1. Packages
  2. Oracle Cloud Infrastructure
  3. API Docs
  4. DataSafe
  5. getAuditEvents
Oracle Cloud Infrastructure v2.30.0 published on Monday, Apr 14, 2025 by Pulumi

oci.DataSafe.getAuditEvents

Explore with Pulumi AI

Oracle Cloud Infrastructure v2.30.0 published on Monday, Apr 14, 2025 by Pulumi

This data source provides the list of Audit Events in Oracle Cloud Infrastructure Data Safe service.

The ListAuditEvents operation returns specified compartmentId audit Events only. The list does not include any audit Events associated with the subcompartments of the specified compartmentId.

The parameter accessLevel specifies whether to return only those compartments for which the requestor has INSPECT permissions on at least one resource directly or indirectly (ACCESSIBLE) (the resource can be in a subcompartment) or to return Not Authorized if Principal doesn’t have access to even one of the child compartments. This is valid only when compartmentIdInSubtree is set to true.

The parameter compartmentIdInSubtree applies when you perform ListAuditEvents on the compartmentId passed and when it is set to true, the entire hierarchy of compartments can be returned. To get a full list of all compartments and subcompartments in the tenancy (root compartment), set the parameter compartmentIdInSubtree to true and accessLevel to ACCESSIBLE.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as oci from "@pulumi/oci";

const testAuditEvents = oci.DataSafe.getAuditEvents({
    compartmentId: compartmentId,
    accessLevel: auditEventAccessLevel,
    compartmentIdInSubtree: auditEventCompartmentIdInSubtree,
    scimQuery: auditEventScimQuery,
});
Copy
import pulumi
import pulumi_oci as oci

test_audit_events = oci.DataSafe.get_audit_events(compartment_id=compartment_id,
    access_level=audit_event_access_level,
    compartment_id_in_subtree=audit_event_compartment_id_in_subtree,
    scim_query=audit_event_scim_query)
Copy
package main

import (
	"github.com/pulumi/pulumi-oci/sdk/v2/go/oci/datasafe"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := datasafe.GetAuditEvents(ctx, &datasafe.GetAuditEventsArgs{
			CompartmentId:          compartmentId,
			AccessLevel:            pulumi.StringRef(auditEventAccessLevel),
			CompartmentIdInSubtree: pulumi.BoolRef(auditEventCompartmentIdInSubtree),
			ScimQuery:              pulumi.StringRef(auditEventScimQuery),
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
Copy
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Oci = Pulumi.Oci;

return await Deployment.RunAsync(() => 
{
    var testAuditEvents = Oci.DataSafe.GetAuditEvents.Invoke(new()
    {
        CompartmentId = compartmentId,
        AccessLevel = auditEventAccessLevel,
        CompartmentIdInSubtree = auditEventCompartmentIdInSubtree,
        ScimQuery = auditEventScimQuery,
    });

});
Copy
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.oci.DataSafe.DataSafeFunctions;
import com.pulumi.oci.DataSafe.inputs.GetAuditEventsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var testAuditEvents = DataSafeFunctions.getAuditEvents(GetAuditEventsArgs.builder()
            .compartmentId(compartmentId)
            .accessLevel(auditEventAccessLevel)
            .compartmentIdInSubtree(auditEventCompartmentIdInSubtree)
            .scimQuery(auditEventScimQuery)
            .build());

    }
}
Copy
variables:
  testAuditEvents:
    fn::invoke:
      function: oci:DataSafe:getAuditEvents
      arguments:
        compartmentId: ${compartmentId}
        accessLevel: ${auditEventAccessLevel}
        compartmentIdInSubtree: ${auditEventCompartmentIdInSubtree}
        scimQuery: ${auditEventScimQuery}
Copy

