Skip to Main Content
  • Questions

  • Auditing Operating system program name

Breadcrumb

Question and Answer

Connor McDonald

Thanks for the question, Chandrasekhar.

Asked: August 30, 2017 - 1:48 am UTC

Last updated: August 04, 2023 - 5:45 am UTC

Version: 9.2.0.1.0

Viewed 10K+ times! This question is

You Asked

Sir,
i am developing a client/server program using VB & Oracle, it is in testing stage.
i want to track whether the programmer is doing changes to the database using the application program(VB) or by logging into database(SQLPLUS)

for this i used the following commands
1)ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE;
2)AUDIT ALL BY "username" BY ACCESS;
3)AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY "username" BY ACCESS;

using OS_USERNAME, USERNAME,ACTION_NAME from DBA_AUDIT_TRAIL, i am able to find what the programmer had done, now i want to know whether the programmers have logged into the database using the application program (VB) or SQLPLUS.

in v$session, there is column program which tells Operating system program name(VB.exe or SQLPLUS.exe).

is there any thing like in AUDIT ?


Thanking You

and Connor said...

Request for more information:

When you say: "using AUDIT tables."

Do you mean via the AUDIT command, or are you referring to changes at a row level on a table.

===============================

Addenda:

The reason we dont capture the program in audit is that cannot really rely on it. The information is v$session is suspect at best (just copy sqlplus.exe to blah.exe and see what happens -- you cannot rely on that information in any way, shape or form.

But if you want to capture it anyway, you can use a trigger, eg

create table audit_trail
as
select sysdate x$timestamp, rpad('*',20,'*') x$action, v.*
from v$session v
where 1=0
/

create or replace trigger logon_trigger
after logon on database
begin
insert into audit_trail
select sysdate, 'LOGON', v.*
from v$session v
where sid = ( select sid from v$mystat where rownum = 1 );
commit;
end;
/

create or replace trigger logoff_trigger
before logoff on database
begin
insert into audit_trail
select sysdate, 'LOGOFF', v.*
from v$session v
where sid = ( select sid from v$mystat where rownum = 1 );
commit;
end;
/


Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

CDB_UNIFIED_AUDIT_TRAIL

pablo gil, July 31, 2023 - 8:48 pm UTC

Hello,
If You use oracle 19c or later, You can execute next query:
select client_program_name, count(1) from CDB_UNIFIED_AUDIT_TRAIL group by client_program_name;
Connor McDonald
August 04, 2023 - 5:45 am UTC

Thanks for the info
more

Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account.

More to Explore

Security

All of the vital components for a secure database are covered in the Security guide.