DbWatch supports auditing of all statements that are executed on the database instances from dbWatch.
There is currently no graphical way of turning this feature on, so it involves manually editing the server_configuration.xml file.
Stop the dbWatch Server and take a backup of this file before editing it.
Add the following tag to the file:
<audit-settings> <audit-setting> <audit-catalog>E:/dbWatch/dbw-audit</audit-catalog> <file-switch-interval-minutes>360</file-switch-interval-minutes> <audit-level>2</audit-level> <file-keep-for-days>7</file-keep-for-days> </audit-setting> </audit-settings>
- audit-catalog The catalog where dbWatch will place the audit files. dbWatch will create a file called audit.log in this catalog. The catalog used must be created already, and be read/writeable by the user that runs the dbWatch Service.
- file-switch-interval-minutes How many minutes should pass before switching log files. When switching files, dbWatch creates a zip file of the log and names it with a timestamp. Then a new audit.log file is created and used.
- file-keep-for-days Zip files that are older than this will be deleted. A value of 0, means it will not delete any files.
- audit-level 0=no logging, 1 = log statements triggered by user actions, 2 = log all statements
Example log entry:
Entry [Feb 16, 2023 11:53:01 AM][pcu][10.0.1.112/1521][sys as sysdba] SELECT 1 FROM DUAL
From this entry we can see the time, dbWatch user, the ip and port of the database we connect to, and the database credentials used, as well as the statement.