Request for more information:
When you say: "using AUDIT tables."
Do you mean via the AUDIT command, or are you referring to changes at a row level on a table.
===============================
Addenda:
The reason we dont capture the program in audit is that cannot really rely on it. The information is v$session is suspect at best (just copy sqlplus.exe to blah.exe and see what happens -- you cannot rely on that information in any way, shape or form.
But if you want to capture it anyway, you can use a trigger, eg
create table audit_trail
as
select sysdate x$timestamp, rpad('*',20,'*') x$action, v.*
from v$session v
where 1=0
/
create or replace trigger logon_trigger
after logon on database
begin
insert into audit_trail
select sysdate, 'LOGON', v.*
from v$session v
where sid = ( select sid from v$mystat where rownum = 1 );
commit;
end;
/
create or replace trigger logoff_trigger
before logoff on database
begin
insert into audit_trail
select sysdate, 'LOGOFF', v.*
from v$session v
where sid = ( select sid from v$mystat where rownum = 1 );
commit;
end;
/