Skip to main content

The Difference between DB and DB_EXTENDED

When doing Audit on any table on the the database , the default auditing is DB.

SQL > show parameters audit_trail

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      DB

in this case , when you do audit on some table.

SQL> audit all on scott.emp by access;

Audit succeeded

SQL> update emp set sal=sal*0.95 where job='MANAGER';

3 rows updated.

if you want to know the statement made these changes, you will receive nothing on the sql_text field while you are selecting the audit_trial table.



select username, owner, obj_name, action_name, sql_text from dba_audit_trail;

USERNAME   OWNER      OBJ_NAME             ACTION_NAME     SQL_TEXT
---------- ---------- -------------------- --------------- --------------------
SCOTT      SCOTT      EMP                  UPDATE

Here is the difference between DB and DB_Extended shows. 
When you alter the db to db_extended , the sql_text field will be displayed.
If however you change the audit trail to DB_EXTENDED and restart the database:
SQL> alter system set audit_trail='db_extended' scope=spfile;

System altered.

SQL> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.

SQL> Startup
ORACLE instance started.
Total System Global Area  440401920 bytes
Fixed Size                  1249440 bytes
Variable Size             113250144 bytes
Database Buffers          318767104 bytes
Redo Buffers                7135232 bytes
Database mounted.
Database opened.
SQL> show parameters audit_trail

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
audit_trail                          string      DB_EXTENDED

The same activity will produce a record with the text:

SQL> select username, owner, obj_name, action_name, sql_text from dba_audit_trail;

USERNAME   OWNER      OBJ_NAME             ACTION_NAME     SQL_TEXT
---------- ---------- -------------------- --------------- --------------------
SCOTT      SCOTT      EMP                  UPDATE
SCOTT      SCOTT      EMP                  UPDATE          update emp set sal=sal*0.95 where job='MANAGER'
Labels:

Comments

Post a Comment

Popular posts from this blog

Web Application Security Scanner : Sandcat

Sandcat is multi-process remote web application security scanner. It maps the entire web site structure ( all links , forms , XHR requests and other entry points) and tries to find custom,unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST).  It also tests for SQL Inection, XSS, File inclusion and many other web application vulnerability classes.  Sandcat's code scanning functionality automates the process of reviewing the web application's code .  Source : CEH Lectures ...
Post a Comment
Read more

Do you think , Google makes a mistake ?

It seems Google makes a new mistake by launching its new security key (2-step verification)  one of the steps is USB device .  The question  :how come can i plug USB into my mobile (I-Phone , I-Pad , Samsung Galaxy , ....) !  Do Google know the difficulties while you are holding a USB on your hand all the time .  so You can't access  your  account if it's not in your hands. or it's damaged ?  This solution is hopeless , I think it's designed for small audience. As someone says : Can you convince the Bank Manager while you are putting the USB Device into the bank PC, that you are securing your PC , not stealing the bank data, or not transferring amounts of money to other account . or what else .  You know , This way is not quietly good , If I have many accounts on Google and other websites ,I need many  USB devices to verify myself.  That's of course , not good at all.
Post a Comment
Read more