oci logo
Oracle Cloud Infrastructure v0.19.0, May 26 23

oci.DataSafe.getAuditEvents

Explore with Pulumi AI

This data source provides the list of Audit Events in Oracle Cloud Infrastructure Data Safe service.

The ListAuditEvents operation returns specified compartmentId audit Events only. The list does not include any audit Events associated with the subcompartments of the specified compartmentId.

The parameter accessLevel specifies whether to return only those compartments for which the requestor has INSPECT permissions on at least one resource directly or indirectly (ACCESSIBLE) (the resource can be in a subcompartment) or to return Not Authorized if Principal doesn’t have access to even one of the child compartments. This is valid only when compartmentIdInSubtree is set to true.

The parameter compartmentIdInSubtree applies when you perform ListAuditEvents on the compartmentId passed and when it is set to true, the entire hierarchy of compartments can be returned. To get a full list of all compartments and subcompartments in the tenancy (root compartment), set the parameter compartmentIdInSubtree to true and accessLevel to ACCESSIBLE.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testAuditEvents = Oci.DataSafe.GetAuditEvents.Invoke(new()
    {
        CompartmentId = @var.Compartment_id,
        AccessLevel = @var.Audit_event_access_level,
        CompartmentIdInSubtree = @var.Audit_event_compartment_id_in_subtree,
        ScimQuery = @var.Audit_event_scim_query,
    });

});
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/go/oci/DataSafe"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := DataSafe.GetAuditEvents(ctx, &datasafe.GetAuditEventsArgs{
			CompartmentId:          _var.Compartment_id,
			AccessLevel:            pulumi.StringRef(_var.Audit_event_access_level),
			CompartmentIdInSubtree: pulumi.BoolRef(_var.Audit_event_compartment_id_in_subtree),
			ScimQuery:              pulumi.StringRef(_var.Audit_event_scim_query),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.DataSafe.DataSafeFunctions;
import com.pulumi.oci.DataSafe.inputs.GetAuditEventsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testAuditEvents = DataSafeFunctions.getAuditEvents(GetAuditEventsArgs.builder()
            .compartmentId(var_.compartment_id())
            .accessLevel(var_.audit_event_access_level())
            .compartmentIdInSubtree(var_.audit_event_compartment_id_in_subtree())
            .scimQuery(var_.audit_event_scim_query())
            .build());

    }
}
import pulumi
import pulumi_oci as oci

test_audit_events = oci.DataSafe.get_audit_events(compartment_id=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
    access_level=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
    compartment_id_in_subtree=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference),
    scim_query=%!v(PANIC=Format method: runtime error: invalid memory address or nil pointer dereference))
import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testAuditEvents = oci.DataSafe.getAuditEvents({
    compartmentId: _var.compartment_id,
    accessLevel: _var.audit_event_access_level,
    compartmentIdInSubtree: _var.audit_event_compartment_id_in_subtree,
    scimQuery: _var.audit_event_scim_query,
});
variables:
  testAuditEvents:
    fn::invoke:
      Function: oci:DataSafe:getAuditEvents
      Arguments:
        compartmentId: ${var.compartment_id}
        accessLevel: ${var.audit_event_access_level}
        compartmentIdInSubtree: ${var.audit_event_compartment_id_in_subtree}
        scimQuery: ${var.audit_event_scim_query}

Using getAuditEvents

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAuditEvents(args: GetAuditEventsArgs, opts?: InvokeOptions): Promise<GetAuditEventsResult>
function getAuditEventsOutput(args: GetAuditEventsOutputArgs, opts?: InvokeOptions): Output<GetAuditEventsResult>
def get_audit_events(access_level: Optional[str] = None,
                     compartment_id: Optional[str] = None,
                     compartment_id_in_subtree: Optional[bool] = None,
                     filters: Optional[Sequence[_datasafe.GetAuditEventsFilter]] = None,
                     scim_query: Optional[str] = None,
                     opts: Optional[InvokeOptions] = None) -> GetAuditEventsResult
def get_audit_events_output(access_level: Optional[pulumi.Input[str]] = None,
                     compartment_id: Optional[pulumi.Input[str]] = None,
                     compartment_id_in_subtree: Optional[pulumi.Input[bool]] = None,
                     filters: Optional[pulumi.Input[Sequence[pulumi.Input[_datasafe.GetAuditEventsFilterArgs]]]] = None,
                     scim_query: Optional[pulumi.Input[str]] = None,
                     opts: Optional[InvokeOptions] = None) -> Output[GetAuditEventsResult]
func GetAuditEvents(ctx *Context, args *GetAuditEventsArgs, opts ...InvokeOption) (*GetAuditEventsResult, error)
func GetAuditEventsOutput(ctx *Context, args *GetAuditEventsOutputArgs, opts ...InvokeOption) GetAuditEventsResultOutput

