link dba_fga_audit_trail with v$session or history of session

Question

I want to find out the module with which program an audit has started. So for example if an insert statement has been done with SQL developer or Toad. I have the logging of the statement in dba_fga_audit_trail But I can't seem to find the link to the audsid so I can find more info about the session.

Is it possible to create this link by joining some tables?

Answer 1

SESSION_ID of dba_fga_audit_trail indicates the audit session ID number. It is indeed the session ID that you can also find by querying the AUDSID column in the v$session table. Nevertheless you should know that v$session displays session information for each current session, not past ones, so if you are interested in getting such information for past events, you just can't have it. Having said that, there is a way to get the client program where an event has occurred (f.e: SQL Developer), by using an Oracle product, Audit Vault and Database Firewall. In the audit report you can get fairly easily this kind of information.

Answer 2

There is a possible way to link audit trail with ASH by establishing a logon trigger for that. The LOGOFF records in audit trail (if AUDIT SESSION is active) record also the Client_Identifier from v$Session. So supplying v$Session.Client_Identifier with the needed info allows to retrieve it from DBA_Audit_Trail.Client_ID.

This logon trigger does it:

CREATE OR REPLACE TRIGGER Client_ID AFTER LOGON ON DATABASE
-- Put unique session identifier into client-id to have it also in DBA_AUDIT_TRAIL.Client_ID for LOGOFF-records
-- works than as missing link between Active Session History and Audit Trail
-- Peter Ramm, OSP Dresden, 2021-01-05
BEGIN
  -- Use alternative public package instead of SYS_CONTEXT to get the serial#
  sys.DBMS_SESSION.Set_Identifier('SID = '||DBMS_DEBUG_JDWP.CURRENT_SESSION_ID||', Serial# = '||DBMS_DEBUG_JDWP.CURRENT_SESSION_SERIAL);
END;
/