Oracle® Fusion Middleware Security Guide 11g Release 1 (11.1.1) Part Number E10043-04 |
|
|
View PDF |
This appendix provides reference information for the Oracle Fusion Middleware Audit Framework. It contains these topics:
This section describes the components that are audited and the types of events that can be audited.
In 11g Release 1 (11.1.1), specific Java components and system components can generate audit records; they are known as audit-aware components.
Java Components that can be Audited
The following components can be audited with Fusion Middleware Audit Framework:
Directory Integration Platform Server
Oracle Platform Security Services
Oracle Web Services Manager
Agent
Policy Manager
Policy Attachment
Oracle Web Services
Oracle Identity Federation
Reports Server
System Components that can be Audited
The following components can be audited with Fusion Middleware Audit Framework:
Oracle HTTP Server
Oracle Web Cache
Oracle Internet Directory
Oracle Virtual Directory
The set of tables in this section shows, for each audit-aware system components and subcomponent, what event types can be audited:
Oracle Directory Integration Platform Events and their Attributes
Oracle Platform Security Services Events and their Attributes
Table C-1 Oracle Directory Integration Platform Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
ServiceUtilize |
||
InvokeService |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
TerminateService |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
SynchronizationEvents |
||
Add |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, AssociateProfileName, ProfileName, EntryDN |
|
Modify |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, AssociateProfileName, ProfileName, EntryDN |
|
Delete |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, AssociateProfileName, ProfileName, EntryDN |
|
ProvisioningEvents |
UserAdd |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
UserModify |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
UserDelete |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
GroupAdd |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
GroupModify |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
GroupDelete |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEven |
|
IdentityAdd |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
IdentityModify |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
IdentityDelete |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
SubscriptionAdd |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
SubscriptionModify |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
SubscriptionDelete |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, ProfileName, ProvEvent |
|
ProfileManagementEvents |
DeleteProvProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
UpdateProvProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
ActivateProvProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
DeactivateProvProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
CreateSyncProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
DeleteSyncProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
UpdateSyncProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
ActivateSyncProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
DeactivateSyncProfile |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
SyncProfileUpdateChgNum |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
ExpressSyncSetup |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
SyncProfileBootstrap |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
SyncProfileExtAuthPlugins |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
ProvProfileBulkProv |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode |
|
SchedulerEvents |
||
AddJob |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, JobName, JobType |
|
RemoveJob |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, JobName, JobType |
Table C-2 Oracle Platform Security Services Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
Authorization |
||
CheckPermission |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, Subject, PermissionAction, PermissionTarget, PermissionClass |
|
CheckSubject |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, Subject |
|
CredentialManagement |
CreateCredential |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID |
DeleteCredential |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID |
|
AccessCredential |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID |
|
ModifyCredential |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, mapName, key, CodeSource, Principals, InitiatorGUID |
|
PolicyManagement |
PolicyGrant |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, PermissionAction, PermissionTarget, PermissionClass, PermissionScope |
PolicyRevoke |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, PermissionAction, PermissionTarget, PermissionClass, PermissionScope |
|
RoleManagement |
RoleMembershipAdd |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, ApplicationRole, EnterpriseRoles, PermissionScope |
RoleMembershipRemove |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, CodeSource, Principals, InitiatorGUID, ApplicationRole, EnterpriseRoles, PermissionScope |
Table C-3 Oracle HTTP Server Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
UserSession |
UserLogin |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AuthenticationMethod, Reason |
UserLogout |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AuthenticationMethod, Reason |
|
Authentication |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AuthenticationMethod, Reason, SSLConnection |
|
Authorization |
CheckAuthorization |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, Reason, AuthorizationType |
Table C-4 Oracle Directory Integration Platform Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
UserSession |
UserLogin |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Roles, custEventStatusDetail, custEventOp, AuthenticationMethod |
UserLogout |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Roles, custEventStatusDetail, custEventOp |
|
Authorization |
CheckAuthorization |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
DataAccess |
ModifyDataItemAttributes |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, custEventStatusDetail, custEventOp |
CompareDataItemAttributes |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, custEventStatusDetail, custEventOp |
|
AccountManagement |
ChangePassword |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
CreateAccount |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
|
DeleteAccount |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
|
DisableAccount |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
|
EnableAccount |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
|
ModifyAccount |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
|
LockAccount |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, custEventStatusDetail, custEventOp |
|
LDAPEntryAccess |
custInternalOperation |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, custEventStatusDetail, custEventOp |
Table C-5 Oracle Identity Federation Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
UserSession |
LocalAuthentication |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID, AuthenticationMechanism, AuthenticationEngineID |
LocalLogout |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID |
|
CreateUserSession |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID, AuthenticationMechanism |
|
DeleteUserSession |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, SessionID, AuthenticationMethod, UserID |
|
CreateUserFederation |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, FederationID, UserID, FederationType |
|
DeleteUserFederation |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, FederationID, UserID, FederationType |
|
CreateActiveUserFederation |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, SessionID, FederationID, AuthenticationMethod, UserID, FederationType |
|
DeleteActiveUserFederation |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, SessionID, FederationID, AuthenticationMethod, UserID, FederationType |
|
UpdateUserFederation |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, FederationID, UserID, FederationType, OldNameIDQualifier, OldNameIDValue |
|
ProtocolFlow |
IncomingMessage |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, Binding, Role, UserID, MessageType, IncomingMessageString, IncomingMessageStringCLOB |
OutgoingMessage |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, Binding, Role, UserID, MessageType, OutgoingMessageString, OutgoingMessageStringCLOB |
|
AssertionCreation |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, UserID, AssertionVersion, IssueInstant, Issuer, AssertionID |
|
AssertionConsumption |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, UserID, AssertionVersion, IssueInstant, Issuer, AssertionID |
|
Security |
CreateSignature |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type |
VerifySignature |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type |
|
EncryptData |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type |
|
DecryptData |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Type |
|
ServerConfiguration |
ChangeCOT |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, COTBefore, COTAfter |
ChangeServerProperty |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, ServerConfigBefore, ServerConfigAfter |
|
ChangeDataStore |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, DataStoreBefore, DataStoreAfter |
|
CreateConfigProperty |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PropertyName, PropertyType, PeerProviderID, PropertyContext, NewValue |
|
ChangeConfigProperty |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PropertyName, PropertyType, PeerProviderID, PropertyContext, OldValue, NewValue |
|
DeleteConfigProperty |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PropertyName, PropertyType, PeerProviderID, PropertyContext, Description, OldValue |
|
CreatePeerProvider |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PeerProviderID, Description, ProviderType |
|
UpdatePeerProvider |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PeerProviderID, Description, ProviderType |
|
DeletePeerProvider |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, ProtocolVersion, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, PeerProviderID, Description, ProviderType |
|
LoadMetadata |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, Description, Metadata |
|
SetDataStoreType |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, RemoteProviderID, NameIDQualifier, NameIDValue, NameIDFormat, SessionID, FederationID, OldValue, NewDataStoreType, DataStoreName |
Table C-6 Oracle Virtual Directory Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
UserSession |
UserLogin |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, AuthenticationMethod |
UserLogout |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
Authorization |
CheckAuthorization |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
DataAccess |
QueryDataItemAttributes |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
ModifyDataItemAttributes |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
CompareDataItemAttributes |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
ServiceManagement |
RemoveService |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, ServiceOperation |
ModifyServiceConfig |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, ServiceOperation |
|
AddService |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, ServiceOperation |
|
LDAPEntryAccess |
Add |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
Delete |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
Modify |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
Rename |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
Compare |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
Table C-7 OWSM-Agent Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
UserSession |
Authentication |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol |
Authorization |
CheckAuthorization |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol |
PolicyEnforcement |
EnforceConfidentiality |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol |
EnforceIntegrity |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol |
|
EnforcePolicy |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Resource, AssertionName, CompositeName, Endpoint, AgentMode, ModelObjectName, Operation, ProcessingStage, Version, Protocol |
Table C-8 OWSM-PM-EJB Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
AssertionTemplateAuthoring |
CreateAssertionTemplate |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version |
DeleteAssertionTemplate |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version, ToVersion |
|
ModifyAssertionTemplate |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version |
|
PolicyAuthoring |
CreatePolicy |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version |
DeletePolicy |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version, ToVersion, |
|
ModifyPolicy |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, Resource, Version |
Table C-9 Reports Server Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
UserSession |
UserLogin |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
Authorization |
CheckAuthorization |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
Table C-10 WS-Policy Attachment Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
PolicyAttachment |
PolicyAttachmentEvent |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, PolicyChangeType, PolicyURI, PolicyCategory, PolicyStatus, ServiceEndPoint, PolicySubjRescPattern |
Table C-11 Oracle Web Cache Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
UserSession |
UserLogin |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, AuthenticationMethod |
UserLogout |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles, AuthenticationMethod |
|
Authorization |
CheckAuthorization |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
DataAccess |
FilterRequest |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
ServiceManagement |
ModifyServiceConfig |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
ConfigServicePermissions |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
ServiceUtilize |
InvokeService |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
TerminateService |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
PeerAssocManagement |
CreatePeerAssoc |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
TerminatePeerAssoc |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
ChallengePeerAssoc |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
|
Authentication |
ClientAuthentication |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
ServerAuthentication |
ComponentType, InstanceId, HostId, HostNwaddr, ModuleId, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Roles |
Table C-12 Oracle Web Services Manager Events
Event Category | Event Type | Attributes used by Event |
---|---|---|
WS-Processing |
RequestReceived |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Protocol, Endpoint, Operation, FaultUrl |
ResponseSent |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, Protocol, Endpoint, Operation, FaultUri |
|
WS-Fault |
SoapFaultEvent |
ComponentType, InstanceId, HostId, HostNwaddr, ProcessId, OracleHome, HomeInstance, ECID, RID, ContextFields, SessionId, TargetComponentType, ApplicationName, EventType, EventCategory, EventStatus, TstzOriginating, ThreadId, ComponentName, Initiator, MessageText, FailureCode, RemoteIP, Target, Resource, URI, Source, Protocol, Endpoint, Operation |
lists all attributes for all audited events. Use this table to learn about the attributes used in the event of interest.
Table C-13 Attributes of Audited Events
Attribute Name | Description |
---|---|
AgentMode |
Mode in which agent performed policy enforcement. |
ApplicationName |
The J2EE application name |
ApplicationRole |
This attribute used for application roles audit for role membership management |
AssertionID |
The value of the "AssertionID" attribute of the assertion |
AssertionName |
Name of the assertion that failed enforcement. |
AssertionVersion |
The version number of the assertion corresponding to this event (ex. 2.0) |
AssociateProfileName |
This attribute is used to audit the Associate Profile Name |
AuthenticationEngineID |
The identifier of the authentication engine used during local authentication |
AuthenticationMechanism |
The authentication mechanism used during local authentication |
AuthenticationMethod |
The Authentication method - password / SSL / Kerberos and so on. |
AuthorizationType |
Access/authorization configuration directive: Regular = 'Require' directive, SSL = 'SSLRequire' directive |
Binding |
The binding used to send the message (SOAP, POST, GET, Aritifact,...) |
COTAfter |
The contents of the federations configuration file after the change |
COTBefore |
The contents of the federations configuration file before the change |
CodeSource |
This attribute used for code source audit for rolemembershipmanagement |
ComponentName |
ComponentName |
ComponentType |
Type of the component. |
CompositeName |
Name of the composite (apply to SOA application only) against which the policy is being enforced. |
ContextFields |
This attribute contains the context fields extracted from dms context. |
custEventOp |
This attribute specifies the LDAP operation name associated with this event, e.g. ldapbind, ldapadd, ldapsearch and so on. |
custEventStatusDetail |
This attribute conveys event status detail info, e.g. error code and other details in case of failure of the associated LDAP operation. |
DataStoreAfter |
The data stores configuration after the change |
DataStoreBefore |
The data stores configuration before the change |
DataStoreName |
The name of the data store being modified (examples: user data store, federation datastore) |
Description |
Description of the trusted provider |
ECID |
Identifies the thread of execution that the originating component participates in. |
Endpoint |
The URI which identifies the endpoint for which the event was triggered. For example, an HTTP require will record the URL. |
EnterpriseRoles |
This attribute used for enterprise roles audit for rolemembershipmanagement |
EntryDN |
This attribute is used to audit the entry Distinguished Name |
EventCategory |
The category of the audit event. |
EventStatus |
The outcome of the audit event - success or failure |
EventType |
The type of the audit event. Use wlst listAuditEvents to list out all the events. |
FailureCode |
The error code in case EventStatus = failure |
FaultUri |
If processing yielded a fault, the URI of the fault that will be sent. |
FederationID |
The ID of the federation |
FederationType |
The type of the federation that is being created or deleted (SP/IdP) |
HomeInstance |
The ORACLE_INSTANCE directory of the component |
HostId |
DNS hostname of originating host |
HostNwaddr |
IP or other network address of originating host |
IncomingMessageString |
null |
IncomingMessageStringCLOB |
null |
Initiator |
Identifies the UID of the user who is doing the operation |
InitiatorGUID |
This attribute used for initiator guid audit for authorization |
InstanceId |
Name of the Oracle Instance to which this component belongs. |
IssueInstant |
The value of the "IssueInstant" attribute of the assertion |
Issuer |
The value of the "Issuer" attribute of the assertion |
JobName |
This attribute is used to audit the Scheduler Job Name |
JobType |
This attribute is used to audit the Scheduler Job Name |
key |
This is the credential key for the Credential Store |
mapName |
This is the map name (alias name) for the Credential Store |
MessageText |
Description of the audit event |
MessageType |
The type of the message (ex. SSOLoginRequest/SSOLoginResponse/SSOLogoutRequest/...) |
Metadata |
The provider metadata loaded |
ModelObjectName |
Name of the Web service or client name against which the policy is being enforced. |
ModuleId |
ID of the module that originated the message. Interpretation is specific to the Component ID. |
NameIDFormat |
The format of the NameID of the subject |
NameIDQualifier |
The qualifier of the nameID of the subject |
NameIDValue |
The value of the nameID of the subject |
NewDataStoreType |
The new type of the data store |
NewValue |
The value of the property after the configuration change |
OldNameIDQualifier |
The nameID qualifier before the update took place |
OldNameIDValue |
The nameID value before the update took place |
OldValue |
The value of the property before the configuration change |
Operation |
For SOAP requests, the operation for which the event was triggered. |
OracleHome |
The ORACLE_HOME directory of the component |
OutgoingMessageString |
null |
OutgoingMessageStringCLOB |
null |
PeerProviderID |
The ID of the trusted provider associated with the modified property (If the modified property does not correspond to a trusted provider, this attribute is empty.) |
PermissionAction |
This attribute used for permission action audit for authorization |
PermissionClass |
This attribute used for permission class audit for policy store |
PermissionScope |
This attribute used for permission scope audit for role membership management |
PermissionTarget |
This attribute used for permission target audit for policy store |
PolicyCategory |
The category of the policy for which the event was triggered.(comma-separated list) |
PolicyChangeType |
The type of change that occurred. |
PolicyStatus |
The status of the policy for which the event was triggered.(comma-separated list) |
PolicySubjRescPattern |
The policy subject resource pattern which identifies the policy subject for which the event was triggered. |
PolicyURI |
The URI which identifies the policy for which the event was triggered.(comma-separated list) |
Principals |
This attribute used for principals audit for role membership management |
ProcessId |
ID of the process that originated the message |
ProcessingStage |
Processing stage during which the policy enforcement occurred. |
ProfileName |
This attribute is used to audit the Sync Profile Name |
PropertyContext |
The location of the property in the configuration |
PropertyName |
The name of the configuration property |
PropertyType |
The type of the property (examples: PropertiesList, PropertiesMap, String, Boolean) |
Protocol |
The protocol of the request. |
ProtocolVersion |
The version of the protocol being used (examples: SAML2.0, Libv11) |
ProvEvent |
This attribute is used to audit the Prov Event |
ProviderType |
The type of the provider (examples: sp, idp, sp idp) |
RID |
This is the relationship identifier, it is used to provide the full and correct calling relationships between threads and processes. |
Reason |
The reason this event occurred |
RemoteIP |
IP address of the client initiating this event |
RemoteProviderID |
The provider ID of the remote server |
Resource |
Identifies a resource that is being accessed. A resource can be many things - web page, file, directory share, web service, XML document, a portlet. The resource can be named as a combination of a host name, and an URI. |
Role |
The role of Oracle Identity Federation during the protocol step performed (for example Service Provider/ Identity Provider/Attribute Authority/..) |
Roles |
The roles that the user was granted at the time of login. |
SSLConnection |
Was SSL connection used by client to transmit request? |
ServerConfigAfter |
The server configuration after the change |
ServerConfigBefore |
The server configuration before the change |
ServiceEndPoint |
The URI which identifies the service for which the event was triggered. |
ServiceOperation |
Name of the operation performed that changes the service configuration |
SessionID |
The ID of the current session |
SessionId |
ID of the login session. |
Source |
The source of the fault. |
Subject |
This attribute used for subject audit for authorization |
Target |
Identifies the UID of the user on whom the operation is being done. E.g. is Alice changes Bob's password, then Alice is the initiator and Bob is the target |
TargetComponentType |
This is the target component type. |
ThreadId |
ID of the thread that generated this event |
ToVersion |
Upper end when deleting a range of policy versions. |
TstzOriginating |
Date and time when the audit event was generated |
Type |
The type of cryptographic data being processed (XML, String) |
URI |
The URI of the fault. |
UserID |
The identifier of the user in this protocol step |
Version |
Version of policy that was modified. |
Oracle Fusion Middleware Audit Framework provides a range of out-of-the-box reports that are accessible through Oracle Business Intelligence Publisher. The reports are grouped according to the type of audit data they contain:
A list of common reports appears in Section 13.5, "Audit Report Details".
Component-Specific reports are organized as follows:
Oracle Fusion Middleware Audit Framework
Configuration Changes
Oracle HTTP Server
Errors and Exceptions
User Activities
All Events
Oracle Internet Directory
Account Management
Account Profile History
Accounts Deleted
Accounts Enabled
Password Changes
Accounts Created
Accounts Disabled
Accounts Locked Out
User Activities
Authentication History
Authorization History
Errors and Exceptions
All Errors and Exceptions
Authentication Failures
Authorization Failures
All Events
Oracle Virtual Directory
User Activities
Authentication History
Authorization History
Errors and Exceptions
All Errors and Exceptions
Authentication Failures
Authorization Failures
All Events
Reports Server
User Activities
Authentication History
Authorization History
Errors and Exceptions
All Errors and Exceptions
Authentication Failures
Authorization Failures
All Events
Oracle Directory Integration Platform
All Errors and Exceptions
Profile Management Events
All Events
Oracle Identity Federation
Errors and Exceptions
All Errors and Exceptions
Authentication Failures
All Events
Federation user Activity
Authentication History
Assertion Activity
Oracle Platform Security Services
Errors and Exceptions
All Errors and Exceptions
Authentication Failures
All Events
Application Role Management
Credential Management
Authorization History
Application Policy Management
Credential Access
System Policy Management
Oracle Web Services Manager
User Activities
Authentication History
Authorization History
Errors and Exceptions
All Errors and Exceptions
Authentication Failures
Authorization Failures
All Events
Policy Management
Assertion Template Management
Web Services Policy Management
Policy Enforcements
Confidentiality Enforcements
Policy Enforcements
Message Integrity Enforcements
Violations
Request Response
Policy Attachments
Oracle Web Cache
User Activities
Authentication History
Authorization History
Errors and Exceptions
All Errors and Exceptions
Authentication Failures
Authorization Failures
All Events
If you have additional audit reporting requirements beyond the pre-built reports described in Section C.2, "Pre-built Audit Reports", you can create custom reports using your choice of reporting tools. For example, while the pre-built reports use a subset of the event attributes, you can make use of the entire audit attribute set for an event in creating custom reports.
Table C-14 describes the audit schema, which is useful when building custom reports.