> Note: This function is named GetAuditEvents in the Go SDK.

public static class GetAuditEvents 
{
    public static Task<GetAuditEventsResult> InvokeAsync(GetAuditEventsArgs args, InvokeOptions? opts = null)
    public static Output<GetAuditEventsResult> Invoke(GetAuditEventsInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAuditEventsResult> getAuditEvents(GetAuditEventsArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: oci:DataSafe/getAuditEvents:getAuditEvents
  arguments:
    # arguments dictionary

The following arguments are supported:

CompartmentId string

A filter to return only resources that match the specified compartment OCID.

AccessLevel string

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

CompartmentIdInSubtree bool

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

Filters List<GetAuditEventsFilter>
ScimQuery string

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: query=(operationTime ge '2021-06-04T01-00-26') and (eventName eq 'LOGON')

CompartmentId string

A filter to return only resources that match the specified compartment OCID.

AccessLevel string

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

CompartmentIdInSubtree bool

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

Filters []GetAuditEventsFilter
ScimQuery string

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: query=(operationTime ge '2021-06-04T01-00-26') and (eventName eq 'LOGON')

compartmentId String

A filter to return only resources that match the specified compartment OCID.

accessLevel String

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

compartmentIdInSubtree Boolean

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

filters List<GetAuditEventsFilter>
scimQuery String

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: query=(operationTime ge '2021-06-04T01-00-26') and (eventName eq 'LOGON')

compartmentId string

A filter to return only resources that match the specified compartment OCID.

accessLevel string

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

compartmentIdInSubtree boolean

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

filters GetAuditEventsFilter[]
scimQuery string

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: query=(operationTime ge '2021-06-04T01-00-26') and (eventName eq 'LOGON')

compartment_id str

A filter to return only resources that match the specified compartment OCID.

access_level str

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

compartment_id_in_subtree bool

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

filters GetAuditEventsFilter]
scim_query str

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: query=(operationTime ge '2021-06-04T01-00-26') and (eventName eq 'LOGON')

compartmentId String

A filter to return only resources that match the specified compartment OCID.

accessLevel String

Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.

compartmentIdInSubtree Boolean

Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.

filters List<Property Map>
scimQuery String

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: query=(operationTime ge '2021-06-04T01-00-26') and (eventName eq 'LOGON')

getAuditEvents Result

The following output properties are available:

AuditEventCollections List<GetAuditEventsAuditEventCollection>

The list of audit_event_collection.

CompartmentId string

The OCID of the compartment containing the audit event. This is the same as that of audit profile of the target database resource compartment.

Id string

The provider-assigned unique ID for this managed resource.

AccessLevel string
CompartmentIdInSubtree bool
Filters List<GetAuditEventsFilter>
ScimQuery string
AuditEventCollections []GetAuditEventsAuditEventCollection

The list of audit_event_collection.

CompartmentId string

The OCID of the compartment containing the audit event. This is the same as that of audit profile of the target database resource compartment.

Id string

The provider-assigned unique ID for this managed resource.

AccessLevel string
CompartmentIdInSubtree bool
Filters []GetAuditEventsFilter
ScimQuery string
auditEventCollections List<GetAuditEventsAuditEventCollection>

The list of audit_event_collection.

compartmentId String

The OCID of the compartment containing the audit event. This is the same as that of audit profile of the target database resource compartment.

id String

The provider-assigned unique ID for this managed resource.

accessLevel String
compartmentIdInSubtree Boolean
filters List<GetAuditEventsFilter>
scimQuery String
auditEventCollections GetAuditEventsAuditEventCollection[]

The list of audit_event_collection.

compartmentId string

The OCID of the compartment containing the audit event. This is the same as that of audit profile of the target database resource compartment.

id string

The provider-assigned unique ID for this managed resource.

accessLevel string
compartmentIdInSubtree boolean
filters GetAuditEventsFilter[]
scimQuery string
audit_event_collections GetAuditEventsAuditEventCollection]

The list of audit_event_collection.

compartment_id str

The OCID of the compartment containing the audit event. This is the same as that of audit profile of the target database resource compartment.

id str

The provider-assigned unique ID for this managed resource.

