Check Unified Audit records and enable policies in Oracle

Leave a reply

Check Unified Audit records and enable policies in Oracle

1. Check unified audit is enabled.

SELECT value FROM v$option WHERE parameter = 'Unified Auditing';
VALUE
------
TRUE

2. Check the enabled polices of unified audit.

select distinct policy_name from AUDIT_UNIFIED_ENABLED_POLICIES;

3. Check all policy details

SELECT policy_name, enabled_option, entity_name, success, failure
FROM audit_unified_enabled_policies
WHERE policy_name = 'TESTPOLICY1';

POLICY_NAME   ENABLED_OPTION        ENTITY_NAME SUCCESS  FAILURE
------------  --------------------  ----------  -------  -------
TESTPOLICY1   BY                    HR          NO       YES


Note: SUCCESS or FAILURE columns value tell WHENEVER SUCCESSFUL or WHENEVER NOT SUCCESSFUL clause is used during setting AUDITING.
like “AUDIT POLICY TESTPOLICY1 BY HR WHENEVER NOT SUCCESSFUL;”

3. Check the report for the enabled polices.

--Check today audit records
set lines 200
col SQL_TEXT for a30
col action_name for a20
col UNIFIED_AUDIT_POLICIES for a30
select action_name,SQL_TEXT,UNIFIED_AUDIT_POLICIES ,EVENT_TIMESTAMP from unified_AUDIT_trail
where EVENT_TIMESTAMP > sysdate -1;

4. Check all policies present in Database.

-- Audit policies present in db:
select distinct POLICY_NAME from AUDIT_UNIFIED_POLICIES;

5. Enable or Disable policy

-- Enable policy:
AUDIT POLICY TESTPOLICY1;
--Disable Policy:
NOAUDIT POLICY TESTPOLICY1;

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.