Auditing

Auditing is a default feature of the Oracle server. The initialization

parameters that influence its behaviour can be displayed using the SHOW
PARAMETER SQL*Plus command.

SQL> SHOW PARAMETER AUDIT

Auditing is disabled by default, but can enabled by setting the AUDIT_TRAIL

static parameter, which has the following allowed values.

AUDIT_TRAIL = { none | os | db | db,extended | xml | xml,extended }

The following list provides a description of each setting:

* none or false - Auditing is disabled.

* db or true - Auditing is enabled, with all audit records stored in the
database audit trial (SYS.AUD$).
* db,extended - As db, but the SQL_BIND and SQL_TEXT columns are also
populated.
* xml- Auditing is enabled, with all audit records stored as XML format OS
files.
* xml,extended - As xml, but the SQL_BIND and SQL_TEXT columns are also
populated.
* os- Auditing is enabled, with all audit records directed to the operating
system's audit trail.

How to enable auditing in Oracle database

For Oracle versions prior to 9 set audit_trail parameter in ini file i.e.:

audit_trail = DB
db or true - Auditing is enabled, with all audit records stored in the database
audit trial (SYS.AUD$).

For Oracle 9 and later:

sql> alter system set audit_trail = DB;

To allow auditing on the server you must:
* Set "audit_trail = true" in the init.ora file.
* Run the $ORACLE_HOME/rdbms/admin/cataudit.sql script while connected as SYS.
* Audit trace files stored at /oracle/app/oracle/admin/ORACLE_SID/adump

Audit Options
Assuming that the "chandu" user is to be audited:
CONNECT sys/password AS SYSDBA

Sql> AUDIT ALL BY chandu BY ACCESS;

Sql> AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY chandu BY
ACCESS;
Sql> AUDIT EXECUTE PROCEDURE BY chandu BY ACCESS;

If you want to audit a specific user run the following:

sql> audit alter table, select table, insert table, update table, delete table,
grant table, grant
procedure by USERNAME;

To stop audit for that user run:

Sql>noaudit alter table, select table, insert table, update table, delete table,
grant table,
grant procedure by USERNAME;

To enable auditing for a specific object do:

sql> AUDIT SELECT, INSERT, UPDATE, DELETE ON SCHEMA.TABLE;

To stop auditing:

sql> NOAUDIT SELECT, INSERT, UPDATE, DELETE ON SCHEMA.TABLE;

To see the results:

SQL> select * from dba_audit_trail;

Sql> select username,obj_name,owner,action from dba_audit_trail;
Sql> select username,owner,obj_name,action_name from dba_audit_object;
It will show the action name.

Audit views

VIEW_NAME
------------------------------
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_POLICIES
DBA_AUDIT_POLICY_COLUMNS
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_TRAIL
DBA_COMMON_AUDIT_TRAIL
DBA_FGA_AUDIT_TRAIL
DBA_OBJ_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_REPAUDIT_ATTRIBUTE
DBA_REPAUDIT_COLUMN
DBA_STMT_AUDIT_OPTS