access_level str
compartment_id_in_subtree bool
filters GetAuditEventsFilter]
scim_query str
auditEventCollections List<Property Map>

The list of audit_event_collection.

compartmentId String

The OCID of the compartment containing the audit event. This is the same as that of audit profile of the target database resource compartment.

id String

The provider-assigned unique ID for this managed resource.

accessLevel String
compartmentIdInSubtree Boolean
filters List<Property Map>
scimQuery String

Supporting Types

GetAuditEventsAuditEventCollection

Items []GetAuditEventsAuditEventCollectionItem

Array of audit event summary.

items GetAuditEventsAuditEventCollectionItem[]

Array of audit event summary.

items GetAuditEventsAuditEventCollectionItem]

Array of audit event summary.

items List<Property Map>

Array of audit event summary.

GetAuditEventsAuditEventCollectionItem

ActionTaken string

The action taken for this audit event.

AuditEventTime string

The time of the audit event occurrence in the target database.

AuditLocation string

The location of the audit. Currently the value is audit table.

AuditPolicies string

Comma-seperated list of audit policies that caused the current audit event.

AuditTrailId string

The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.

AuditType string

The type of the auditing.

ClientHostname string

The name of the host machine from which the session was spawned.

ClientId string

The client identifier in each Oracle session.

ClientIp string

The IP address of the host machine from which the session was spawned.

ClientProgram string

The application from which the audit event was generated. Examples SQL Plus or SQL Developer.

CommandParam string

List of bind variables associated with the command text.

CommandText string

The SQL associated with the audit event.

CompartmentId string

A filter to return only resources that match the specified compartment OCID.

DatabaseType string

The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
DbUserName string

The name of the database user whose actions were audited.

DefinedTags Dictionary<string, object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}

ErrorCode string

Oracle Error code generated by the action. Zero indicates the action was successful.

ErrorMessage string

The detailed message on why the Error occurred.

EventName string

The name of the detail action executed by the user on the target database. i.e ALTER SEQUENCE, CREATE TRIGGER, CREATE INDEX.

ExtendedEventAttributes string

List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.

FreeformTags Dictionary<string, object>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}

Id string

The OCID of the audit event.

IsAlerted bool

Indicates whether an alert was raised for this audit event.

Object string

The name of the object affected by the action.

ObjectOwner string

The schema name of the object affected by the action.

ObjectType string

The type of the object in the source database affected by the action. i.e PL/SQL, SYNONYM, PACKAGE BODY.

Operation string

The name of the action executed by the user on the target database. i.e ALTER, CREATE, DROP.

OperationStatus string

Indicates whether the operation was a success or a failure.

OsTerminal string

The operating system terminal of the user session.

OsUserName string

The name of the operating system user for the database session.

TargetClass string

The class of the target that was audited.

TargetId string

The OCID of the target database that was audited.

TargetName string

The name of the target database that was audited.

TimeCollected string

The timestamp when this audit event was collected from the target database by Data Safe.

ActionTaken string

The action taken for this audit event.

AuditEventTime string

The time of the audit event occurrence in the target database.

AuditLocation string

The location of the audit. Currently the value is audit table.

AuditPolicies string

Comma-seperated list of audit policies that caused the current audit event.

AuditTrailId string

The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.

AuditType string

The type of the auditing.

ClientHostname string

The name of the host machine from which the session was spawned.

ClientId string

The client identifier in each Oracle session.

ClientIp string

The IP address of the host machine from which the session was spawned.

ClientProgram string

The application from which the audit event was generated. Examples SQL Plus or SQL Developer.

CommandParam string

List of bind variables associated with the command text.

CommandText string

The SQL associated with the audit event.

CompartmentId string

A filter to return only resources that match the specified compartment OCID.

DatabaseType string

The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
DbUserName string

The name of the database user whose actions were audited.

DefinedTags map[string]interface{}

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}

ErrorCode string

Oracle Error code generated by the action. Zero indicates the action was successful.

ErrorMessage string

The detailed message on why the Error occurred.

EventName string

The name of the detail action executed by the user on the target database. i.e ALTER SEQUENCE, CREATE TRIGGER, CREATE INDEX.

ExtendedEventAttributes string

List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.

FreeformTags map[string]interface{}

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}

Id string

The OCID of the audit event.

IsAlerted bool

Indicates whether an alert was raised for this audit event.

Object string

The name of the object affected by the action.

ObjectOwner string

The schema name of the object affected by the action.

ObjectType string

The type of the object in the source database affected by the action. i.e PL/SQL, SYNONYM, PACKAGE BODY.

