• Home
  • About
  • Log In
  • Register
Follow Us
KTEXPERTS
  • Oracle DBA
    • Oracle 12C New Features
      • Oracle Multitenant Features
      • Non Container Features
    • Oracle Architecture
      • Oracle Server Architecture
      • Oracle Background Processes
      • Oracle Pyhisical Database
      • Select and Update Statement
      • Startup and Shutdown Modes
      • Redolog File Management
      • User Management
        • RMAN (Recovery Manager)
        • Oracle Production Support Scripts
    • Oracle Tablespace Management
    • Oracle Datapump (Exports & Imports)
    • Performance Tuning
    • Oracle Dataguard
    • Oracle ASM
    • Oracle Auditing
    • Oracle Partitioning
    • SecureCRT
    • Partitions/Shell Script
  • Oracle RAC
    • Introduction to Oracle RAC
    • 11gR2 RAC Installation
    • 12cR2 RAC Installation
    • 19c RAC Installation
    • Flashback Restore on Two Node RAC Servers
  • GoldenGate
    • Oracle to Oracle GoldenGate Unidirectional Replication
    • MySQL to Oracle Heterogeneous Replication
    • Oracle to MySQL Heterogeneous Replication
    • CredentialStore in Goldengate
    • GoldenGate Monitoring Commands
    • Usage of HandleCollisions and No HandleCollisions
    • Goldengate subdirs
    • Enable/Disable DDL replication
    • Data Selection & Filtering
    • Automation scripts in Goldengate
    • Logdump utility
    • Initial loads with GoldenGate
    • IgnoreDelete and IgnoreUpdate parameters in GG
    • COLS & COLSEXCEPT FILTER in GG
    • Add new table to existing GoldenGate Replication
      • Cassandra
  • AWS
    • EC2 (Elastic Compute Cloud)
    • S3 (Simple Storage Service)
    • IAM (Identity and Access Management)
    • CloudWatch
    • VPC (Virtual Private Cloud)
    • Route 53
    • RDS
    • Dynamo DB
    • EFS (Elastic File System)
    • Cloud Trail
    • Cloud Front
    • SNS (Simple Notification Service)
    • SQS (Simple Queue Service)
    • SES (Simple Email Service)
    • Redshift
    • Elastic Cache
    • Snowball
  • SQL Server
  • DevOps
    • LINUX
    • GIT
    • Chef
    • Ansible
    • Docker
    • Maven
  • MySQL
    • MySQL Installation & Upgrade
    • MySQL DBA
    • Difference Between Oracle and MySQL
  • PostgreSQL
    • Installation of PostgreSQL
    • WAL Internals in PostgreSQL
    • Replication to GCP PostgreSQL
    • Level of Work in Postgres Database
    • Data Fragmentation in PostgreSQL
    • PostgreSQL Interview Q&A
    • PostgreSQL Commands
  • Authors
    • Authors
    • Speakers
    • Volunteers
  • INDEX
    • Oracle DBA
      • Performance Tuning
      • Oracle RAC
      • Oracle 12c New Features
      • Oracle Production Support Scripts
      • Oracle DataGuard
      • Data Pump (Export & Import)
      • Oracle 18c
      • RMAN (Recovery Manager)
      • Oracle Tablespaces
      • Oracle ASM
      • Oracle Partitioning
      • Oracle Architecture
    • PostgreSQL
    • AWS
    • DevOps
    • GoldenGate
    • Cassandra
    • SQL Server
    • Oracle RAC
    • MySQL
    • SecureCRT
  • Webinar Recordings
  • Daily Tips
    • Oracle DBA Tips
    • GoldenGate Tips
    • MySQL Tips
    • SQL Server Tips
    • PostgreSQL Tips
    • MongoDB Tips
    • DevOps Tips
    • Python Tips
    • Data Science Tips
      • Exadata Tips
    • AWS Tips
    • .NET Tips
    • Linux Tips
  • Azure
  • Python
  • MongoDB
mm

Binnary Ajay Kumar

This is Binnary Ajay Kumar having around 4+ years of experience as Oracle DBA having exposure to SQL,PL*SQL, RAC,Dataguard, RMAN,GoldenGate,MySQL DBA and Amazon Web Services. Share your knowledge. It’s a way to achieve immortality.

Follow

Share this post

Tags

  • audit a user actions
  • audting
  • standard way of audting
  • sys.aud$

Auditing in Oracle

Posted on August 2, 2018 in Oracle Auditing, Oracle DB Admin
Share via:
Post Views: 0

Auditing in Oracle.

Auditing  is used to track the occurrence of SQL statements in subsequent user sessions.

In this article will see how can dba  track all types of sql operations  (select,insert,update,delete drop,create and alter) of particular user.

