Auditing of Autonomous Oracle Database

Check if unified auditing is enabled:

SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing';

Check what options are enabled:

SELECT up.AUDIT_OPTION, uep.SUCCESS, uep.FAILURE from AUDIT_UNIFIED_ENABLED_POLICIES uep, AUDIT_UNIFIED_POLICIES up 
where uep.ENTITY_NAME = 'ALL USERS' and uep.ENABLED_OPTION='BY USER' and uep.POLICY_NAME = up.POLICY_NAME and up.AUDIT_OPTION_TYPE = 'STANDARD ACTION'

Query the changes:

SELECT action_name, dbusername, event_timestamp, sql_text, CLIENT_PROGRAM_NAME FROM unified_audit_trail 
    WHERE action_name ='LOGON' order by event_timestamp desc;

Limitations

The following queries fall with ‘ORA-00942: table or view does not exist’ error:

SELECT * FROM V_$PARAMETER;
SELECT * FROM GV_$INSTANCE;
SELECT * FROM ALL_UNIFIED_AUDIT_ACTIONS;
SELECT * FROM GV_$UNIFIED_AUDIT_TRAIL;
SELECT * FROM FGA_LOG$;

And the following query falls with ‘ORA-01031: insufficient privileges’ error:

SELECT * FROM AUDSYS.AUD$UNIFIED;

We can replace AUDSYS.AUD$UNIFIED with UNIFIED_AUDIT_TRAIL in the auditing queries, but it is not clear what to do with the above tables that do not exist.

Pictures

Contacting Oracle Cloud support

I tried to contact Oracle Cloud support in Live Chat, but got this:

Leave a Reply

Your email address will not be published.