Operation string

The name of the action executed by the user on the target database. i.e ALTER, CREATE, DROP.

OperationStatus string

Indicates whether the operation was a success or a failure.

OsTerminal string

The operating system terminal of the user session.

OsUserName string

The name of the operating system user for the database session.

TargetClass string

The class of the target that was audited.

TargetId string

The OCID of the target database that was audited.

TargetName string

The name of the target database that was audited.

TimeCollected string

The timestamp when this audit event was collected from the target database by Data Safe.

actionTaken String

The action taken for this audit event.

auditEventTime String

The time of the audit event occurrence in the target database.

auditLocation String

The location of the audit. Currently the value is audit table.

auditPolicies String

Comma-seperated list of audit policies that caused the current audit event.

auditTrailId String

The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.

auditType String

The type of the auditing.

clientHostname String

The name of the host machine from which the session was spawned.

clientId String

The client identifier in each Oracle session.

clientIp String

The IP address of the host machine from which the session was spawned.

clientProgram String

The application from which the audit event was generated. Examples SQL Plus or SQL Developer.

commandParam String

List of bind variables associated with the command text.

commandText String

The SQL associated with the audit event.

compartmentId String

A filter to return only resources that match the specified compartment OCID.

databaseType String

The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
dbUserName String

The name of the database user whose actions were audited.

definedTags Map<String,Object>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}

errorCode String

Oracle Error code generated by the action. Zero indicates the action was successful.

errorMessage String

The detailed message on why the Error occurred.

eventName String

The name of the detail action executed by the user on the target database. i.e ALTER SEQUENCE, CREATE TRIGGER, CREATE INDEX.

extendedEventAttributes String

List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.

freeformTags Map<String,Object>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}

id String

The OCID of the audit event.

isAlerted Boolean

Indicates whether an alert was raised for this audit event.

object String

The name of the object affected by the action.

objectOwner String

The schema name of the object affected by the action.

objectType String

The type of the object in the source database affected by the action. i.e PL/SQL, SYNONYM, PACKAGE BODY.

operation String

The name of the action executed by the user on the target database. i.e ALTER, CREATE, DROP.

operationStatus String

Indicates whether the operation was a success or a failure.

osTerminal String

The operating system terminal of the user session.

osUserName String

The name of the operating system user for the database session.

targetClass String

The class of the target that was audited.

targetId String

The OCID of the target database that was audited.

targetName String

The name of the target database that was audited.

timeCollected String

The timestamp when this audit event was collected from the target database by Data Safe.

actionTaken string

The action taken for this audit event.

auditEventTime string

The time of the audit event occurrence in the target database.

auditLocation string

The location of the audit. Currently the value is audit table.

auditPolicies string

Comma-seperated list of audit policies that caused the current audit event.

auditTrailId string

The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.

auditType string

The type of the auditing.

clientHostname string

The name of the host machine from which the session was spawned.

clientId string

The client identifier in each Oracle session.

clientIp string

The IP address of the host machine from which the session was spawned.

clientProgram string

The application from which the audit event was generated. Examples SQL Plus or SQL Developer.

commandParam string

List of bind variables associated with the command text.

commandText string

The SQL associated with the audit event.

compartmentId string

A filter to return only resources that match the specified compartment OCID.

databaseType string

The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
dbUserName string

The name of the database user whose actions were audited.

definedTags {[key: string]: any}

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}

errorCode string

Oracle Error code generated by the action. Zero indicates the action was successful.

errorMessage string

The detailed message on why the Error occurred.

eventName string

The name of the detail action executed by the user on the target database. i.e ALTER SEQUENCE, CREATE TRIGGER, CREATE INDEX.

extendedEventAttributes string

List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.

freeformTags {[key: string]: any}

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}

id string

The OCID of the audit event.

isAlerted boolean

Indicates whether an alert was raised for this audit event.

object string

The name of the object affected by the action.

objectOwner string

The schema name of the object affected by the action.

objectType string

The type of the object in the source database affected by the action. i.e PL/SQL, SYNONYM, PACKAGE BODY.

operation string

The name of the action executed by the user on the target database. i.e ALTER, CREATE, DROP.

operationStatus string

Indicates whether the operation was a success or a failure.

osTerminal string

The operating system terminal of the user session.

osUserName string

The name of the operating system user for the database session.

targetClass string

The class of the target that was audited.

targetId string

The OCID of the target database that was audited.

targetName string

The name of the target database that was audited.

