V$XML_AUDIT_TRAIL

V$XML_AUDIT_TRAIL shows standard, fine-grained, SYS, and mandatory audit records written in XML format files.

Column Datatype Description
AUDIT_TYPE NUMBER Type of audit row:
  • 1 = Standard XML Audit

  • 2 = Fine Grained XML Audit

  • 4 = SYS XML Audit

  • 8 = Mandatory XML Audit

SESSION_ID NUMBER Numeric ID for the Oracle session
PROXY_SESSIONID NUMBER Proxy session serial number, if an enterprise user has logged in through a proxy mechanism
STATEMENTID NUMBER Numeric ID for the statement run (a statement may cause multiple audit records)
ENTRYID NUMBER Numeric ID for the audit trail entry in the session
EXTENDED_TIMESTAMP TIMESTAMP(6) WITH TIME ZONE Timestamp of the audited operation (the timestamp of the user's logon for entries is created by AUDIT SESSION)
GLOBAL_UID VARCHAR2(32) Global user identifier for the user, if the user has logged in as an enterprise user
DB_USER VARCHAR2(30) Database username of the user whose actions were audited
CLIENTIDENTIFIER VARCHAR2(64) Client identifier in the Oracle session
EXT_NAME VARCHAR2(1024) User's external name
OS_USER VARCHAR2(30) Operating system logon user name of the user whose actions were audited
OS_HOST VARCHAR2(128) Client host machine name
OS_PROCESS VARCHAR2(16) Operating system process identifier of the Oracle server process
TERMINAL VARCHAR2(30) Identifier for the user's terminal
INSTANCE_NUMBER NUMBER Instance number as specified by the INSTANCE_NUMBER initialization parameter
OBJECT_SCHEMA VARCHAR2(30) Owner of the audited object
OBJECT_NAME VARCHAR2(30) Name of the object affected by the action
POLICY_NAME VARCHAR2(30) Name of the fine-grained auditing policy
NEW_OWNER VARCHAR2(30) Owner of the object named in the NEW_NAME column
NEW_NAME VARCHAR2(30) New name of object after renaming, or the name of an underlying object (for example, CREATE INDEX owner.obj_name ON new_owner.new_name)
ACTION NUMBER Numeric code for the action type
STATEMENT_TYPE NUMBER Description of the action
TRANSACTIONID RAW(8) Identifier of the transaction in which the object is accessed or modified
RETURNCODE NUMBER Oracle error code generated by the action. Zero if the action succeeded.
SCN NUMBER System change number (SCN) of the query
COMMENT_TEXT VARCHAR2(4000) Text comments on standard audit entries. Also indicates how the user was authenticated - the method can be one of the following:
  • DATABASE - authentication was done by password

  • NETWORK - authentication was done by Oracle Net Services or the Advanced Networking Option

  • PROXY - the client was authenticated by another user. The name of the proxy user follows the method type.

AUTH_PRIVILEGES VARCHAR2(16) Privileges granted and revoked in GRANT and REVOKE statements recorded for standard audit trail entry
GRANTEE VARCHAR2(30) User who granted or revoked the privilege
PRIV_USED NUMBER Numerical code of privileges, if any, used in the action
SES_ACTIONS VARCHAR2(16) Session summary for standard audit records. A string of 12 characters, one for each action type, in the following order: Alter, Audit, Comment, Delete, Grant, Index, Insert, Lock, Rename, Select, Update, Flashback.

Values: - = None, S=Success, F=Failure, B=Both

OS_PRIVILEGE VARCHAR2(7) Operating system privilege (SYSDBA or SYSOPER), if any, used in the session. If no privilege is used, it will be NONE.
ECONTEXT_ID VARCHAR2(64) Application execution context identifier
SQL_BIND VARCHAR2(4000) List of bind variables used in the statement
SQL_TEXT VARCHAR2(4000) The statement or command that triggered the audit event
OBJ_EDITION_NAME VARCHAR2(30) Name of the edition containing the audited object
DBID NUMBER Database identifier of the audited database

Note:

The SQL_BIND and SQL_TEXT columns are only populated if the AUDIT_TRAIL initialization parameter is set to xml, extended or if the AUDIT_SYS_OPERATIONS initialization parameter is set to TRUE.