Check if unified auditing is enabled:
SELECT VALUE FROM V$OPTION WHERE PARAMETER = 'Unified Auditing';
Check what options are enabled:
SELECT up.AUDIT_OPTION, uep.SUCCESS, uep.FAILURE from AUDIT_UNIFIED_ENABLED_POLICIES uep, AUDIT_UNIFIED_POLICIES up
where uep.ENTITY_NAME = 'ALL USERS' and uep.ENABLED_OPTION='BY USER' and uep.POLICY_NAME = up.POLICY_NAME and up.AUDIT_OPTION_TYPE = 'STANDARD ACTION'
Query the changes:
SELECT action_name, dbusername, event_timestamp, sql_text, CLIENT_PROGRAM_NAME FROM unified_audit_trail
WHERE action_name ='LOGON' order by event_timestamp desc;
Limitations
The following queries fall with ‘ORA-00942: table or view does not exist’ error:
SELECT * FROM V_$PARAMETER;
SELECT * FROM GV_$INSTANCE;
SELECT * FROM ALL_UNIFIED_AUDIT_ACTIONS;
SELECT * FROM GV_$UNIFIED_AUDIT_TRAIL;
SELECT * FROM FGA_LOG$;
And the following query falls with ‘ORA-01031: insufficient privileges’ error:
SELECT * FROM AUDSYS.AUD$UNIFIED;
We can replace AUDSYS.AUD$UNIFIED with UNIFIED_AUDIT_TRAIL in the auditing queries, but it is not clear what to do with the above tables that do not exist.
Pictures
Contacting Oracle Cloud support
I tried to contact Oracle Cloud support in Live Chat, but got this:
