Traditional vs Unified Auditing
Oracle comes with two auditing variations:
- Traditional audting
- Unified auditing
Traditional auditing allows to
The so called
unified audit trail stores audit records that are generated in mutliple source (compare with
v$unified_audit_record_format):
- Audit records (including SYS audit records) from unified audit policies and AUDIT settings
- Fine grainded auditing (
dbms_fga)
- Oracle Database Real Application Security
- Oracle Recovery Manager
- Oracle Database Vault
- Oracle Label Security
- Oracle Machine Learning for SQL
- Oracle Data Pump
- Oracle SQL*Loader Direct Load
- Oracle XML DB HTTP and FTP protocol messages
Unified auditing was introduced in Oracle 12c, traditional auditing is deprecated with Oracle 21c.
v$option can be queried to determine if unified auditing is enabled:
select value from v$option where parameter = 'Unified Auditing';
In order to make transition from traditional to unified auditing easier, there is a so called mixed mode audit facility with which traditional audting can be used alongside unified audting.