Table C-14 The Audit Schema
Table Name | Column Name | Data Type | Nullable | Column ID |
---|---|---|---|---|
BASE TABLE |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_ORGID |
VARCHAR2(255 Bytes) |
Yes |
2 |
|
IAU_COMPONENTID |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_COMPONENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_INSTANCEID |
VARCHAR2(255 Bytes) |
Yes |
5 |
|
IAU_HOSTINGCLIENTID |
VARCHAR2(255 Bytes) |
Yes |
6 |
|
IAU_HOSTID |
VARCHAR2(255 Bytes) |
Yes |
7 |
|
IAU_HOSTNWADDR |
VARCHAR2(255 Bytes) |
Yes |
8 |
|
IAU_MODULEID |
VARCHAR2(255 Bytes) |
Yes |
9 |
|
IAU_PROCESSID |
VARCHAR2(255 Bytes) |
Yes |
10 |
|
IAU_ORACLEHOME |
VARCHAR2(255 Bytes) |
Yes |
11 |
|
IAU_HOMEINSTANCE |
VARCHAR2(255 Bytes) |
Yes |
12 |
|
IAU_UPSTREAMCOMPONENTID |
VARCHAR2(255 Bytes) |
Yes |
13 |
|
IAU_DOWNSTREAMCOMPONENTID |
VARCHAR2(255 Bytes) |
Yes |
14 |
|
IAU_ECID |
VARCHAR2(255 Bytes) |
Yes |
15 |
|
IAU_RID |
VARCHAR2(255 Bytes) |
Yes |
16 |
|
IAU_CONTEXTFIELDS |
VARCHAR2(2000 Bytes) |
Yes |
17 |
|
IAU_SESSIONID |
VARCHAR2(255 Bytes) |
Yes |
18 |
|
IAU_SECONDARYSESSIONID |
VARCHAR2(255 Bytes) |
Yes |
19 |
|
IAU_APPLICATIONNAME |
VARCHAR2(255 Bytes) |
Yes |
20 |
|
IAU_TARGETCOMPONENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
21 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
22 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
23 |
|
IAU_EVENTSTATUS |
NUMBER |
Yes |
24 |
|
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
25 |
|
IAU_THREADID |
VARCHAR2(255 Bytes) |
Yes |
26 |
|
IAU_COMPONENTNAME |
VARCHAR2(255 Bytes) |
Yes |
27 |
|
IAU_INITIATOR |
VARCHAR2(255 Bytes) |
Yes |
28 |
|
IAU_MESSAGETEXT |
VARCHAR2(255 Bytes) |
Yes |
29 |
|
IAU_FAILURECODE |
VARCHAR2(255 Bytes) |
Yes |
30 |
|
IAU_REMOTEIP |
VARCHAR2(255 Bytes) |
Yes |
31 |
|
IAU_TARGET |
VARCHAR2(255 Bytes) |
Yes |
32 |
|
IAU_RESOURCE |
VARCHAR2(255 Bytes) |
Yes |
33 |
|
IAU_ROLES |
VARCHAR2(255 Bytes) |
Yes |
34 |
|
IAU_AUTHENTICATIONMETHOD |
VARCHAR2(255 Bytes) |
Yes |
35 |
|
IAU_TRANSACTIONID |
VARCHAR2(255 Bytes) |
Yes |
36 |
|
IAU_DOMAINNAME |
VARCHAR2(255 Bytes) |
Yes |
37 |
|
DIP |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_ASSOCIATEPROFILENAME |
VARCHAR2(512 Bytes) |
Yes |
5 |
|
IAU_PROFILENAME |
VARCHAR2(512 Bytes) |
Yes |
6 |
|
IAU_ENTRYDN |
VARCHAR2(1024 Bytes) |
Yes |
7 |
|
IAU_PROVEVENT |
VARCHAR2(2048 Bytes) |
Yes |
8 |
|
IAU_JOBNAME |
VARCHAR2(128 Bytes) |
Yes |
9 |
|
IAU_JOBTYPE |
VARCHAR2(128 Bytes) |
Yes |
10 |
|
IAU_DISP_NAME_TL |
IAU_LOCALE_STR |
VARCHAR2(7 Bytes) |
1 |
|
IAU_DISP_NAME_KEY |
VARCHAR2(255 Bytes) |
2 |
||
IAU_COMPONENT_TYPE |
VARCHAR2(255 Bytes) |
3 |
||
IAU_DISP_NAME_KEY_TYPE |
VARCHAR2(255 Bytes) |
4 |
||
IAU_DISP_NAME_TRANS |
VARCHAR2(4000 Bytes) |
Yes |
5 |
|
IAU_LOCALE_MAP_TL |
IAU_LOC_LANG |
VARCHAR2(2 Bytes) |
Yes |
1 |
IAU_LOC_CNTRY |
VARCHAR2(3 Bytes) |
Yes |
2 |
|
IAU_LOC_STR |
VARCHAR2(7 Bytes) |
Yes |
3 |
|
OPSS |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_CODESOURCE |
VARCHAR2(1024 Bytes) |
Yes |
5 |
|
IAU_PRINCIPALS |
VARCHAR2(1024 Bytes) |
Yes |
6 |
|
IAU_INITIATORGUID |
VARCHAR2(1024 Bytes) |
Yes |
7 |
|
IAU_SUBJECT |
VARCHAR2(1024 Bytes) |
Yes |
8 |
|
IAU_PERMISSIONACTION |
VARCHAR2(1024 Bytes) |
Yes |
9 |
|
IAU_PERMISSIONTARGET |
VARCHAR2(1024 Bytes) |
Yes |
10 |
|
IAU_PERMISSIONCLASS |
VARCHAR2(1024 Bytes) |
Yes |
11 |
|
IAU_MAPNAME |
VARCHAR2(1024 Bytes) |
Yes |
12 |
|
IAU_KEY |
VARCHAR2(1024 Bytes) |
Yes |
13 |
|
IAU_PERMISSIONSCOPE |
VARCHAR2(1024 Bytes) |
Yes |
14 |
|
IAU_APPLICATIONROLE |
VARCHAR2(1024 Bytes) |
Yes |
15 |
|
IAU_ENTERPRISEROLES |
VARCHAR2(1024 Bytes) |
Yes |
16 |
|
IAU_INITIATORDN |
VARCHAR2(1024 Bytes) |
Yes |
17 |
|
IAU_GUID |
VARCHAR2(1024 Bytes) |
Yes |
18 |
|
IAU_PERMISSION |
VARCHAR2(1024 Bytes) |
Yes |
19 |
|
IAU_MODIFIEDATTRIBUTENAME |
VARCHAR2(1024 Bytes) |
Yes |
20 |
|
IAU_MODIFIEDATTRIBUTEVALUE |
VARCHAR2(2048 Bytes) |
Yes |
21 |
|
IAU_PERMISSIONSETNAME |
VARCHAR2(1024 Bytes) |
Yes |
22 |
|
IAU_RESOURCEACTIONS |
VARCHAR2(1024 Bytes) |
Yes |
23 |
|
IAU_RESOURCETYPE |
VARCHAR2(1024 Bytes) |
Yes |
24 |
|
OHS/OHS Component |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_REASON |
CLOB |
Yes |
5 |
|
IAU_SSLCONNECTION |
VARCHAR2(255 Bytes) |
Yes |
6 |
|
IAU_AUTHORIZATIONTYPE |
VARCHAR2(255 Bytes) |
Yes |
7 |
|
OID/OID Component |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_CUSTEVENTSTATUSDETAIL |
VARCHAR2(255 Bytes) |
Yes |
5 |
|
IAU_CUSTEVENTOP |
VARCHAR2(255 Bytes) |
Yes |
6 |
|
OIF |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_REMOTEPROVIDERID |
VARCHAR2(255 Bytes) |
Yes |
5 |
|
IAU_PROTOCOLVERSION |
VARCHAR2(255 Bytes) |
Yes |
6 |
|
IAU_NAMEIDQUALIFIER |
