Parsing OS Level Audit Logs

Sep 20, 2023 12:24PM

Hello,

We have enabled database auditing on DBA users and AUT_TRAIL=OS,

We want to know what complete statement he executed and also want to know about:

STATEMENT:[2] "98" <<<< check STATEMENT number is different in both audits, we want to what complete statement was executed.

SYS$OPTIONS:[3] "364"

STATEMENT:[3] "303" <<<< check STATEMENT number is different in both audits, we want to what complete statement was executed.

PRIV$USED:[2] "40"

Sep 20 11:15:08 mydb journal: Oracle Audit[122457]: LENGTH: "317" SESSIONID:[8] "30794613" ENTRYID:[2] "48" STATEMENT:[2] "98" USERID:[7] "THASSAN" USERHOST:[26] "MS-JUMPS" TERMINAL:[15] "MS-JUMPS" ACTION:[3] "105" RETURNCODE:[1] "0" AUTH$GRANTEE:[7] "THASSAN" SYS$OPTIONS:[3] "364" OS$USERID:[7] "bt.func" DBID:[10] "3205851056" CURRENT_USER:[7] "THASSAN"

Sep 20 11:21:13 mydb journal: Oracle Audit[122457]: LENGTH: "336" SESSIONID:[8] "30794613" ENTRYID:[3] "300" STATEMENT:[3] "303" USERID:[7] "THASSAN" USERHOST:[26] "MS-JUMPS" TERMINAL:[15] "MS-JUMPS" ACTION:[1] "1" RETURNCODE:[1] "0" OBJ$CREATOR:[7] "THASSAN" OBJ$NAME:[7] "T_AUDIT" OS$USERID:[7] "bt.func" DBID:[10] "3205851056" PRIV$USED:[2] "40" CURRENT_USER:[7] "THASSAN"

Database Administration (MOSC)

Parsing OS Level Audit Logs

Howdy, Stranger!

Category Leaderboard

Top contributors this month