Using getAuditEvents

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAuditEvents(args: GetAuditEventsArgs, opts?: InvokeOptions): Promise<GetAuditEventsResult>
function getAuditEventsOutput(args: GetAuditEventsOutputArgs, opts?: InvokeOptions): Output<GetAuditEventsResult>
Copy
def get_audit_events(access_level: Optional[str] = None,
                     compartment_id: Optional[str] = None,
                     compartment_id_in_subtree: Optional[bool] = None,
                     filters: Optional[Sequence[_datasafe.GetAuditEventsFilter]] = None,
                     scim_query: Optional[str] = None,
                     opts: Optional[InvokeOptions] = None) -> GetAuditEventsResult
def get_audit_events_output(access_level: Optional[pulumi.Input[str]] = None,
                     compartment_id: Optional[pulumi.Input[str]] = None,
                     compartment_id_in_subtree: Optional[pulumi.Input[bool]] = None,
                     filters: Optional[pulumi.Input[Sequence[pulumi.Input[_datasafe.GetAuditEventsFilterArgs]]]] = None,
                     scim_query: Optional[pulumi.Input[str]] = None,
                     opts: Optional[InvokeOptions] = None) -> Output[GetAuditEventsResult]
Copy
func GetAuditEvents(ctx *Context, args *GetAuditEventsArgs, opts ...InvokeOption) (*GetAuditEventsResult, error)
func GetAuditEventsOutput(ctx *Context, args *GetAuditEventsOutputArgs, opts ...InvokeOption) GetAuditEventsResultOutput
Copy

> Note: This function is named GetAuditEvents in the Go SDK.

public static class GetAuditEvents 
{
    public static Task<GetAuditEventsResult> InvokeAsync(GetAuditEventsArgs args, InvokeOptions? opts = null)
    public static Output<GetAuditEventsResult> Invoke(GetAuditEventsInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetAuditEventsResult> getAuditEvents(GetAuditEventsArgs args, InvokeOptions options)
public static Output<GetAuditEventsResult> getAuditEvents(GetAuditEventsArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: oci:DataSafe/getAuditEvents:getAuditEvents
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

CompartmentId This property is required. string
A filter to return only resources that match the specified compartment OCID.
AccessLevel string
Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
CompartmentIdInSubtree bool
Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
Filters Changes to this property will trigger replacement. List<GetAuditEventsFilter>
ScimQuery string

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)

CompartmentId This property is required. string
A filter to return only resources that match the specified compartment OCID.
AccessLevel string
Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
CompartmentIdInSubtree bool
Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
Filters Changes to this property will trigger replacement. []GetAuditEventsFilter
ScimQuery string

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)

compartmentId This property is required. String
A filter to return only resources that match the specified compartment OCID.
accessLevel String
Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
compartmentIdInSubtree Boolean
Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
filters Changes to this property will trigger replacement. List<GetAuditEventsFilter>
scimQuery String

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)

compartmentId This property is required. string
A filter to return only resources that match the specified compartment OCID.
accessLevel string
Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
compartmentIdInSubtree boolean
Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
filters Changes to this property will trigger replacement. GetAuditEventsFilter[]
scimQuery string

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)

compartment_id This property is required. str
A filter to return only resources that match the specified compartment OCID.
access_level str
Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
compartment_id_in_subtree bool
Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
filters Changes to this property will trigger replacement. Sequence[datasafe.GetAuditEventsFilter]
scim_query str

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)

compartmentId This property is required. String
A filter to return only resources that match the specified compartment OCID.
accessLevel String
Valid values are RESTRICTED and ACCESSIBLE. Default is RESTRICTED. Setting this to ACCESSIBLE returns only those compartments for which the user has INSPECT permissions directly or indirectly (permissions can be on a resource in a subcompartment). When set to RESTRICTED permissions are checked and no partial results are displayed.
compartmentIdInSubtree Boolean
Default is false. When set to true, the hierarchy of compartments is traversed and all compartments and subcompartments in the tenancy are returned. Depends on the 'accessLevel' setting.
filters Changes to this property will trigger replacement. List<Property Map>
scimQuery String

The scimQuery query parameter accepts filter expressions that use the syntax described in Section 3.2.2.2 of the System for Cross-Domain Identity Management (SCIM) specification, which is available at RFC3339. In SCIM filtering expressions, text, date, and time values must be enclosed in quotation marks, with date and time values using ISO-8601 format. (Numeric and boolean values should not be quoted.)

