Hi All,
DB version: 19.16
I need to enable auditing for local/direct connections which are taken from DATABASE server using SQLPLUS by SYS/ALL users.
I have below command to enable auditing for SYS/ALL users. I believe below command will capture all statements/commands which are coming from locally and remotely.
Do we have any better option to enable the auditing for local connections ONLY as for remote we are planning to deploy Database Firewall?
Please suggest.
– For SYS user
CREATE audit policy SYS_AUDIT privileges alter any table, drop any table, Insert any table, update any table, delete any table
ACTIONS create table, INSERT, UPDATE, DELETE, Create index, drop index, alter index, create sequence,alter sequence, alter table, drop sequence, create synonym, drop synonym,
create procedure, alter procedure, create database link, drop database link, create trigger, alter trigger, drop trigger, drop procedure, create materialized view, alter materialized view,
drop materialized view, truncate table, create function, alter function, drop function, create package, alter package, drop package, create package body, alter package body,
drop package body, alter database link, grant, revoke by SYS;
— For all USERS
CREATE audit policy SYS_AUDIT privileges alter any table, drop any table, Insert any table, update any table, delete any table
ACTIONS create table, INSERT, UPDATE, DELETE, Create index, drop index, alter index, create sequence,alter sequence, alter table, drop sequence, create synonym, drop synonym,
create procedure, alter procedure, create database link, drop database link, create trigger, alter trigger, drop trigger, drop procedure, create materialized view, alter materialized view,
drop materialized view, truncate table, create function, alter function, drop function, create package, alter package, drop package, create package body, alter package body,
drop package body, alter database link, grant, revoke;
Thank you.