My Oracle Support Banner

Database Vault Command Rule Violations audit record not logged into dvsys.audit_trail$, after enabling Unified auditing (Doc ID 2544331.1)

Last updated on FEBRUARY 04, 2020

Applies to:

Oracle Database - Enterprise Edition - Version 12.1.0.2 and later
Information in this document applies to any platform.

Symptoms

Created a DV rules / rule set using command rule CONNECT to restrict some users from connecting to database from some of the server. I am able to restrict as I wanted, however I would like to have that reported if any connection is not successful. Its 12c database and I don't see that report coming over OEM console.

Login as DV owner account :
SQL> select action_name,
   TO_CHAR(timestamp,'RR-MM-DD HH24:MI:SS') "timestamp",
   returncode,username,userhost,
   action_object_name,rule_set_name,
   instance_number,action_command
   from dvsys.audit_trail$
   where rule_set_name = '<rule set name>'
   order by timestamp desc;

no rows returned

 

Referring https://docs.oracle.com/database/121/DVADM/reports.htm#DVADM71000

You can enable audit options while creating command rule and then run the 'Command Rule Audit Report' to see the violations of command rule.

But here, the command rule violations are not captured in dvsys.audit_trail$

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.