praimsankar
asked on
Oracle Financials Auditing
I am auditing Oracle Financials (11.0.3 version) via Oracle aiditing rather than via the the Financials.
I need to know the os username of the person who is running the app rather than 'applprd' or some generic aplication id.
I set up auditing ' by session' but I get the generic userid and the action_name is 'session rec' when I select from dba_audit_trail.
I would like to see the osusername and the action , such as 'select, insert, update,delete'.
This is one row of the output:
27-oct-04 10:24:19 applprd APPS APPLSYS FND_USER SESSION REC
selecting from the aud$ table is not giving the desired result either.
I also tried audit .. by access but the action_name comes out as 'session_rec' as well.
Thanks for the help.
If this is easier to do via the APP then I nedd to know how.
I need to know the os username of the person who is running the app rather than 'applprd' or some generic aplication id.
I set up auditing ' by session' but I get the generic userid and the action_name is 'session rec' when I select from dba_audit_trail.
I would like to see the osusername and the action , such as 'select, insert, update,delete'.
This is one row of the output:
27-oct-04 10:24:19 applprd APPS APPLSYS FND_USER SESSION REC
selecting from the aud$ table is not giving the desired result either.
I also tried audit .. by access but the action_name comes out as 'session_rec' as well.
Thanks for the help.
If this is easier to do via the APP then I nedd to know how.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here's the columns in the aud$ view
The only one you could use are the USERID and USERHOST, and since you tried to audit
by access and session, nothing more can be done with the Oracle auditing.
Maybe the TERMINAL field could give you info on where the command is coming from.
Same info as in sqlplus:
select userenv('TERMINAL') from dual;
Gives you the name of your pc in client/server.
SQL> desc sys.aud$;
Name Null? Type
--------------------------
SESSIONID NOT NULL NUMBER
ENTRYID NOT NULL NUMBER
STATEMENT NOT NULL NUMBER
TIMESTAMP# NOT NULL DATE
USERID VARCHAR2(30)
USERHOST VARCHAR2(128)
TERMINAL VARCHAR2(255)
ACTION# NOT NULL NUMBER
RETURNCODE NOT NULL NUMBER
OBJ$CREATOR VARCHAR2(30)
OBJ$NAME VARCHAR2(128)
AUTH$PRIVILEGES VARCHAR2(16)
AUTH$GRANTEE VARCHAR2(30)
NEW$OWNER VARCHAR2(30)
NEW$NAME VARCHAR2(128)
SES$ACTIONS VARCHAR2(19)
SES$TID NUMBER
LOGOFF$LREAD NUMBER
LOGOFF$PREAD NUMBER
LOGOFF$LWRITE NUMBER
LOGOFF$DEAD NUMBER
LOGOFF$TIME DATE
COMMENT$TEXT VARCHAR2(4000)
CLIENTID VARCHAR2(64)
SPARE1 VARCHAR2(255)
SPARE2 NUMBER
OBJ$LABEL RAW(255)
SES$LABEL RAW(255)
PRIV$USED NUMBER
SESSIONCPU NUMBER
The only one you could use are the USERID and USERHOST, and since you tried to audit
by access and session, nothing more can be done with the Oracle auditing.
Maybe the TERMINAL field could give you info on where the command is coming from.
Same info as in sqlplus:
select userenv('TERMINAL') from dual;
Gives you the name of your pc in client/server.
SQL> desc sys.aud$;
Name Null? Type
--------------------------
SESSIONID NOT NULL NUMBER
ENTRYID NOT NULL NUMBER
STATEMENT NOT NULL NUMBER
TIMESTAMP# NOT NULL DATE
USERID VARCHAR2(30)
USERHOST VARCHAR2(128)
TERMINAL VARCHAR2(255)
ACTION# NOT NULL NUMBER
RETURNCODE NOT NULL NUMBER
OBJ$CREATOR VARCHAR2(30)
OBJ$NAME VARCHAR2(128)
AUTH$PRIVILEGES VARCHAR2(16)
AUTH$GRANTEE VARCHAR2(30)
NEW$OWNER VARCHAR2(30)
NEW$NAME VARCHAR2(128)
SES$ACTIONS VARCHAR2(19)
SES$TID NUMBER
LOGOFF$LREAD NUMBER
LOGOFF$PREAD NUMBER
LOGOFF$LWRITE NUMBER
LOGOFF$DEAD NUMBER
LOGOFF$TIME DATE
COMMENT$TEXT VARCHAR2(4000)
CLIENTID VARCHAR2(64)
SPARE1 VARCHAR2(255)
SPARE2 NUMBER
OBJ$LABEL RAW(255)
SES$LABEL RAW(255)
PRIV$USED NUMBER
SESSIONCPU NUMBER
You could use the OSUSER from V$SESSION dynamic view. You would need to have some way of identifying which session you are interested in.