I have a requirement to capture config changes in the logs. I tried it and it is not writing to AWS RDS audit logs.
example
CREATE USER test IDENTIFIED BY "test123!"
default tablespace users
temporary tablespace TEMP_DBPRODB
profile DEFAULT;
GRANT CONNECT, RESOURCE to test;
alter user test profile SERVICE_ACCOUNT;
it is not getting captured
I tried it on a non AWS RDS Oracle database and the above changes are gettting written to the audit log
here is what I see in the audit log
Tue Jun 13 11:47:53 2023 -04:00
LENGTH : '254'
ACTION :[101] 'CREATE USER test IDENTIFIED BY * default tablespace users
temporary tablespace TEMP
profile DEFAULT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
Tue Jun 13 11:48:13 2023 -04:00
LENGTH : '183'
ACTION :[31] 'GRANT CONNECT, RESOURCE to test'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
Tue Jun 13 11:50:15 2023 -04:00
LENGTH : '191'
ACTION :[39] 'alter user test profile SERVICE_ACCOUNT'
DATABASE USER:[1] '/'
PRIVILEGE :[6] 'SYSDBA'
CLIENT USER:[6] 'oracle'
The parameter setting for this database I see is
SQL> show parameter audit_trail
NAME TYPE VALUE
audit_trail string DB, EXTENDED
Whereas for AWS RDS database that value is null.
Is that the reason the audit logs is not capturing those changes?