Skip to content

Oracle audit log configuration

This is sample configuration for extracting oracle database audit log

Prerequsits

It is assumed that oracle initialization parameter AUDIT_TRAIL = db.
Documentation about oracle audit trail can be found here

Sample configuration

targetTypes:
  - DATABASE

database:
  # url of the oracle instance
  jdbcConnectionString: jdbc:oracle:thin:@//localhost:1522/XEPDB1
  jdbcUsername: sys as sysdba
  jdbcPassword: password
  sendLogsRate: 30000
  watchSqlQueries:
    # sql query can be extended with more columns, see https://docs.oracle.com/cd/B19306_01/server.102/b14237/statviews_3056.htm#i1619732
    - sql: SELECT USERNAME, ACTION_NAME, OBJ_NAME, ENTRYID, SESSIONID, TRANSACTIONID , RETURNCODE , SQL_TEXT, TIMESTAMP FROM DBA_AUDIT_TRAIL
      criteriaColumn: TIMESTAMP
      actorDisplayNameColumn: USERNAME
      actorIdColumns: USERNAME
      actionColumn: ACTION_NAME
      entityIdColumn: ENTRYID
      entityTypeColumn: OBJ_NAME
      entityTypeValue:
      actionValue:

oracle:
  - name: Oracle agent
    jdbcConnectionString: jdbc:oracle:thin:@192.168.1.101:1521:orcl
    jdbcUsername: SYS AS SYSDBA
    jdbcPassword: pass
    sendLogsRate: 30000
    watchSqlQueries:
    fgaPolicies:
      - objectSchema: TESTUSER
        objectName: PERSONS
        policyName: TEST_POLICY
        auditCondition: PersonID != 0
        auditColumn: FIRSTNAME
        enabled: true
        statementTypes: SELECT, INSERT, UPDATE, DELETE
    auditPolicies:
      - userName: TEST_USER
        auditOption: ALL