V$XML_AUDIT_TRAIL
shows standard, fine-grained, SYS, and mandatory audit records written in XML format files.
Column | Datatype | Description |
---|---|---|
AUDIT_TYPE |
NUMBER |
Type of audit row:
|
SESSION_ID |
NUMBER |
Numeric ID for the Oracle session |
PROXY_SESSIONID |
NUMBER |
Proxy session serial number, if an enterprise user has logged in through a proxy mechanism |
STATEMENTID |
NUMBER |
Numeric ID for the statement run (a statement may cause multiple audit records) |
ENTRYID |
NUMBER |
Numeric ID for the audit trail entry in the session |
EXTENDED_TIMESTAMP |
TIMESTAMP(6) WITH TIME ZONE |
Timestamp of the audited operation (the timestamp of the user's logon for entries is created by AUDIT SESSION) |
GLOBAL_UID |
VARCHAR2(32) |
Global user identifier for the user, if the user has logged in as an enterprise user |
DB_USER |
VARCHAR2(30) |
Database username of the user whose actions were audited |
CLIENTIDENTIFIER |
VARCHAR2(64) |
Client identifier in the Oracle session |
EXT_NAME |
VARCHAR2(1024) |
User's external name |
OS_USER |
VARCHAR2(30) |
Operating system logon user name of the user whose actions were audited |
OS_HOST |
VARCHAR2(128) |
Client host machine name |
OS_PROCESS |
VARCHAR2(16) |
Operating system process identifier of the Oracle server process |
TERMINAL |
VARCHAR2(30) |
Identifier for the user's terminal |
INSTANCE_NUMBER |
NUMBER |
Instance number as specified by the INSTANCE_NUMBER initialization parameter |
OBJECT_SCHEMA |
VARCHAR2(30) |
Owner of the audited object |
OBJECT_NAME |
VARCHAR2(30) |
Name of the object affected by the action |
POLICY_NAME |
VARCHAR2(30) |
Name of the fine-grained auditing policy |
NEW_OWNER |
VARCHAR2(30) |
Owner of the object named in the NEW_NAME column |
NEW_NAME |
VARCHAR2(30) |
New name of object after renaming, or the name of an underlying object (for example, CREATE INDEX owner.obj_name ON new_owner.new_name ) |
ACTION |
NUMBER |
Numeric code for the action type |
STATEMENT_TYPE |
NUMBER |
Description of the action |
TRANSACTIONID |
RAW(8) |
Identifier of the transaction in which the object is accessed or modified |
RETURNCODE |
NUMBER |
Oracle error code generated by the action. Zero if the action succeeded. |
SCN |
NUMBER |
System change number (SCN) of the query |
COMMENT_TEXT |
VARCHAR2(4000) |
Text comments on standard audit entries. Also indicates how the user was authenticated - the method can be one of the following:
|
AUTH_PRIVILEGES |
VARCHAR2(16) |
Privileges granted and revoked in GRANT and REVOKE statements recorded for standard audit trail entry |
GRANTEE |
VARCHAR2(30) |
User who granted or revoked the privilege |
PRIV_USED |
NUMBER |
Numerical code of privileges, if any, used in the action |
SES_ACTIONS |
VARCHAR2(16) |
Session summary for standard audit records. A string of 12 characters, one for each action type, in the following order: Alter, Audit, Comment, Delete, Grant, Index, Insert, Lock, Rename, Select, Update, Flashback.
Values: - = None, S=Success, F=Failure, B=Both |
OS_PRIVILEGE |
VARCHAR2(7) |
Operating system privilege (SYSDBA or SYSOPER ), if any, used in the session. If no privilege is used, it will be NONE . |
ECONTEXT_ID |
VARCHAR2(64) |
Application execution context identifier |
SQL_BIND |
VARCHAR2(4000) |
List of bind variables used in the statement |
SQL_TEXT |
VARCHAR2(4000) |
The statement or command that triggered the audit event |
OBJ_EDITION_NAME |
VARCHAR2(30) |
Name of the edition containing the audited object |
DBID |
NUMBER |
Database identifier of the audited database |
Note:
TheSQL_BIND
and SQL_TEXT
columns are only populated if the AUDIT_TRAIL
initialization parameter is set to xml, extended
or if the AUDIT_SYS_OPERATIONS
initialization parameter is set to TRUE
.See Also: