V$XML_AUDIT

9.134 V$XML_AUDIT_TRAIL

V$XML_AUDIT_TRAIL shows standard, fine-grained, SYS, and mandatory audit records written in XML format files.

Note:

This view is populated only in an Oracle Database where unified auditing is not enabled. When unified auditing is enabled in Oracle Database, the audit records are populated in the new audit trail and can be viewed from UNIFIED_AUDIT_TRAIL.

See Oracle Database Security Guide for more information about unified auditing.
See Oracle Database Upgrade Guide for more information about migrating to unified auditing.

Column	Datatype	Description
`AUDIT_TYPE`	`NUMBER`	Type of audit row: 1 = Standard XML Audit 2 = Fine Grained XML Audit 4 = SYS XML Audit 8 = Mandatory XML Audit
`SESSION_ID`	`NUMBER`	Numeric ID for the Oracle session
`PROXY_SESSIONID`	`NUMBER`	Proxy session serial number, if an enterprise user has logged in through a proxy mechanism
`STATEMENTID`	`NUMBER`	Numeric ID for the statement run (a statement may cause multiple audit records)
`ENTRYID`	`NUMBER`	Numeric ID for the audit trail entry in the session
`EXTENDED_TIMESTAMP`	`TIMESTAMP(6) WITH TIME ZONE`	Timestamp of the audited operation (the timestamp of the user's logon for entries is created by AUDIT SESSION)
`GLOBAL_UID`	`VARCHAR2(32)`	Global user identifier for the user, if the user has logged in as an enterprise user
`DB_USER`	`VARCHAR2(128)`	Database username of the user whose actions were audited
`CLIENTIDENTIFIER`	`VARCHAR2(64)`	Client identifier in the Oracle session
`EXT_NAME`	`VARCHAR2(1024)`	User's external name
`OS_USER`	`VARCHAR2(128)`	Operating system logon user name of the user whose actions were audited
`OS_HOST`	`VARCHAR2(128)`	Client host system name
`OS_PROCESS`	`VARCHAR2(16)`	Operating system process identifier of the Oracle server process
`TERMINAL`	`VARCHAR2(30)`	Identifier for the user's terminal
`INSTANCE_NUMBER`	`NUMBER`	Instance number as specified by the `INSTANCE_NUMBER` initialization parameter
`OBJECT_SCHEMA`	`VARCHAR2(128)`	Owner of the audited object
`OBJECT_NAME`	`VARCHAR2(128)`	Name of the object affected by the action
`POLICY_NAME`	`VARCHAR2(128)`	Name of the fine-grained auditing policy
`NEW_OWNER`	`VARCHAR2(128)`	Owner of the object named in the `NEW_NAME` column
`NEW_NAME`	`VARCHAR2(128)`	New name of object after renaming, or the name of an underlying object (for example, `CREATE INDEX owner.obj_name ON new_owner.new_name`)
`ACTION`	`NUMBER`	Numeric code for the action type
`STATEMENT_TYPE`	`NUMBER`	Description of the action
`TRANSACTIONID`	`RAW(8)`	Identifier of the transaction in which the object is accessed or modified
`RETURNCODE`	`NUMBER`	Oracle error code generated by the action. Zero if the action succeeded.
`SCN`	`NUMBER`	System change number (SCN) of the query
`COMMENT_TEXT`	`VARCHAR2(4000)`	Text comments on standard audit entries. Also indicates how the user was authenticated - the method can be one of the following: `DATABASE` - authentication was done by password `NETWORK` - authentication was done by Oracle Net Services or the Advanced Networking Option `PROXY` - the client was authenticated by another user. The name of the proxy user follows the method type.
`AUTH_PRIVILEGES`	`VARCHAR2(32)`	Privileges granted and revoked in `GRANT` and `REVOKE` statements recorded for standard audit trail entry
`GRANTEE`	`VARCHAR2(128)`	User who granted or revoked the privilege
`PRIV_USED`	`NUMBER`	Numerical code of privileges, if any, used in the action
`SES_ACTIONS`	`VARCHAR2(16)`	Session summary for standard audit records. A string of 12 characters, one for each action type, in the following order: Alter, Audit, Comment, Delete, Grant, Index, Insert, Lock, Rename, Select, Update, Flashback. Values: - = None, S=Success, F=Failure, B=Both
`OS_PRIVILEGE`	`VARCHAR2(7)`	Operating system privilege (`SYSDBA` or `SYSOPER`), if any, used in the session. If no privilege is used, it will be `NONE`.
`ECONTEXT_ID`	`VARCHAR2(64)`	Application execution context identifier
`SQL_BIND`	`VARCHAR2(4000)`	List of bind variables used in the statement
`SQL_TEXT`	`VARCHAR2(4000)`	The statement or command that triggered the audit event
`OBJ_EDITION_NAME`	`VARCHAR2(128)`	Name of the edition containing the audited object
`DBID`	`NUMBER`	Database identifier of the audited database
`RLS_INFO`	`VARCHAR2(4000)`	Stores virtual private database (VPD) policy names and predicates separated by delimiter. To format the output into individual rows, use the `DBMS_AUDIT_UTIL.DECODE_RLS_INFO_ATRAIL_XML` function.
`CURRENT_USER`	`VARCHAR2(128)`	Effective user for the statement execution
`CON_ID`	`NUMBER`	The ID of the container to which the data pertains. Possible values include: `0`: This value is used for rows containing data that pertain to the entire CDB. This value is also used for rows in non-CDBs. `1`: This value is used for rows containing data that pertain to only the root n: Where n is the applicable container ID for the rows containing data

Note:

The SQL_BIND and SQL_TEXT columns are only populated if the AUDIT_TRAIL initialization parameter is set to xml, extended or if the AUDIT_SYS_OPERATIONS initialization parameter is set to TRUE.