Example: (operationTime ge "2021-06-04T01-00-26") and (eventName eq "LOGON") The attrExp or the field (for example, operationTime and eventName in above example) which is used to filter can be any of the fields returned by AuditEventSummary. adminUser, commonUser, sensitiveActivity, dsActivity can only have eq operation and value 1. These define admin user activity, common user activity, sensitive data activity and data safe activity Example: (adminUser eq 1)

getAuditEvents Result

The following output properties are available:

AuditEventCollections List<GetAuditEventsAuditEventCollection>
The list of audit_event_collection.
CompartmentId string
The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
Id string
The provider-assigned unique ID for this managed resource.
AccessLevel string
CompartmentIdInSubtree bool
Filters List<GetAuditEventsFilter>
ScimQuery string
AuditEventCollections []GetAuditEventsAuditEventCollection
The list of audit_event_collection.
CompartmentId string
The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
Id string
The provider-assigned unique ID for this managed resource.
AccessLevel string
CompartmentIdInSubtree bool
Filters []GetAuditEventsFilter
ScimQuery string
auditEventCollections List<GetAuditEventsAuditEventCollection>
The list of audit_event_collection.
compartmentId String
The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
id String
The provider-assigned unique ID for this managed resource.
accessLevel String
compartmentIdInSubtree Boolean
filters List<GetAuditEventsFilter>
scimQuery String
auditEventCollections GetAuditEventsAuditEventCollection[]
The list of audit_event_collection.
compartmentId string
The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
id string
The provider-assigned unique ID for this managed resource.
accessLevel string
compartmentIdInSubtree boolean
filters GetAuditEventsFilter[]
scimQuery string
audit_event_collections Sequence[datasafe.GetAuditEventsAuditEventCollection]
The list of audit_event_collection.
compartment_id str
The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
id str
The provider-assigned unique ID for this managed resource.
access_level str
compartment_id_in_subtree bool
filters Sequence[datasafe.GetAuditEventsFilter]
scim_query str
auditEventCollections List<Property Map>
The list of audit_event_collection.
compartmentId String
The OCID of the compartment containing the audit event. The compartment is the same as that of audit profile of the target database resource.
id String
The provider-assigned unique ID for this managed resource.
accessLevel String
compartmentIdInSubtree Boolean
filters List<Property Map>
scimQuery String

Supporting Types

GetAuditEventsAuditEventCollection

Items This property is required. List<GetAuditEventsAuditEventCollectionItem>
Array of audit event summary.
Items This property is required. []GetAuditEventsAuditEventCollectionItem
Array of audit event summary.
items This property is required. List<GetAuditEventsAuditEventCollectionItem>
Array of audit event summary.
items This property is required. GetAuditEventsAuditEventCollectionItem[]
Array of audit event summary.
items This property is required. Sequence[datasafe.GetAuditEventsAuditEventCollectionItem]
Array of audit event summary.
items This property is required. List<Property Map>
Array of audit event summary.