Auditing is a default feature of the Oracle server. The initialization parameters that influence its behaviour can be displayed using the SHOW PARAMETER

1
2
3
4
5
6
7
SYS> SHOW PARAMETER AUDIT
NAME                                  TYPE           VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest                        string     /oraeng/app/oracle/admin/ord/adump
audit_sys_operations                   boolean     FALSE
audit_trail                            string       NONE
unified_audit_sga_queue_size           integer     1048576

Auditing is disabled by default, but can enabled by setting the AUDIT_TRAIL static parameter, which has the following allowed values.

1
AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }

The following list provides a description of each setting:

  • none or false –  Auditing is disabled.
  • db or true –        Auditing is enabled, with all audit records stored in the database audit trial (SYS.AUD$).
  • db,extended –   As db, but the SQL_BIND and SQL_TEXT columns are also populated.
  • xml–                     Auditing is enabled, with all audit records stored as XML format OS files.
  • xml,extended – As xml, but the SQL_BIND and SQL_TEXT columns are also populated.
  • os–                       Auditing is enabled, with all audit records directed to the operating system’s audit trail.

To enable auditing and direct audit records to the database audit trail, we would do the following.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
SYS>>ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE;
System altered.
SYS>>shutdown
Database closed.
Database dismounted.
ORACLE instance shut down.
SYS>>startup
ORACLE instance started.
Total System Global Area  1895825408 bytes
Fixed Size                 2925744 bytes
Variable Size              570428240 bytes
Database Buffers           1308622848 bytes
Redo Buffers               13848576 bytes
Database mounted.
Database opened.
SYS>>sho parameter audit
NAME                                  TYPE         VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest                       string     /oraeng/app/oracle/admin/ord/adump
audit_sys_operations                  boolean     TRUE
audit_syslog_level                    string
audit_trail                           string      DB
unified_audit_sga_queue_size          integer     1048576

Now we will create user called aud_test with required privileges.

1
2
3
4
5
6
SYS>>CREATE USER aud_test IDENTIFIED BY aud_test DEFAULT TABLESPACE users TEMPORARY TABLESPACE temp QUOTA UNLIMITED ON users;
User created.
SYS>>GRANT connect TO aud_test;
Grant succeeded.
SYS>>GRANT create table, create procedure TO aud_test;
Grant succeeded.

Give permissions to audit all operations to the  AUD_TEST user.

These options audit all DDL and DML, along with some system events.

–> DDL (CREATE, ALTER & DROP of objects)
–>DML (INSERT UPDATE, DELETE, SELECT, EXECUTE).
–>SYSTEM EVENTS (LOGON, LOGOFF etc.)

1
2
3
4
5
6
SYS>>AUDIT ALL BY aud_test by access;
Audit succeeded.
SYS>>AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY aud_test by access;
Audit succeeded.
SYS>>AUDIT EXECUTE PROCEDURE BY aud_test by access;
Audit succeeded.

connect to AUD_TEST  and create  a table object then perform DML operations.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
SYS>>conn aud_test/aud_test
Connected.
AUD_TEST>>create table test_sep(sno number,name varchar2(10));
Table created.
AUD_TEST>>insert into test_sep values(10,'AJAY');
1 row created.
AUD_TEST>>insert into test_sep values(20,'KUMAR');
1 row created.
AUD_TEST>>insert into test_sep values(30,'VINOD');
1 row created.
AUD_TEST>>commit;
Commit complete.
AUD_TEST>>select * from test_sep;
SNO     NAME
------ --------
10     AJAY
20     KUMAR
30     VINOD
AUD_TEST>>update test_sep set name='KTEXPERTS' where sno=20;
1 row updated.
AUD_TEST>>commit;
Commit complete.
AUD_TEST>>select * from test_sep;
SNO      NAME
------  ----------
10       AJAY
20       KTEXPERTS
30       VINOD

In the next section we will look at how we view the contents of the audit trail.

The audit trail is stored in the SYS.AUD$ table. Its contents can be viewed directly or via the following views.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
SYS>>SELECT view_name FROM dba_views WHERE view_name LIKE 'DBA%AUDIT%'  ORDER BY view_name;
VIEW_NAME
--------------------------------------------------------------------------------
DBA_AUDIT_EXISTS
DBA_AUDIT_MGMT_CLEANUP_JOBS
DBA_AUDIT_MGMT_CLEAN_EVENTS
DBA_AUDIT_MGMT_CONFIG_PARAMS
DBA_AUDIT_MGMT_LAST_ARCH_TS
DBA_AUDIT_OBJECT
DBA_AUDIT_POLICIES
DBA_AUDIT_POLICY_COLUMNS
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_TRAIL
DBA_COMMON_AUDIT_TRAIL
DBA_DV_PATCH_ADMIN_AUDIT
DBA_FGA_AUDIT_TRAIL
DBA_OBJ_AUDIT_OPTS
DBA_OLS_AUDIT_OPTIONS
DBA_PRIV_AUDIT_OPTS
DBA_REPAUDIT_ATTRIBUTE
DBA_REPAUDIT_COLUMN
DBA_SA_AUDIT_OPTIONS
DBA_STMT_AUDIT_OPTS
DBA_XS_AUDIT_POLICY_OPTIONS
DBA_XS_AUDIT_TRAIL
DBA_XS_ENB_AUDIT_POLICIES
 
24 rows selected.