timeCollected string

The timestamp when this audit event was collected from the target database by Data Safe.

action_taken str

The action taken for this audit event.

audit_event_time str

The time of the audit event occurrence in the target database.

audit_location str

The location of the audit. Currently the value is audit table.

audit_policies str

Comma-seperated list of audit policies that caused the current audit event.

audit_trail_id str

The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.

audit_type str

The type of the auditing.

client_hostname str

The name of the host machine from which the session was spawned.

client_id str

The client identifier in each Oracle session.

client_ip str

The IP address of the host machine from which the session was spawned.

client_program str

The application from which the audit event was generated. Examples SQL Plus or SQL Developer.

command_param str

List of bind variables associated with the command text.

command_text str

The SQL associated with the audit event.

compartment_id str

A filter to return only resources that match the specified compartment OCID.

database_type str

The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
db_user_name str

The name of the database user whose actions were audited.

defined_tags Mapping[str, Any]

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}

error_code str

Oracle Error code generated by the action. Zero indicates the action was successful.

error_message str

The detailed message on why the Error occurred.

event_name str

The name of the detail action executed by the user on the target database. i.e ALTER SEQUENCE, CREATE TRIGGER, CREATE INDEX.

extended_event_attributes str

List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.

freeform_tags Mapping[str, Any]

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}

id str

The OCID of the audit event.

is_alerted bool

Indicates whether an alert was raised for this audit event.

object str

The name of the object affected by the action.

object_owner str

The schema name of the object affected by the action.

object_type str

The type of the object in the source database affected by the action. i.e PL/SQL, SYNONYM, PACKAGE BODY.

operation str

The name of the action executed by the user on the target database. i.e ALTER, CREATE, DROP.

operation_status str

Indicates whether the operation was a success or a failure.

os_terminal str

The operating system terminal of the user session.

os_user_name str

The name of the operating system user for the database session.

target_class str

The class of the target that was audited.

target_id str

The OCID of the target database that was audited.

target_name str

The name of the target database that was audited.

time_collected str

The timestamp when this audit event was collected from the target database by Data Safe.

actionTaken String

The action taken for this audit event.

auditEventTime String

The time of the audit event occurrence in the target database.

auditLocation String

The location of the audit. Currently the value is audit table.

auditPolicies String

Comma-seperated list of audit policies that caused the current audit event.

auditTrailId String

The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.

auditType String

The type of the auditing.

clientHostname String

The name of the host machine from which the session was spawned.

clientId String

The client identifier in each Oracle session.

clientIp String

The IP address of the host machine from which the session was spawned.

clientProgram String

The application from which the audit event was generated. Examples SQL Plus or SQL Developer.

commandParam String

List of bind variables associated with the command text.

commandText String

The SQL associated with the audit event.

compartmentId String

A filter to return only resources that match the specified compartment OCID.

databaseType String

The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
dbUserName String

The name of the database user whose actions were audited.

definedTags Map<Any>

Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}

errorCode String

Oracle Error code generated by the action. Zero indicates the action was successful.

errorMessage String

The detailed message on why the Error occurred.

eventName String

The name of the detail action executed by the user on the target database. i.e ALTER SEQUENCE, CREATE TRIGGER, CREATE INDEX.

extendedEventAttributes String

List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.

freeformTags Map<Any>

Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}

id String

The OCID of the audit event.

isAlerted Boolean

Indicates whether an alert was raised for this audit event.

object String

The name of the object affected by the action.

objectOwner String

The schema name of the object affected by the action.

objectType String

The type of the object in the source database affected by the action. i.e PL/SQL, SYNONYM, PACKAGE BODY.

operation String

The name of the action executed by the user on the target database. i.e ALTER, CREATE, DROP.

operationStatus String

Indicates whether the operation was a success or a failure.

osTerminal String

The operating system terminal of the user session.

osUserName String

The name of the operating system user for the database session.

targetClass String

The class of the target that was audited.

targetId String

The OCID of the target database that was audited.

targetName String

The name of the target database that was audited.

timeCollected String

The timestamp when this audit event was collected from the target database by Data Safe.

GetAuditEventsFilter

Name string
Values List<string>
Regex bool
Name string
Values []string
Regex bool
name String
values List<String>
regex Boolean
name string
values string[]
regex boolean
name str
values Sequence[str]
regex bool
name String
values List<String>
regex Boolean

Package Details

Repository
oci pulumi/pulumi-oci
License
Apache-2.0
Notes

This Pulumi package is based on the oci Terraform Provider.