GetAuditEventsAuditEventCollectionItem

ActionTaken This property is required. string
The action taken for this audit event.
ApplicationContexts This property is required. string
Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
AuditEventTime This property is required. string
The time that the audit event occurs in the target database.
AuditLocation This property is required. string
The location of the audit. Currently the value is audit table.
AuditPolicies This property is required. string
Comma-seperated list of audit policies that caused the current audit event.
AuditTrailId This property is required. string
The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
AuditType This property is required. string
The type of the auditing.
ClientHostname This property is required. string
The name of the host machine from which the session was spawned.
ClientId This property is required. string
The client identifier in each Oracle session.
ClientIp This property is required. string
The IP address of the host machine from which the session was spawned.
ClientProgram This property is required. string
The application from which the audit event was generated. For example SQL Plus or SQL Developer.
CommandParam This property is required. string
List of bind variables associated with the command text.
CommandText This property is required. string
The SQL associated with the audit event.
CompartmentId This property is required. string
A filter to return only resources that match the specified compartment OCID.
DatabaseType This property is required. string
The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
DatabaseUniqueName This property is required. string
Unique name of the database associated to the peer target database.
DbUserName This property is required. string
The name of the database user whose actions were audited.
DefinedTags This property is required. Dictionary<string, string>
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}
ErrorCode This property is required. string
Oracle Error code generated by the action. Zero indicates the action was successful.
ErrorMessage This property is required. string
The detailed message on why the error occurred.
EventName This property is required. string
The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
ExtendedEventAttributes This property is required. string
List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
FgaPolicyName This property is required. string
Fine-grained auditing (FGA) policy name that generated this audit record.
FreeformTags This property is required. Dictionary<string, string>
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}
Id This property is required. string
The OCID of the audit event.
IsAlerted This property is required. bool
Indicates whether an alert was raised for this audit event.
Object This property is required. string
The name of the object affected by the action.
ObjectOwner This property is required. string
The schema name of the object affected by the action.
ObjectType This property is required. string
The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
Operation This property is required. string
The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
OperationStatus This property is required. string
Indicates whether the operation was a success or a failure.
OsTerminal This property is required. string
The operating system terminal of the user session.
OsUserName This property is required. string
The name of the operating system user for the database session.
PeerTargetDatabaseKey This property is required. int
The secondary id assigned for the peer database registered with Data Safe.
TargetClass This property is required. string
The class of the target that was audited.
TargetId This property is required. string
The OCID of the target database that was audited.
TargetName This property is required. string
The name of the target database that was audited.
TimeCollected This property is required. string
The timestamp when this audit event was collected from the target database by Data Safe.
TrailSource This property is required. string
The underlying source of unified audit trail.
ActionTaken This property is required. string
The action taken for this audit event.
ApplicationContexts This property is required. string
Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
AuditEventTime This property is required. string
The time that the audit event occurs in the target database.
AuditLocation This property is required. string
The location of the audit. Currently the value is audit table.
AuditPolicies This property is required. string
Comma-seperated list of audit policies that caused the current audit event.
AuditTrailId This property is required. string
The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
AuditType This property is required. string
The type of the auditing.
ClientHostname This property is required. string
The name of the host machine from which the session was spawned.
ClientId This property is required. string
The client identifier in each Oracle session.
ClientIp This property is required. string
The IP address of the host machine from which the session was spawned.
ClientProgram This property is required. string
The application from which the audit event was generated. For example SQL Plus or SQL Developer.
CommandParam This property is required. string
List of bind variables associated with the command text.
CommandText This property is required. string
The SQL associated with the audit event.
CompartmentId This property is required. string
A filter to return only resources that match the specified compartment OCID.
DatabaseType This property is required. string
The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
DatabaseUniqueName This property is required. string
Unique name of the database associated to the peer target database.
DbUserName This property is required. string
The name of the database user whose actions were audited.
DefinedTags This property is required. map[string]string
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}
ErrorCode This property is required. string
Oracle Error code generated by the action. Zero indicates the action was successful.
ErrorMessage This property is required. string
The detailed message on why the error occurred.
EventName This property is required. string
The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
ExtendedEventAttributes This property is required. string
List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
FgaPolicyName This property is required. string
Fine-grained auditing (FGA) policy name that generated this audit record.
FreeformTags This property is required. map[string]string
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}
Id This property is required. string
The OCID of the audit event.
IsAlerted This property is required. bool
Indicates whether an alert was raised for this audit event.
Object This property is required. string
The name of the object affected by the action.
ObjectOwner This property is required. string
The schema name of the object affected by the action.
ObjectType This property is required. string
The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
Operation This property is required. string
The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
OperationStatus This property is required. string
Indicates whether the operation was a success or a failure.
