Process and system for auditing database activity
First Claim
1. A process of collecting database audit trail information associated with a database that maintains a database transaction log of first database activities performed on the database, said process comprising:
- maintaining trace data, by a processor, regarding second database activities performed on the database, the trace data identifying session activities performed after session establishment and identifying before and after values, the second database activities resulting from commands sent to the database, the trace data identifying database activities not identifiable through the database transaction log maintained by the database;
collecting log information about the first database activities from the database transaction log to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity;
collecting trace information about the second database activities from the trace data to generate collected trace information, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity;
using the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information; and
constructing the database audit trail information based on the correlated information.
7 Assignments
0 Petitions
Accused Products
Abstract
Described is a database audit system used to monitor, and optionally alert on database activity, providing a complete record of access to data and database structure. The data audit system may also provide an audit trail of data accesses and changes to database schema and permissions. A database audit may be performed by collecting data from database transaction logs and traces, exporting the collected data into a repository, and analyzing the data in the repository to create data audit reports and to provide data audit browsing capabilities.
-
Citations
57 Claims
-
1. A process of collecting database audit trail information associated with a database that maintains a database transaction log of first database activities performed on the database, said process comprising:
-
maintaining trace data, by a processor, regarding second database activities performed on the database, the trace data identifying session activities performed after session establishment and identifying before and after values, the second database activities resulting from commands sent to the database, the trace data identifying database activities not identifiable through the database transaction log maintained by the database; collecting log information about the first database activities from the database transaction log to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity; collecting trace information about the second database activities from the trace data to generate collected trace information, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity; using the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information; and constructing the database audit trail information based on the correlated information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A system for collecting database audit trail information associated with a database that maintains a database transaction log of first database activities performed on the database, said system comprising:
-
a processor; a trace collector configured to cause the processor to collect trace data regarding second database activities performed on the database, the trace data identifying session activities performed after session establishment and identifying before and after values, the second database activities resulting from commands sent to the database, the trace data identifying database activities not identifiable through the database transaction log maintained by the database; a data collection agent configured to collect log information about the first database activities from the database transaction log to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity, the data collection agent being further configured to collect trace information about the second database activities from the trace data to generate collected trace information, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity, the data collection agent being further configured to use the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information; and a data analyzer configured to construct the database audit trail information based on the correlated information. - View Dependent Claims (38, 39, 40, 41, 42)
-
-
43. A system for collecting database audit trail information associated with a database that maintains a database transaction log of first database activities performed on the database, said system comprising:
-
a processor; means for maintaining trace data regarding second database activities performed on the database, the trace data identifying session activities performed after session establishment and identifying before and after values, the second database activities resulting from commands sent to the database, the trace data identifying database activities not identifiable through the database transaction log maintained by the database; means for collecting log information about the first database activities from the database transaction log to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity; means for collecting trace information about the second database activities from the trace data to generate collected trace information, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity; means for using the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information; and means for constructing the database audit trail information based on the correlated information. - View Dependent Claims (44)
-
-
45. An agent for collecting database audit trail information associated with a database that maintains a database transaction log of first database activities performed on the database, said agent comprising:
-
a processor; a collector configured to cause the processor to collect log information about the first database activities from a database transaction log maintained by the database to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity, the collector being further configured to collect trace information from trace data regarding second database activities performed on the database to generate collected trace information, the trace data identifying session activities performed after session establishment and identifying before and after values, the second database activities resulting from commands sent to the database, the trace data identifying database activities not identifiable through the database transaction log maintained by the database, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity, and the collector being further configured use the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information; and a communicator configured to transfer the correlated information to a repository configured to provide the correlated information during construction of the database audit trail information. - View Dependent Claims (46, 47)
-
-
48. An agent for collecting database audit trail information associated with a database that maintains a database transaction log of first database activities performed on the database, said agent comprising:
-
a processor; means for collecting log information about the first database activities from a database transaction log maintained by the database to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity; means for collecting trace information regarding second database activities performed on the database from trace data, the trace data identifying session activities performed after session establishment and identifying before and after values, the second database activities resulting from commands sent to the database, the trace data identifying database activities not identifiable through the database transaction log maintained by the database, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity; means for using the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information; and means for transferring the correlated information into a repository configured to provide the correlated information during construction of the database audit trail information. - View Dependent Claims (49, 50)
-
-
51. A method of collecting information by a data collection agent from a database that maintains a database transaction log, said method comprising:
-
collecting, by a processor, log information regarding first database activities performed on the database from the database transaction log maintained by the database to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity; collecting trace information from trace data regarding second database activities performed on the database to generate collected trace information, the trace data identifying session activities performed after session establishment and identifying before and after values, the second database activities resulting from commands sent to the database, the trace data identifying database activities not identifiable through the database transaction log maintained by the database, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity; using the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information; and transferring the correlated information into a repository. - View Dependent Claims (52)
-
-
53. A system for auditing multiple databases that maintain respective database transaction logs, said system comprising:
-
a processor; a trace collector, respective to each database, configured to cause the processor to collect trace data regarding first database activities performed on a database respective to the trace collector, the trace data identifying session activities performed after session establishment and identifying before and after values, the first database activities resulting from commands sent to the database respective to the trace collector, the trace data identifying database activities not identifiable through the database transaction log maintained by the database respective to the trace collector; a data collection agent, respective to each database, configured to collect log information about second database activities from a database transaction log maintained by the database respective to the data collection agent to generate collected transaction log information, the collected transaction log information identifying information regarding a particular first database activity and including a first system process identifier associated with the particular first database activity, the data collection agent further being configured to collect trace information about the second database activities from the trace data to generate collected trace information, the collected trace information identifying a particular session activity and including a second system process identifier associated with the particular session activity, and the data collection agent further being configured to use the first system process identifier and the second system process identifier to correlate the collected transaction log information with the collected trace information to generate correlated information for the database respective to the data collection agent; and a repository configured to receive the correlated information from each respective data collection agent. - View Dependent Claims (54, 55, 56, 57)
-
Specification