The most basic view of the database audit trail is provided by the DBA_AUDIT_TRAIL view, which contains a wide variety of information. The following query displays the some of the information from the database audit trail.

SELECT few of the columns from DBA_AUDIT_TRAIL Data Dictionary View.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
SYS>>set pages 500 lines 500
SYS>> COLUMN username FORMAT A10
SYS>> COLUMN owner FORMAT A10
SYS>> COLUMN obj_name FORMAT A10
SYS>> COLUMN extended_timestamp FORMAT A35
SYS>> SELECT username,extended_timestamp,owner,obj_name,action_name FROM dba_audit_trail WHERE owner ='AUD_TEST' ORDER BY timestamp;
USERNAME     EXTENDED_TIMESTAMP                 OWNER       OBJ_NAME   ACTION_NAME
---------- -----------------------------------  ---------- ----------  ----------------------------
AUD_TEST    02-AUG-18 07.03.12.061572 PM +05:30  AUD_TEST    TEST_SEP  CREATE TABLE
AUD_TEST    02-AUG-18 07.03.58.052671 PM +05:30  AUD_TEST    TEST_SEP  INSERT
AUD_TEST    02-AUG-18 07.04.11.411888 PM +05:30  AUD_TEST    TEST_SEP  INSERT
AUD_TEST    02-AUG-18 07.05.03.304228 PM +05:30  AUD_TEST    TEST_SEP  INSERT
AUD_TEST    02-AUG-18 07.05.24.116901 PM +05:30  AUD_TEST    TEST_SEP  SELECT
AUD_TEST    02-AUG-18 07.06.23.669604 PM +05:30  AUD_TEST    TEST_SEP  UPDATE
AUD_TEST    02-AUG-18 07.06.30.958158 PM +05:30  AUD_TEST    TEST_SEP  SELECT

As a DBA we will come to know  which os user and from system IP address user connected to perform the transaction.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
SYS>>select OS_USERNAME,USERNAME,USERHOST,OBJ_NAME,TIMESTAMP,SCN from dba_audit_trail where username='AUD_TEST';
 
OS_USERNAME  USERNAME    USERHOST        OBJ_NAME                      TIMESTAMP  SCN
----------   ---------- --------------- ------------------------------ ---------  ----------
oracle       AUD_TEST   dba20.ord.com   DBMS_APPLICATION_INFO          02-AUG-18  1750208
oracle       AUD_TEST   dba20.ord.com   DBMS_APPLICATION_INFO          02-AUG-18  1750210
oracle       AUD_TEST   dba20.ord.com   DBMS_STANDARD                  02-AUG-18  1750257
oracle       AUD_TEST   dba20.ord.com   DBMS_APPLICATION_INFO          02-AUG-18  1752203
oracle       AUD_TEST   dba20.ord.com   DBMS_APPLICATION_INFO          02-AUG-18  1752205
oracle       AUD_TEST   dba20.ord.com                                  02-AUG-18
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18  1750428
oracle       AUD_TEST   dba20.ord.com   DUAL                           02-AUG-18  1750202
oracle       AUD_TEST   dba20.ord.com   SQLPLUS_PRODUCT_PROFILE        02-AUG-18  1750204
oracle       AUD_TEST   dba20.ord.com   PRODUCT_PRIVS                  02-AUG-18  1750204
oracle       AUD_TEST   dba20.ord.com   SQLPLUS_PRODUCT_PROFILE        02-AUG-18  1750206
oracle       AUD_TEST   dba20.ord.com   PRODUCT_PRIVS                  02-AUG-18  1750206
oracle       AUD_TEST   dba20.ord.com   DUAL                           02-AUG-18  1750212
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18  1750384
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18  1750433
oracle       AUD_TEST   dba20.ord.com   DUAL                           02-AUG-18  1752197
oracle       AUD_TEST   dba20.ord.com   SQLPLUS_PRODUCT_PROFILE        02-AUG-18  1752199
oracle       AUD_TEST   dba20.ord.com   PRODUCT_PRIVS                  02-AUG-18  1752199
oracle       AUD_TEST   dba20.ord.com   SQLPLUS_PRODUCT_PROFILE        02-AUG-18  1752201
oracle       AUD_TEST   dba20.ord.com   PRODUCT_PRIVS                  02-AUG-18  1752201
oracle       AUD_TEST   dba20.ord.com   DUAL                           02-AUG-18  1752207
oracle       AUD_TEST   dba20.ord.com   AUD$                           02-AUG-18
oracle       AUD_TEST   dba20.ord.com   SYSTEM_PRIVILEGE_MAP           02-AUG-18
oracle       AUD_TEST   dba20.ord.com   SYSTEM_PRIVILEGE_MAP           02-AUG-18
oracle       AUD_TEST   dba20.ord.com   STMT_AUDIT_OPTION_MAP          02-AUG-18
oracle       AUD_TEST   dba20.ord.com   AUDIT_ACTIONS                  02-AUG-18
oracle       AUD_TEST   dba20.ord.com   DBA_AUDIT_TRAIL                02-AUG-18
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18  1752218
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18  1750317
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18  1750323
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18  1750375
oracle       AUD_TEST   dba20.ord.com                                  02-AUG-18
oracle       AUD_TEST   dba20.ord.com                                  02-AUG-18
oracle       AUD_TEST   dba20.ord.com   TEST_SEP                       02-AUG-18
oracle       AUD_TEST   dba20.ord.com                                  02-AUG-18
oracle       AUD_TEST   dba20.ord.com                                  02-AUG-18

