_UTIL.DECODE_RLS_INFO_ATRAIL_UNI
function