OsTerminal This property is required. string
The operating system terminal of the user session.
OsUserName This property is required. string
The name of the operating system user for the database session.
PeerTargetDatabaseKey This property is required. int
The secondary id assigned for the peer database registered with Data Safe.
TargetClass This property is required. string
The class of the target that was audited.
TargetId This property is required. string
The OCID of the target database that was audited.
TargetName This property is required. string
The name of the target database that was audited.
TimeCollected This property is required. string
The timestamp when this audit event was collected from the target database by Data Safe.
TrailSource This property is required. string
The underlying source of unified audit trail.
actionTaken This property is required. String
The action taken for this audit event.
applicationContexts This property is required. String
Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
auditEventTime This property is required. String
The time that the audit event occurs in the target database.
auditLocation This property is required. String
The location of the audit. Currently the value is audit table.
auditPolicies This property is required. String
Comma-seperated list of audit policies that caused the current audit event.
auditTrailId This property is required. String
The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
auditType This property is required. String
The type of the auditing.
clientHostname This property is required. String
The name of the host machine from which the session was spawned.
clientId This property is required. String
The client identifier in each Oracle session.
clientIp This property is required. String
The IP address of the host machine from which the session was spawned.
clientProgram This property is required. String
The application from which the audit event was generated. For example SQL Plus or SQL Developer.
commandParam This property is required. String
List of bind variables associated with the command text.
commandText This property is required. String
The SQL associated with the audit event.
compartmentId This property is required. String
A filter to return only resources that match the specified compartment OCID.
databaseType This property is required. String
The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
databaseUniqueName This property is required. String
Unique name of the database associated to the peer target database.
dbUserName This property is required. String
The name of the database user whose actions were audited.
definedTags This property is required. Map<String,String>
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}
errorCode This property is required. String
Oracle Error code generated by the action. Zero indicates the action was successful.
errorMessage This property is required. String
The detailed message on why the error occurred.
eventName This property is required. String
The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
extendedEventAttributes This property is required. String
List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
fgaPolicyName This property is required. String
Fine-grained auditing (FGA) policy name that generated this audit record.
freeformTags This property is required. Map<String,String>
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}
id This property is required. String
The OCID of the audit event.
isAlerted This property is required. Boolean
Indicates whether an alert was raised for this audit event.
object This property is required. String
The name of the object affected by the action.
objectOwner This property is required. String
The schema name of the object affected by the action.
objectType This property is required. String
The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
operation This property is required. String
The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
operationStatus This property is required. String
Indicates whether the operation was a success or a failure.
osTerminal This property is required. String
The operating system terminal of the user session.
osUserName This property is required. String
The name of the operating system user for the database session.
peerTargetDatabaseKey This property is required. Integer
The secondary id assigned for the peer database registered with Data Safe.
targetClass This property is required. String
The class of the target that was audited.
targetId This property is required. String
The OCID of the target database that was audited.
targetName This property is required. String
The name of the target database that was audited.
timeCollected This property is required. String
The timestamp when this audit event was collected from the target database by Data Safe.
trailSource This property is required. String
The underlying source of unified audit trail.
actionTaken This property is required. string
The action taken for this audit event.
applicationContexts This property is required. string
Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
auditEventTime This property is required. string
The time that the audit event occurs in the target database.
auditLocation This property is required. string
The location of the audit. Currently the value is audit table.
auditPolicies This property is required. string
Comma-seperated list of audit policies that caused the current audit event.
auditTrailId This property is required. string
The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
auditType This property is required. string
The type of the auditing.
clientHostname This property is required. string
The name of the host machine from which the session was spawned.
clientId This property is required. string
The client identifier in each Oracle session.
clientIp This property is required. string
The IP address of the host machine from which the session was spawned.
clientProgram This property is required. string
The application from which the audit event was generated. For example SQL Plus or SQL Developer.
commandParam This property is required. string
List of bind variables associated with the command text.
commandText This property is required. string
The SQL associated with the audit event.
compartmentId This property is required. string
A filter to return only resources that match the specified compartment OCID.
databaseType This property is required. string
The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
databaseUniqueName This property is required. string
Unique name of the database associated to the peer target database.
dbUserName This property is required. string
The name of the database user whose actions were audited.
definedTags This property is required. {[key: string]: string}
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}
errorCode This property is required. string
Oracle Error code generated by the action. Zero indicates the action was successful.
errorMessage This property is required. string
The detailed message on why the error occurred.
eventName This property is required. string
The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
extendedEventAttributes This property is required. string
List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
fgaPolicyName This property is required. string
Fine-grained auditing (FGA) policy name that generated this audit record.
