understand the structure of a oracle audit file




Find List Of All Possible Keywords In Audit Log Files [ID 293973.1] To Bottom
Modified:Jan 10, 2005Type:HOWTOStatus:PUBLISHEDPriority:3
Comments (0)

Applies To

Oracle Server – Enterprise Edition – Version: 8.1.7.4 to 10.1.0.3
Information in this document applies to any platform.

Goal

Provide the complete list of all possible keywords in audit files in order to write an interpreting script to parse all audit logfiles .

Fix

The list of possible keywords that can be found in OS audit files are the column names of SYS.AUD$ table .

Note:

  1. The TIMESTAMP# column value is written in the date displayed before each record :

“Mon Nov 15 13:30:05 2004”

  1. The OS$USERID is the content of SYS.AUD$.SPARE1 column .

Examples:

SESSIONID: “53682”
ENTRYID: “1”
STATEMENT: “1”
USERID: “SCOTT”
ACTION: “100”
RETURNCODE: “0”
COMMENT$TEXT: “Authenticated by: DATABASE”
OS$USERID: “ora92”
PRIV$USED: 5

SESSIONID: “53789”
ENTRYID: “1”
ACTION: “101”
RETURNCODE: “0”
LOGOFF$PREAD: “103”
LOGOFF$LREAD: “3201”
LOGOFF$LWRITE: “12”
LOGOFF$DEAD: “0”
SESSIONCPU: “125”

SESSIONID: “53790”
ENTRYID: “2”
STATEMENT: “8”
USERID: “SCOTT”
ACTION: “65”
RETURNCODE: “1031”
OBJ$NAME: “P”
OS$USERID: “ora92”

SESSIONID: “53793”
ENTRYID: “2”
STATEMENT: “6”
USERID: “SYSTEM”
ACTION: “108”
RETURNCODE: “0”
OBJ$PRIVILEGES: “-”
AUTH$GRANTEE: “SCOTT”
SYS$OPTIONS: “15”
OS$USERID: “ora92”

SESSIONID: “53795”
ENTRYID: “4”
STATEMENT: “8”
USERID: “SYSTEM”
ACTION: “30”
RETURNCODE: “942”
OBJ$CREATOR: “SCOTT”
OBJ$NAME: “EMP”
OS$USERID: “ora92”

SESSIONID: “53796”
ENTRYID: “2”
STATEMENT: “8”
USERID: “SCOTT”
ACTION: “103”
RETURNCODE: “0”
OBJ$CREATOR: “SCOTT”
OBJ$NAME: “DEPT”
SES$ACTIONS: “———-S—–”
SES$TID: “66838”
OS$USERID: “ora92”

And this is the list of SYS.AUD$ columns :

SESSIONID
ENTRYID
STATEMENT
TIMESTAMP#
USERID
USERHOST
TERMINAL
ACTION#
RETURNCODE
OBJ$CREATOR
OBJ$NAME
AUTH$PRIVILEGES
AUTH$GRANTEE
NEW$OWNER
NEW$NAME
SES$ACTIONS
SES$TID
LOGOFF$LREAD
LOGOFF$PREAD
LOGOFF$LWRITE
LOGOFF$DEAD
LOGOFF$TIME

 

Author: admin