Auditing with Unified audit

From: Cee Pee <carlospena999_at_gmail.com>
Date: Fri, 24 Jun 2022 15:29:17 -0500
Message-ID: <CAPTPB11q3EVewgq75K-LAOOxPo0FXC4Tc42-_eSf0Ddb-sJEKQ_at_mail.gmail.com>

All,

Requirement: we want all actions, including DDL and DML by all users to be captured and want to see the SQL statements executed. v19c

I am reading up on Unified auditing. So far I have not come across one command that will let me do it. I am looking for something like "CREATE AUDIT POLICY test_policy audit all by <user>" or preferably one option to audit all actions by all users in one command. Doing it for every table is painful and new tables (sometimes even new schemas) get created regularly. This is not an OLTP system so not lots of queries but we have long running queries by a handful of users (less than 8). So there is going to be little overhead. Company security wants all actions by all users to be captured.

It seems there is a command to audit all system actions ("CREATE AUDIT POLICY all_actions_pol ACTIONS ALL") which doesnt seem to capture a drop table action by a user when I tested; the Unified Audit option is set to true in DB after relinking binaries and I also executed flush_unified_audit_trail after the drop table session user logged off his session.

By the way, we are open to doing either traditional or unified auditing.

CP.

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jun 24 2022 - 22:29:17 CEST

This message: [ Message body ]
Next message: Andy Wattenhofer: "Re: Auditing with Unified audit"
Previous message: Powell, Mark: "Re: OEM reporting failed login attempts on read-only physical standby database"
Next in thread: Andy Wattenhofer: "Re: Auditing with Unified audit"
Reply: Andy Wattenhofer: "Re: Auditing with Unified audit"
Maybe reply: Powell, Mark: "Re: Auditing with Unified audit"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message