This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Oracle Server supports basic functions for database operations auditing. However, this auditing covers only system and user activity and does not cover data change auditing. There are no GUI tools available from Oracle to provide easy interface for setting audit options and reviewing results of the audit.
DB Audit offers comprehensive Oracle database auditing:- DB Audit provides methods and tools for data change auditing. - DB Audit provides an easy-to-use GUI for system access and user activity auditing.
Part I
System and user activity auditing
Start DB Audit and connect to database
System audit options
Note: To get brief description of every menu item simply highlight it then look in the status bar at the bottom of DB Audit screen.
System Audit Options Dialog
Notes: This dialog has two tabs. One tab is used for setting system audit options for SQL statements, and another tab is used for various schema objects. The dialog provides complete instructions for setting system audit options. To enable system auditing you must set audit_trail = true in the INIT.ORA file. To view the results of auditing you can use reports from the Report menu.
Volume of audit trail data can grow very fast. That’s why from time to time you may want to purge the data and/or archive it to some history table or file before purging.
Archiving to a table
Notes: Type name of a new table to which audit trail will be copied or select name of an existing table. If the chosen table does not exists DB Audit will create it and copy audit trail data, otherwise the audit data will be appended to the table.
Similarly you can export audit trail records to an external tab-delimited file. Use Export to File menu for this operation.
To check enabled system audit options
Notes: See next slide for details
Enabled Statements Audit (Example Report)
Let’s setup some system audit options for user DEMO
(continued)
Let’s pretend we are user DEMO performing some operations in the database
Let’s see how the auditing works. Let’s run Audit Report by User Session.
(continued)
Now let’s run Auditing Report by Object Access.
Reporting options
Notes: Volume of audit trail data can be very large, that’s why for every report DB Audit provides simple filtering options that you can use to narrow the report output. If you don’t specify any options the DB Audit will display everything that is available in the system audit trail.
Part II
Data change auditing.
Q: How does DB Audit know when your data has been changed?
A: DB Audit installs triggers on the tables you select to audit. Triggers are events that automatically execute every time a row in a given table is inserted, updated,
or deleted.
DB Audit automatically builds necessary triggers and “mirror” audit tables for intelligent data auditing without requiring from user to know what objects are used internally to perform the auditing functions.
Let’s setup data auditing for several DEMO tables
Generated Objects
(continued)
Let’s pretend we are user DEMO making some data changes in the database
Let’s run the Data Change Audit report
(continued)
Notes: DB Audit shows the Select Table dialog that lists only tables being audited. You can select the desired table and then click OK to proceed.
Here is the report
•For DELETE, type is always OLD•For INSERT, type is always NEW•For UPDATE, there are always two rows one having type OLD and another having type NEW
Let’s check another table
Notes: For DELETE operations DB Audit captures and saves complete deleted rows, for INSERT it saves complete inserted rows, and for UPDATE, it saves both old and new rows no matter how many columns were affected by the UPDATE. A “mirror” table has the same set of columns as the audited table plus some additional columns for storing information about who and when made the change.
•For DELETE, type is always OLD•For INSERT, type is always NEW•For UPDATE, there are always two rows one having type OLD and another having type NEW
As you could see DB Audit makes data change auditing even simpler than 1,2,3. It features only 2 steps: 1st step is to select the desired tables for auditing2nd step is to review the data change report. You don’t even need to know the SQL to setup and use these powerful features.
You purge, export, and archive data audit trail exactly as you do it for the system audit trail. The only exception is that system audit trail is stored in a single table and the data audit trail is stored in as many tables as many tables were selected for the auditing. Again, these operations are optional and you usually perform them if you want to free some space in the database.
For more details please see slides in the beginning of this presentation.
Here are other options for viewing and manipulating report data
For more details on the available system audit options please see your Oracle Administration Guide. For more details on using DB Audit please see the DB Audit help system.