All the information regarding AUDITING stored in sys.aud$.

Simple we can  truncate those information by using TRUNCATE command.

1
2
3
4
SYS>>truncate table sys.aud$;
Table truncated.
SYS>> SELECT username,extended_timestamp,owner,obj_name,action_name FROM dba_audit_trail WHERE owner ='AUD_TEST' ORDER BY timestamp;
no rows selected

In above query the result is no rows selected  because we truncated info from sys.aud$.

 

Thank you ………..

Share via:
Note: Please test scripts in Non Prod before trying in Production.
1 Star2 Stars3 Stars4 Stars5 Stars (7 votes, average: 5.00 out of 5)
Loading...

You might also like...

  • Automating OSWatcher Log Capture with oswlogs_capture.sh

    Automating OSWatcher Log Capture with oswlogs_capture.sh

  • Table/index movement using pl/sql procedure

    Table/index movement using pl/sql procedure

  • Datapump export and import from Source PDB to Target PDB

    Datapump export and import from Source PDB to Target PDB

Previous Post: PLANNED FAILOVER and ReIntializing the OLD Primary as the NEW Standby(Using Flashback)
Next Post: Fine-Grained Auditing (FGA)

One thought on “Auditing in Oracle”

  1. mike

    September 27, 2019 at 9:45 pm

    Reply

    Hello, one question, your putty what is it?

Add Comment Cancel reply

Recent Comments

  • Krishna on Installation of Oracle Linux In windows
  • Binnary Ajay Kumar on How to move or rename Oracle Home
  • Prabhu on How to move or rename Oracle Home
  • Krishna on Protected: How to kill Long Running Query using scripts.
  • krishna on Linux Basic Commands for DevOps (PART-2)

Categories

Ad

Started ktexperts.com with a small hope of sharing knowledge, And today we can proudly say that ktexperts.com is being accessed from all corners of the world. Here’s a glimpse of our growth.

About KTEXPERTS

KT Experts is one enthusiastic knowledge-sharing platform. The platform concentrates on all Database Technologies like Oracle Database Administration(DBA), Oracle RAC, Oracle GoldenGate, MySQL, SQL Server Database Administration, Cassandra, AWS and DevOps.

This page consists of all the well-developed articles  of the Technologies. This is an effort of many dedicated professionals for a better IT world.

We have received the best reviews over time and the usage of this page has been increasingly drastic. So why wait? Let’s get started!!!

Thank you 

Follow Our Social Networking Sites

Recent Posts

  • Automating OSWatcher Log Capture with oswlogs_capture.sh

    Automating OSWatcher Log Capture with oswlogs_capture.sh

  • COMPRESSION IN CASSANDRA

    COMPRESSION IN CASSANDRA

  • INSTALLING CASSANDRA USING DEBIAN PACKAGES

    INSTALLING CASSANDRA USING DEBIAN PACKAGES

  • OBJECT ORIENTED PROGRAMMING IN PYTHON

    OBJECT ORIENTED PROGRAMMING IN PYTHON

  • CASSANDRA INSTALLATION USING

    CASSANDRA INSTALLATION USING

Our Partners

Website Visitors


Locations of visitors to this page

COPYRIGHT © 2017 - KTEXPERTS.COM Back To Top
sponsored