Audit-record format
The database server generates the second part of the audit record, with fields that depend on the audit event.
Table 1 shows the format of the database server audit records.
| ONLN | date and time | hostname or hostname. domain.ext | pid | database server name | user name | sid | errno | event mnemonic | Additional Fields |
|---|---|---|---|---|---|---|---|---|---|
| ONLN | 2008-07-28 15:43:00.000 | turk | 12930 | db_audit | jazt | 45 | 0 | CRDB | dbsch |
| ONLN | 2008-07-28 15:43:18.000 | turk | 12930 | db_audit | jazt | 45 | 0 | ACTB | dbsch:jazt:v1:103 |
| ONLN | 2008-07-28 15:43:19.000 | turk | 12930 | db_audit | jazt | 46 | 0 | CLDB | dbsh |
| ONLN | 2008-07-28 15:43:21.000 | turk | 12939 | db_audit | jazt | 47 | 0 | ALFR |
local:109:-:-:4:4:
db1,db2,db3, rootdbs:0 |
| ONLN | 2008-07-28 15:43:28.000 | turk | 12974 | db_audit | jazt | 48 | 0 | ALFR |
local:109:aa5x:-:
32:4: db1,db2 rootdbs:0 |
| ONLN | 2008-07-28 15:43:29.000 | turk | 12974 | db_audit | jazt | 48 | 0 | STDS | 2:- |
| ONLN | 2008-07-28 15:43:29.000 | turk | 12978 | db_audit | jazt | 49 | 0 | STPR | 100 |
| . . . | . . . | . . . | . . . | . . . | . . . | ... | . . . | . . . | . . . |
Note:
Session IDs can be suppressed using -S option of onshowaudit
utility.
% onshowaudit -n 60 -S -d- ONLN
- A fixed field used to identify events
- date and time
- Indicates when the audit event was recorded
- hostname
- The name of the UNIX host computer of the client application that executes the audit event
- hostname.domain.ext
- The name of the Windows host computer, domain, and extension of the client application that executes the audit event
- pid
- The process ID of the client application that causes the database server to run the audit event
- database server name
- The name of the database server on which the audit event is run
- user name
- The login name of the user who requests the event
- sid
- The session ID of the client application
- errno
- The event result that contains the error number that the event returns, indicating success (0) or failure
- event mnemonic
- Database server audit event that the database server ran, such as ALFR (Alter Fragment)
- additional fields
- Any fields that identify databases, tables, and so on. These additional
fields are audit-event fields that contain information captured in
tabular form by the onshowaudit utility for audit
analysis.
For operating-system-managed auditing on UNIX, the database server audit record is an additional field for the operating-system audit record. Audit event codes and fields lists the audit-event fields.