freeformTags This property is required. {[key: string]: string}
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}
id This property is required. string
The OCID of the audit event.
isAlerted This property is required. boolean
Indicates whether an alert was raised for this audit event.
object This property is required. string
The name of the object affected by the action.
objectOwner This property is required. string
The schema name of the object affected by the action.
objectType This property is required. string
The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
operation This property is required. string
The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
operationStatus This property is required. string
Indicates whether the operation was a success or a failure.
osTerminal This property is required. string
The operating system terminal of the user session.
osUserName This property is required. string
The name of the operating system user for the database session.
peerTargetDatabaseKey This property is required. number
The secondary id assigned for the peer database registered with Data Safe.
targetClass This property is required. string
The class of the target that was audited.
targetId This property is required. string
The OCID of the target database that was audited.
targetName This property is required. string
The name of the target database that was audited.
timeCollected This property is required. string
The timestamp when this audit event was collected from the target database by Data Safe.
trailSource This property is required. string
The underlying source of unified audit trail.
action_taken This property is required. str
The action taken for this audit event.
application_contexts This property is required. str
Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
audit_event_time This property is required. str
The time that the audit event occurs in the target database.
audit_location This property is required. str
The location of the audit. Currently the value is audit table.
audit_policies This property is required. str
Comma-seperated list of audit policies that caused the current audit event.
audit_trail_id This property is required. str
The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
audit_type This property is required. str
The type of the auditing.
client_hostname This property is required. str
The name of the host machine from which the session was spawned.
client_id This property is required. str
The client identifier in each Oracle session.
client_ip This property is required. str
The IP address of the host machine from which the session was spawned.
client_program This property is required. str
The application from which the audit event was generated. For example SQL Plus or SQL Developer.
command_param This property is required. str
List of bind variables associated with the command text.
command_text This property is required. str
The SQL associated with the audit event.
compartment_id This property is required. str
A filter to return only resources that match the specified compartment OCID.
database_type This property is required. str
The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
database_unique_name This property is required. str
Unique name of the database associated to the peer target database.
db_user_name This property is required. str
The name of the database user whose actions were audited.
defined_tags This property is required. Mapping[str, str]
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}
error_code This property is required. str
Oracle Error code generated by the action. Zero indicates the action was successful.
error_message This property is required. str
The detailed message on why the error occurred.
event_name This property is required. str
The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
extended_event_attributes This property is required. str
List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
fga_policy_name This property is required. str
Fine-grained auditing (FGA) policy name that generated this audit record.
freeform_tags This property is required. Mapping[str, str]
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}
id This property is required. str
The OCID of the audit event.
is_alerted This property is required. bool
Indicates whether an alert was raised for this audit event.
object This property is required. str
The name of the object affected by the action.
object_owner This property is required. str
The schema name of the object affected by the action.
object_type This property is required. str
The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
operation This property is required. str
The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
operation_status This property is required. str
Indicates whether the operation was a success or a failure.
os_terminal This property is required. str
The operating system terminal of the user session.
os_user_name This property is required. str
The name of the operating system user for the database session.
peer_target_database_key This property is required. int
The secondary id assigned for the peer database registered with Data Safe.
target_class This property is required. str
The class of the target that was audited.
target_id This property is required. str
The OCID of the target database that was audited.
target_name This property is required. str
The name of the target database that was audited.
time_collected This property is required. str
The timestamp when this audit event was collected from the target database by Data Safe.
trail_source This property is required. str
The underlying source of unified audit trail.
actionTaken This property is required. String
The action taken for this audit event.
applicationContexts This property is required. String
Semicolon-seperated list of application context namespace, attribute, value information in (APPCTX_NSPACE,APPCTX_ATTRIBUTE=) format.
auditEventTime This property is required. String
The time that the audit event occurs in the target database.
auditLocation This property is required. String
The location of the audit. Currently the value is audit table.
auditPolicies This property is required. String
Comma-seperated list of audit policies that caused the current audit event.
auditTrailId This property is required. String
The OCID of the audit trail that generated this audit event. To be noted, this field has been deprecated.
auditType This property is required. String
The type of the auditing.
clientHostname This property is required. String
The name of the host machine from which the session was spawned.
clientId This property is required. String
The client identifier in each Oracle session.
clientIp This property is required. String
The IP address of the host machine from which the session was spawned.
clientProgram This property is required. String
The application from which the audit event was generated. For example SQL Plus or SQL Developer.
commandParam This property is required. String
List of bind variables associated with the command text.
commandText This property is required. String
The SQL associated with the audit event.
compartmentId This property is required. String
A filter to return only resources that match the specified compartment OCID.
databaseType This property is required. String
The type of the target database that was audited. Allowed values are

