When the audit is performed, it is important to be able to identify the originating host, username, and logon and logoff time for sessions. In this recipe we will enable an audit on sessions created by users HR
, DRAPHEAL
, and SMAVRIS
.
SYSTEM
, and start to audit sessions for user HR
, DRAPHEAL
, and SMAVRIS
as follows:SQL> conn system Enter password: Connected. SQL> audit session by HR, DRAPHEAL, SMAVRIS; Audit succeeded. SQL>
HR
and wait for 10 seconds, then disconnect.DRAPHEAL
and SMAVRIS
and wait for 10 seconds or more, then disconnect.DBA_AUDIT_SESSION
dictionary view. Check the generated audit records by OS_USERNAME
, USERNAME
, USERHOST
, TERMINAL
, TIMESTAMP
, ACTION_NAME
, and LOGOFF_TIME
as follows:The information about the session audit can be found in DBA_AUDIT_SESSION
, DBA_COMMON_TRAIL
, and USER_AUDIT_SESSION
dictionary views.
If you want to audit all sessions then use the following statement:
audit session by access;
To disable audits on all sessions use the noaudit
command as follows:
noaudit session;
To disable audits only for specific users execute the following:
noaudit session by HR, DRAPHEAL, SMAVRIS;
It is highly recommended to couple session audit with a real time alarming mechanism that fires when a user logs on.
18.222.118.90