VARCHAR2(255 Bytes) |
Yes |
7 |
|
IAU_NAMEIDVALUE |
VARCHAR2(255 Bytes) |
Yes |
8 |
|
IAU_NAMEIDFORMAT |
VARCHAR2(255 Bytes) |
Yes |
9 |
|
IAU_SESSIONID |
VARCHAR2(255 Bytes) |
Yes |
10 |
|
IAU_FEDERATIONID |
VARCHAR2(255 Bytes) |
Yes |
11 |
|
IAU_USERID |
VARCHAR2(255 Bytes) |
Yes |
12 |
|
IAU_FEDERATIONTYPE |
VARCHAR2(255 Bytes) |
Yes |
13 |
|
IAU_AUTHENTICATIONMECHANISM |
VARCHAR2(255 Bytes) |
Yes |
14 |
|
IAU_AUTHENTICATIONENGINEID |
VARCHAR2(255 Bytes) |
Yes |
15 |
|
IAU_OLDNAMEIDQUALIFIER |
VARCHAR2(255 Bytes) |
Yes |
16 |
|
IAU_OLDNAMEIDVALUE |
VARCHAR2(255 Bytes) |
Yes |
17 |
|
IAU_BINDING |
VARCHAR2(255 Bytes) |
Yes |
18 |
|
IAU_ROLE |
VARCHAR2(255 Bytes) |
Yes |
19 |
|
IAU_MESSAGETYPE |
VARCHAR2(255 Bytes) |
Yes |
20 |
|
IAU_ASSERTIONVERSION |
VARCHAR2(255 Bytes) |
Yes |
21 |
|
IAU_ISSUEINSTANT |
VARCHAR2(255 Bytes) |
Yes |
22 |
|
IAU_ISSUER |
VARCHAR2(255 Bytes) |
Yes |
23 |
|
IAU_ASSERTIONID |
VARCHAR2(255 Bytes) |
Yes |
24 |
|
IAU_INCOMINGMESSAGESTRING |
VARCHAR2(3999 Bytes) |
Yes |
25 |
|
IAU_INCOMINGMESSAGESTRINGCLOB |
CLOB |
Yes |
26 |
|
IAU_OUTGOINGMESSAGESTRING |
VARCHAR2(3999 Bytes) |
Yes |
27 |
|
IAU_OUTGOINGMESSAGESTRINGCLOB |
CLOB |
Yes |
28 |
|
IAU_TYPE |
VARCHAR2(255 Bytes) |
Yes |
29 |
|
IAU_PROPERTYNAME |
VARCHAR2(255 Bytes) |
Yes |
30 |
|
IAU_PROPERTYTYPE |
VARCHAR2(255 Bytes) |
Yes |
31 |
|
IAU_PEERPROVIDERID |
VARCHAR2(255 Bytes) |
Yes |
32 |
|
IAU_PROPERTYCONTEXT |
VARCHAR2(255 Bytes) |
Yes |
33 |
|
IAU_DESCRIPTION |
VARCHAR2(255 Bytes) |
Yes |
34 |
|
IAU_OLDVALUE |
VARCHAR2(255 Bytes) |
Yes |
35 |
|
IAU_NEWVALUE |
VARCHAR2(255 Bytes) |
Yes |
36 |
|
IAU_PROVIDERTYPE |
VARCHAR2(255 Bytes) |
Yes |
37 |
|
IAU_COTBEFORE |
CLOB |
Yes |
38 |
|
IAU_COTAFTER |
CLOB |
Yes |
39 |
|
IAU_SERVERCONFIGBEFORE |
CLOB |
Yes |
40 |
|
IAU_SERVERCONFIGAFTER |
CLOB |
Yes |
41 |
|
IAU_DATASTOREBEFORE |
CLOB |
Yes |
42 |
|
IAU_DATASTOREAFTER |
CLOB |
Yes |
43 |
|
IAU_METADATA |
VARCHAR2(255 Bytes) |
Yes |
44 |
|
IAU_NEWDATASTORETYPE |
VARCHAR2(255 Bytes) |
Yes |
45 |
|
IAU_DATASTORENAME |
VARCHAR2(255 Bytes) |
Yes |
46 |
|
OVD/OVD Component |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_SERVICEOPERATION |
VARCHAR2(255 Bytes) |
Yes |
5 |
|
OWSM Agent |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_APPNAME |
VARCHAR2(255 Bytes) |
Yes |
5 |
|
IAU_ASSERTIONNAME |
VARCHAR2(255 Bytes) |
Yes |
6 |
|
IAU_COMPOSITENAME |
VARCHAR2(255 Bytes) |
Yes |
7 |
|
IAU_ENDPOINT |
VARCHAR2(4000 Bytes) |
Yes |
8 |
|
IAU_AGENTMODE |
VARCHAR2(255 Bytes) |
Yes |
9 |
|
IAU_MODELOBJECTNAME |
VARCHAR2(255 Bytes) |
Yes |
10 |
|
IAU_OPERATION |
VARCHAR2(255 Bytes) |
Yes |
11 |
|
IAU_PROCESSINGSTAGE |
VARCHAR2(255 Bytes) |
Yes |
12 |
|
IAU_VERSION |
NUMBER |
Yes |
13 |
|
IAU_PROTOCOL |
VARCHAR2(255 Bytes) |
Yes |
14 |
|
OWSM_PM_EJB |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_VERSION |
NUMBER |
Yes |
5 |
|
IAU_TOVERSION |
NUMBER |
Yes |
6 |
|
ReportsServer/ReportsServer Components |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
WebCache/ WebCache Component |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
WebServices |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_PROTOCOL |
VARCHAR2(255 Bytes) |
Yes |
5 |
|
IAU_ENDPOINT |
VARCHAR2(4000 Bytes) |
Yes |
6 |
|
IAU_OPERATION |
VARCHAR2(255 Bytes) |
Yes |
7 |
|
IAU_FAULTURI |
VARCHAR2(4000 Bytes) |
Yes |
8 |
|
IAU_URI |
VARCHAR2(4000 Bytes) |
Yes |
9 |
|
IAU_SOURCE |
VARCHAR2(255 Bytes) |
Yes |
10 |
|
WS_Policy Attachment |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255 Bytes) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255 Bytes) |
Yes |
4 |
|
IAU_PROTOCOL |
VARCHAR2(255 Bytes) |
Yes |
5 |
|
IAU_ENDPOINT |
VARCHAR2(4000 Bytes) |
Yes |
6 |
|
IAU_OPERATION |
VARCHAR2(255 Bytes) |
Yes |
7 |
|
IAU_FAULTURI |
VARCHAR2(4000 Bytes) |
Yes |
8 |
|
IAU_URI |
VARCHAR2(4000 Bytes) |
Yes |
9 |
|
IAU_SOURCE |
VARCHAR2(255 Bytes) |
Yes |
10 |
|
OAM (Oracle Access Manager) |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255) |
Yes |
4 |
|
IAU_APPLICATIONDOMAINNAME |
VARCHAR2(40) |
Yes |
5 |
|
IAU_AUTHENTICATIONSCHEMEID |
VARCHAR2(40) |
Yes |
6 |
|
IAU_AGENTID |
VARCHAR2(40) |
Yes |
7 |
|
IAU_SSOSESSIONID |
VARCHAR2(100) |
Yes |
8 |
|
IAU_ADDITIONALINFO |
VARCHAR2(1000) |
Yes |
9 |
|
IAU_AUTHORIZATIONSCHEME |
VARCHAR2(40) |
Yes |
10 |
|
IAU_USERDN |
VARCHAR2(255) |
Yes |
11 |
|
IAU_RESOURCEID |
VARCHAR2(40) |
Yes |
12 |
|
IAU_AUTHORIZATIONPOLICYID |
VARCHAR2(40) |
Yes |
13 |
|
IAU_AUTHENTICATIONPOLICYID |
VARCHAR2(255) |
Yes |
14 |
|
IAU_USERID |
VARCHAR2(40) |
Yes |
15 |
|
IAU_RESOURCEHOST |
VARCHAR2(255) |
Yes |
16 |
|
IAU_REQUESTID |
VARCHAR2(255) |
Yes |
17 |
|
IAU_POLICYNAME |
VARCHAR2(40) |
Yes |
18 |
|
IAU_SCHEMENAME |
VARCHAR2(40) |
Yes |
19 |
|
IAU_RESOURCEHOSTNAME |
VARCHAR2(100) |
Yes |
20 |
|
IAU_OLDATTRIBUTES |
VARCHAR2(1000) |
Yes |
21 |
|
IAU_NEWATTRIBUTES |
VARCHAR2(1000) |
Yes |
22 |
|
IAU_SCHMETYPE |
VARCHAR2(40) |
Yes |
23 |
|
IAU_RESPONSETYPE |
VARCHAR2(40) |
Yes |
24 |
|
IAU_AGENTTYPE |
VARCHAR2(40) |
Yes |
25 |
|
IAU_CONSTRAINTTYPE |
VARCHAR2(40) |
Yes |
26 |
|
IAU_INSTANCENAME |
VARCHAR2(40) |
Yes |
27 |
|
IAU_DATASOURCENAME |
VARCHAR2(100) |
Yes |
28 |
|
IAU_DATASOURCETYPE |
VARCHAR2(100) |
Yes |
29 |
|
IAU_HOSTIDENTIFIERNAME |
VARCHAR2(100) |
Yes |
30 |
|
IAU_RESOURCEURI |
VARCHAR2(255) |
Yes |
31 |
|
IAU_RESOURCETEMPLATENAME |
VARCHAR2(100) |
Yes |
32 |
|
OAAM (Oracle Adaptive Access Manager) |
IAU_ID |
NUMBER |
Yes |
1 |
IAU_TSTZORIGINATING |
TIMESTAMP(6) |
Yes |
2 |
|
IAU_EVENTTYPE |
VARCHAR2(255) |
Yes |
3 |
|
IAU_EVENTCATEGORY |
VARCHAR2(255) |
Yes |
4 |
|
IAU_ACTIONNOTES |
VARCHAR2(4000) |
Yes |
5 |
|
IAU_CASEACTIONENUM |
NUMBER(38) |
Yes |
6 |
|
IAU_CASEACTIONRESULT |
NUMBER |
Yes |
7 |
|
IAU_CASECHALLENGEQUESTION |
VARCHAR2(4000) |
Yes |
8 |
|
IAU_CASECHALLENGERESULT |
NUMBER(38) |
Yes |
9 |
|
IAU_CASEDISPOSITION |
NUMBER(38) |
Yes |
10 |
|
IAU_CASEEXPRDURATIONINHRS |
NUMBER(38) |
Yes |
11 |
|
IAU_CASEID |
NUMBER |
Yes |
12 |
|
IAU_CASEIDS |
VARCHAR2(4000) |
Yes |
13 |
|
IAU_CASESEVERITY |
NUMBER(38) |
Yes |
14 |
|
IAU_CASESTATUS |
NUMBER(38) |
Yes |
15 |
|
IAU_CASESUBACTIONENUM |
NUMBER(38) |
Yes |
16 |
|
IAU_DESCRIPTION |
VARCHAR2(4000) |
Yes |
17 |
|
IAU_GROUPID |
NUMBER |
Yes |
18 |
|
IAU_GROUPIDS |
VARCHAR2(4000) |
Yes |
19 |
|
IAU_GROUPNAME |
VARCHAR2(4000) |
Yes |
20 |
|
IAU_GROUPDETAILS |
VARCHAR2(4000) |
Yes |
21 |
|
IAU_GROUPELEMENTID |
NUMBER |
Yes |
22 |
|
IAU_GROUPELEMENTIDS |
NUMBER |
Yes |
23 |
|
IAU_GROUPELEMENTVALUE |
VARCHAR2(4000) |
Yes |
24 |
|
IAU_GROUPELEMENTSDETAILS |
VARCHAR2(4000) |
Yes |
25 |
|
IAU_KBACATEGORYID |
NUMBER |
Yes |
26 |
|
IAU_KBACATEGORYIDS |
VARCHAR2(4000) |
Yes |
27 |
|
IAU_KBACATEGORYNAME |
VARCHAR2(4000) |
Yes |
28 |
|
IAU_KBACATEGORYDETAILS |
VARCHAR2(4000) |
Yes |
29 |
|
IAU_KBAQUESTIONID |
NUMBER |
Yes |
30 |
|
IAU_KBAQUESTIONIDS |
VARCHAR2(4000) |
Yes |
31 |
|
IAU_KBAQUESTION |
VARCHAR2(4000) |
Yes |
32 |
|
IAU_KBAQUESTIONTYPE |
NUMBER(38) |
Yes |
33 |
|
IAU_KBAQUESTIONDETAILS |
VARCHAR2(4000) |
Yes |
34 |
|
IAU_KBAVALIDATIONID |
NUMBER |
Yes |
35 |
|
IAU_KBAVALIDATIONIDS |
VARCHAR2(4000) |
Yes |
36 |
|
IAU_KBAVALIDATIONNAME |
VARCHAR2(4000) |
Yes |
37 |
|
IAU_KBAVALIDATIONDETAILS |
VARCHAR2(4000) |
Yes |
38 |
|
IAU_KBAREGLOGICDETAILS |
VARCHAR2(4000) |
Yes |
39 |
|
IAU_KBAANSWERLOGICDETAILS |
VARCHAR2(4000) |
Yes |
40 |
|
IAU_LOGINID |
VARCHAR2(255) |
Yes |
41 |
|
IAU_POLICYDETAILS |
VARCHAR2(4000) |
Yes |
42 |
|
IAU_POLICYID |
NUMBER |
Yes |
43 |
|
IAU_POLICYIDS |
VARCHAR2(4000) |
Yes |
44 |
|
IAU_POLICYNAME |
NUMBER |
Yes |
45 |
|
IAU_POLICYOVERRIDEDETAILS |
VARCHAR2(4000) |
Yes |
46 |
|
IAU_POLICYOVERRIDEID |
NUMBER |
Yes |
47 |
|
IAU_POLICYOVERRIDEIDS |
VARCHAR2(4000) |
Yes |
48 |
|
IAU_POLICYOVERRIDEROWID |
NUMBER |
Yes |
49 |
|
IAU_POLICYRULEMAPID |
NUMBER |
Yes |
50 |
|
IAU_POLICYRULEMAPIDS |
VARCHAR2(4000) |
Yes |
51 |
|
IAU_POLICYRULEMAPDETAILS |
VARCHAR2(4000) |
Yes |
52 |
|
IAU_RULEID |
NUMBER |
Yes |
53 |
|
IAU_RULECONDITIONID |
NUMBER |
Yes |
54 |
|
IAU_RULECONDITIONIDS |
VARCHAR2(4000) |
Yes |
55 |
|
IAU_RULENAME |
VARCHAR2(4000) |
Yes |
56 |
|
IAU_RULEDETAILS |
VARCHAR2(4000) |
Yes |
57 |
|
IAU_RULECONDITIONMAPID |
NUMBER |
Yes |
58 |
|
IAU_RULECONDITIONMAPIDS |
VARCHAR2(4000) |
Yes |
59 |
|
IAU_RULEPARAMVALUEDETAILS |
VARCHAR2(4000) |
Yes |
60 |
|
IAU_SOURCEPOLICYID |
NUMBER |
Yes |
61 |
|
IAU_USERGROUPNAME |
VARCHAR2(255) |
Yes |
62 |
|
IAU_USERID |
NUMBER |
Yes |
63 |
|
IAU_USERIDS |
VARCHAR2(4000) |
Yes |
64 |
WLST
is the command-line utility for administration of Oracle Fusion Middleware components and applications. It provides another option for administration in addition to Oracle Enterprise Manager Fusion Middleware Control.
Use the WLST
commands listed in Table C-15 to view and manage audit policies and the audit store configuration.
Note:
When running auditWLST
commands, you must invoke the WLST
script from the Oracle Common home. See "Using Custom WLST Commands" in the Oracle Fusion Middleware Administrator's Guide for more information.Table C-15 WLST Audit Commands
Use this command... | To... | Use with WLST... |
---|---|---|
Display the mBean name for a system component. |
Online |
|
Display audit policy settings. |
Online |
|
Update audit policy settings. |
Online |
|
Display audit store settings. |
Online |
|
Update audit store settings. |
Online |
|
List audit events for one or all components. |
Online |
|
Export a component's audit configuration. |
Online |
|
Import a component's audit configuration. |
Online |
Online command that displays the mbean name for system components.
The MBean name must be provided when using WLST commands for system components; since the MBean name can have a complex composition, use this command to get the name.
This command displays the mbean name for system components given the instance name, component name, component type, and the name of the Oracle WebLogic Server on which the component's audit mbean is running. The mbean name is a required parameter to other audit WLST commands when managing a system component.
getNonJavaEEAuditMBeanName('instance-name', 'component-name', 'component-type')
Argument | Definition |
---|---|
instName | Specifies the name of the application server instance. |
compName | Specifies the name of the component instance. |
compType | Specifies the type of component. Valid values are ohs, oid, ovd, and WebCache. |
Online command that displays the audit policy settings.
Online command that displays audit policy settings including the audit level, special users, custom events, maximum log file size, and maximum log directory size. The component mbean name is an optional parameter. If no parameter is provided, the domain audit policy is displayed.
getAuditPolicy(['mbeanName'])
Argument | Definition |
---|---|
mbeanName | Specifies the name of the component audit MBean for system components. |
The following command displays the audit settings for all JavaEE components configured in the WebLogic Server domain:
wls:/mydomain/serverConfig> getAuditPolicy()
The following command displays the audit settings for MBean CSAuditProxyMBean
:
wls:/mydomain/serverConfig> getAuditPolicy(on='oracle.security.audit.test:type=CSAuditMBean, name=CSAuditProxyMBean')
Online command that updates an audit policy.
Online command that configures the audit policy settings. You can set the audit level, add or remove special users, and add or remove custom events. The component mbean name is required for system components like Oracle Internet Directory and Oracle Virtual Directory.
Remember to call save
after issuing setAuditPolicy
for system components. Otherwise, the new settings will not take effect.
setAuditPolicy(['mbeanName'],['filterPreset'],['addSpecialUsers'], ['removeSpecialUsers'],['addCustomEvents'],['removeCustomEvents'])
Argument | Definition |
---|---|
mbeanName | Specifies the name of the component audit MBean for system components. |
filterPreset | Specifies the audit level to be changed. |
addSpecialUsers | Specifies the special users to be added. |
removeSpecialUsers | Specifies the special users to be removed. |
addCustomEvents | Specifies the custom events to be added. |
removeCustomEvents | Specifies the custom events to be removed. |
The following interactive command a) sets the audit level to Low
, and b) adds users user2
and user3
while removing user user1
from the policy:
wls:/mydomain/serverConfig> setAuditPolicy (filterPreset='Low',addSpecialUsers='user2,user3',removeSpecialUsers='user1')
The following interactive command adds login events while removing logout events from the policy:
wls:/mydomain/serverConfig> setAuditPolicy(filterPreset='Custom',addCustomEvents='UserLogin',removeCustomEvents='UserLogout')
Online command that displays audit store settings.
Online command that displays audit store settings for Java components and applications (for system components like Oracle Internet Directory, the configuration resides in opmn.xml
). Also displays database configuration if the data is stored in a database.
Online command that updates audit store settings.
Online command that sets the audit store settings for Java components and applications (for system components like Oracle Internet Directory, the store is configured by editing opmn.xml
).
setAuditRepository(['switchToDB'],['dataSourceName'],['interval'])
Argument | Definition |
---|---|
switchToDB | If true , switches the store from file to database. |
dataSourceName | Specifies the name of the data source. |
interval | Specifies intervals at which the audit loader moves file records to the database. |
The following interactive command changes audit store to a database defined by the data source jdbcAuditDB
and sets the audit loader interval to 14 seconds:
wls:/mydomain/serverConfig> setAuditRepository(switchToDB='true',dataSourceName='jdbcAuditDB',interval='14')
Note:
The data source is created using the Oracle WebLogic Server administration console.Online command that displays the definition of a component's audit events, including its attributes.
This command displays a component's audit events and attributes. For system components, pass the component mbean name as a parameter. Java applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter. Without a component type, all generic attributes applicable to all components are displayed.
listAuditEvents(['mbeanName'],['componentType'])
Argument | Definition |
---|---|
mbeanName | Specifies the name of the component MBean. |
componentType | Specifies the component type. |
The following command displays audit events for an Oracle Internet Directory instance:
wls:/mydomain/serverConfig> listAuditEvents(on='oracle.as.management.mbeans.register: type=component.auditconfig,name=auditconfig1,instance=oid1,component=oid')
The following command displays audit events for Oracle Identity Federation:
wls:/mydomain/serverConfig> listAuditEvents(componentType='oif')
Online command that exports a component's audit configuration.
See Also:
This command is useful in migrating to production environments. For details, see Section 7.5.3, "Migrating Audit Policies".This command exports the audit configuration to a file. For system components, pass the component mbean name as a parameter. Java applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.
exportAuditConfig(['mbeanName'],fileName')
Argument | Definition |
---|---|
mbeanName | Specifies the name of the system component MBean. |
fileName | Specifies the path and file name to which the audit configuration should be exported. |
The following interactive command exports the audit configuration for a component:
wls:/mydomain/serverConfig> exportAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,name=CSAuditProxyMBean',fileName='/tmp/auditconfig')
The following interactive command exports the audit configuration for a component; no mBean is specified:
wls:/mydomain/serverConfig> exportAuditConfig(fileName='/tmp/auditconfig')
Online command that imports a component's audit configuration.
See Also:
This command is useful in migrating to production environments. For details, see Section 7.5.3, "Migrating Audit Policies".This command imports the audit configuration from an external file. For system components, pass the component mbean name as a parameter. Java applications and services like Oracle Platform Security Services (OPSS) do not need the mbean parameter.
Remember to call save after issuing importAuditConfig
for system components. Otherwise, the new settings will not take effect.
importAuditConfig(['mbeanName'],'fileName')
Argument | Definition |
---|---|
mbeanName | Specifies the name of the system component MBean. |
fileName | Specifies the path and file name from which the audit configuration should be imported. |
The following interactive command imports the audit configuration for a component:
wls:/mydomain/serverConfig> importAuditConfig(on='oracle.security.audit.test:type=CSAuditMBean,name=CSAuditProxyMBean',fileName='/tmp/auditconfig')
The following interactive command imports the audit configuration for a JavaEE application (no mBean is specified):
wls:/mydomain/serverConfig> importAuditConfig(fileName='/tmp/auditconfig')
When you select a custom audit policy, you have the option of specifying a filter expression along with an event.
For example, you can use the following expression:
Host Id -eq "myhost123"
to enable the audit event for a particular host only.
You enter this expression either through the Fusion Middleware Control Edit Filter Dialog or through the setAuditPolicy
WLST command.
See Also:
There are some syntax rules you should follow when creating a filter expression.
The expression can either be a Boolean expression or a literal.
<Expr> ::= <BooleanExpression> | <BooleanLiteral>
A boolean expression can use combinations of RelationalExpression with –and, -or , -not and parenthesis. For example, (Host Id -eq "stadl17" -or "
).
<BooleanExpression> ::= <RelationalExpression> | “(” <BooleanExpression> “)” | <BooleanExpression> “-and” <BooleanExpression> | <BooleanExpression> “-or” <BooleanExpression> | “-not” <BooleanExpression>
A relational expression compares an attribute name (on the left hand side) with a literal (on the right-hand side). The literal and the operator must be of the correct data type for the attribute.
<RelationalExpression> ::= <AttributeName> <RelationalOperator> <Literal>
Relational operators are particular to data types:
-eq, -ne can be used with all data types
-contains, -startswith, -endswith can be only used with strings
-contains_case, -startswith_case and -endswith_case are case sensitive versions of the above three functions
-lt, -le, -gt, -ge can be used with numeric and datetime
<RelationalOperator> : = "-eq" | "-ne" | "-lt" | "-le" | "-gt" | "-ge" | "-contains" | "-contains_case" | "-startswith" | "-startswith_case" | "-endswith" | "-endswith_case"
Rules for literals are as follows:
Boolean literals are true or false, without quotes
Date time literals have to be in double quotes and can be in many different formats; "June 25, 2006", "06/26/2006 2:00 pm" are all valid
String literals have to be quotes, back-slash can be used to escape an embedded double quote
Numeric literals are in their usual format
<Literal> ::= <NumericLiteral> | <BooleanLiteral> | <DateTimeLiteral> | <StringLiteral><BooleanLiteral> ::= "true” | "false”
This section explains the rules that are used to maintain audit files.
For Java components (both JavaEE and JavaSE), the file containing audit records is named "audit.log".
When that file is full (it reaches the configured maximum audit file size which is 100MB), it is renamed to "audit1.log" and a new "audit.log" is created. If this file too gets full, the audit.log file is renamed to "audit2.log" and a new audit.log is created.
This continues until the configured maximum audit directory size is reached (default is 0, which means unlimited size). When the max directory size is reached, the oldest auditn.log file is deleted.
If you have configured a database audit store, then the audit loader reads these files and transfers the records to the database in batches. After reading a complete audit<n>.log file, it deletes the file.
Note:
The audit loader never deletes the "current" file, that is, audit.log; it only deletes archive files audit<n>.log.OPMN-managed components follow the same model, except the file name is slightly different. It has the process ID embedded in the file name; thus, if the process id is 11925 the current file is called "audit-pid11925.log", and after rotation it will be called audit-pid11925-1.log
Here is a sample audit.log file:
#Fields:Date Time Initiator EventType EventStatus MessageText HomeInstance ECID RID ContextFields SessionId TargetComponentType ApplicationName EventCategory ThreadId InitiatorDN TargetDN FailureCode RemoteIP Target Resource Roles CodeSource InitiatorGUID Principals PermissionAction PermissionClass mapName key #Remark Values:ComponentType="JPS" 2008-12-08 10:46:05.492 - "CheckAuthorization" true "Oracle Platform Security Authorization Check Permission SUCCEEDED." - - - - - - - "Authorization" "48" - - "true" - - "(oracle.security.jps.service.policystore.PolicyStoreAccessPermission context=APPLICATION,name=SimpleServlet getApplicationPolicy)" - "file:/oracle/work/middleware/oracle_common/modules/oracle.jps_11.1.1/jps-internal.jar" - "[]" - - - -
This file follows the W3C extended logging format, which is a very common log format that is used by many Web Servers e.g. Apache and IIS:
The first line is a "#Fields" line; it specifies all the fields in the rest of the file.
The second line is a comment like "#Remark" which has a comment indicating some common attributes like the ComponentType.
All subsequent lines are data lines; they follow the exact format defined in the "#Fields" line. All attributes are separated by spaces, mussing attributes are indicated by a dash.