  • DATABASE_CLOUD_SERVICE - Represents Oracle Database Cloud Services.
  • AUTONOMOUS_DATABASE - Represents Oracle Autonomous Databases.
  • INSTALLED_DATABASE - Represents databases running on-premises or on compute instances.
databaseUniqueName This property is required. String
Unique name of the database associated to the peer target database.
dbUserName This property is required. String
The name of the database user whose actions were audited.
definedTags This property is required. Map<String>
Defined tags for this resource. Each key is predefined and scoped to a namespace. For more information, see Resource Tags Example: {"Operations.CostCenter": "42"}
errorCode This property is required. String
Oracle Error code generated by the action. Zero indicates the action was successful.
errorMessage This property is required. String
The detailed message on why the error occurred.
eventName This property is required. String
The name of the detail action executed by the user on the target database. For example ALTER SEQUENCE, CREATE TRIGGER or CREATE INDEX.
extendedEventAttributes This property is required. String
List of all other attributes of the audit event seperated by a colon other than the one returned in audit record.
fgaPolicyName This property is required. String
Fine-grained auditing (FGA) policy name that generated this audit record.
freeformTags This property is required. Map<String>
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. For more information, see Resource Tags Example: {"Department": "Finance"}
id This property is required. String
The OCID of the audit event.
isAlerted This property is required. Boolean
Indicates whether an alert was raised for this audit event.
object This property is required. String
The name of the object affected by the action.
objectOwner This property is required. String
The schema name of the object affected by the action.
objectType This property is required. String
The type of the object in the source database affected by the action. For example PL/SQL, SYNONYM or PACKAGE BODY.
operation This property is required. String
The name of the action executed by the user on the target database. For example ALTER, CREATE or DROP.
operationStatus This property is required. String
Indicates whether the operation was a success or a failure.
osTerminal This property is required. String
The operating system terminal of the user session.
osUserName This property is required. String
The name of the operating system user for the database session.
peerTargetDatabaseKey This property is required. Number
The secondary id assigned for the peer database registered with Data Safe.
targetClass This property is required. String
The class of the target that was audited.
targetId This property is required. String
The OCID of the target database that was audited.
targetName This property is required. String
The name of the target database that was audited.
timeCollected This property is required. String
The timestamp when this audit event was collected from the target database by Data Safe.
trailSource This property is required. String
The underlying source of unified audit trail.

GetAuditEventsFilter

Name This property is required. string
Values This property is required. List<string>
Regex bool
Name This property is required. string
Values This property is required. []string
Regex bool
name This property is required. String
values This property is required. List<String>
regex Boolean
name This property is required. string
values This property is required. string[]
regex boolean
name This property is required. str
values This property is required. Sequence[str]
regex bool
name This property is required. String
values This property is required. List<String>
regex Boolean

Package Details

Repository
oci pulumi/pulumi-oci
License
Apache-2.0
Notes
This Pulumi package is based on the oci Terraform Provider.
Oracle Cloud Infrastructure v2.30.0 published on Monday, Apr 14, 2025 by Pulumi