Oracle using AUDIT. System triggers, however, can allow such auditing to be implemented.

The program code inside the database should also be protected by an audit trail. Again, system triggers can allow such auditing to be implemented.

Using Oracle8i system triggers

Starting with Oracle8i, Oracle introduced special triggers that are not associated with DML events (e.g. INSERT, UPDATE, and DELETE). These system triggers included database startup triggers, DDL triggers and end-user log in / log off triggers.

While Oracle provided the functionality for these new triggers, it was not clear how they could be used in order to track system-wide usage. This article describes our work in creating end-user log in / log off procedures to facilitate tracing end-user activity. Please be advised that the initial implementation of system triggers for end-user tracking is quite new, and as such is still a bit lacking in robust functionality.

While the user log on / log off triggers will accurately tell you the time of the user log on and user log off, unfortunately the code does not capture any information regarding the specific tasks that were performed during the user's session.

Also note that these user log on and log off triggers are best used for those types of applications that utilize time stamped users. By time stamped users, we mean those users who are given a unique Oracle user ID when they access the application. Applications that do not utilize the time stamped Oracle user IDs (SAP, PeopleSoft) may not benefit greatly by using these log on and log off triggers.

Now that we understand the basics, let's move on in and take look at how we can design the user audit table to track user activity.

Designing a user audit table

The first step is to create an Oracle table that can store the information gathered by the end-user log on / log off triggers. In order to properly design these triggers; we begin by taking a look at the information that is available to us inside the system triggers. First we gather the information available at log in.

User ID -- this is the user ID that was used to perform the sign on operation.

Session ID -- this is the Oracle control session ID for the user.

Host -- this is the host name of the computer.

Logon date -- this is an Oracle date data type corresponding to the user log in time, accurate to 1/1000 of a second
Now we gather the information available just prior to user log off. At user log off time, the Oracle system trigger provides us with some information about the current session that the user was performing:

Last program -- this provides the name of last program that the user was executing at the time of system log off.

Last action -- this provides the last action performed by the user during the session.

Last module - this provides the name of the last module accessed by the user prior to log off time

Log off date -- this is an Oracle date data type corresponding to the actual user log off time, accurate to 1/1000 of a second
Now we know the information available to us at log on and log off, but how do we collect this information and make it accessible to management? Let's take a look at the available options.