V$XML_AUDIT_TRAIL
shows standard, fine-grained, SYS, and mandatory audit records written in XML format files.
Note:
This view is populated only in an Oracle Database where unified auditing is not enabled. When unified auditing is enabled in Oracle Database, the audit records are populated in the new audit trail and can be viewed from UNIFIED_AUDIT_TRAIL
.
See Oracle Database Security Guide for more information about unified auditing.
See Oracle Database Upgrade Guide for more information about migrating to unified auditing.
Column | Datatype | Description |
---|---|---|
|
|
Type of audit row:
|
|
|
Numeric ID for the Oracle session |
|
|
Proxy session serial number, if an enterprise user has logged in through a proxy mechanism |
|
|
Numeric ID for the statement run (a statement may cause multiple audit records) |
|
|
Numeric ID for the audit trail entry in the session |
|
|
Timestamp of the audited operation (the timestamp of the user's logon for entries is created by AUDIT SESSION) |
|
|
Global user identifier for the user, if the user has logged in as an enterprise user |
|
|
Database username of the user whose actions were audited |
|
|
Client identifier in the Oracle session |
|
|
User's external name |
|
|
Operating system logon user name of the user whose actions were audited |
|
|
Client host system name |
|
|
Operating system process identifier of the Oracle server process |
|
|
Identifier for the user's terminal |
|
|
Instance number as specified by the |
|
|
Owner of the audited object |
|
|
Name of the object affected by the action |
|
|
Name of the fine-grained auditing policy |
|
|
Owner of the object named in the |
|
|
New name of object after renaming, or the name of an underlying object (for example, |
|
|
Numeric code for the action type |
|
|
Description of the action |
|
|
Identifier of the transaction in which the object is accessed or modified |
|
|
Oracle error code generated by the action. Zero if the action succeeded. |
|
|
System change number (SCN) of the query |
|
|
Text comments on standard audit entries. Also indicates how the user was authenticated - the method can be one of the following:
|
|
|
Privileges granted and revoked in |
|
|
User who granted or revoked the privilege |
|
|
Numerical code of privileges, if any, used in the action |
|
|
Session summary for standard audit records. A string of 12 characters, one for each action type, in the following order: Alter, Audit, Comment, Delete, Grant, Index, Insert, Lock, Rename, Select, Update, Flashback. Values: - = None, S=Success, F=Failure, B=Both |
|
|
Operating system privilege ( |
|
|
Application execution context identifier |
|
|
List of bind variables used in the statement |
|
|
The statement or command that triggered the audit event |
|
|
Name of the edition containing the audited object |
|
|
Database identifier of the audited database |
|
|
The ID of the container to which the data pertains. Possible values include:
|
Note:
The SQL_BIND
and SQL_TEXT
columns are only populated if the AUDIT_TRAIL
initialization parameter is set to xml, extended
or if the AUDIT_SYS_OPERATIONS
initialization parameter is set to TRUE
.
See Also: