Audit of dba to syslog
Hi Hemant,
11.2.0.1
AIX 6.1
I am still confused logging sys.
I have configured operating sys forest already thru:
Edition pfile and add:
*.audit_file_dest='/var/log/Oracle/proddr '
* .audit_sys_operations = TRUE
* .audit_trail = "OS".
* .audit_syslog_level ='LOCAL5. INFO'
The listener asked me to test the connection sys and drop the table EMP to scott;
Then check if I was logged in OS syslog. But he was not there
How can I include this activity sys in syslog?
Thank you
zxy
sybrand_b wrote:
Once again
READ THE DOCUMENTATION!
READ THE DOCUMENTATION!
READ THE DOCUMENTATION!
READ THE DOCUMENTATION!
READ THE DOCUMENTATION!
AUD $ SYS does not exist and SYS saves only at the level of the BONE.
When will you stop your abuse under this forum?
---------------
Sybrand Bakker
Senior Oracle DBA
can you talk to the people a little more politely please.
Tags: Database
Similar Questions
-
How to send the autdit log to syslog?
Hi all
11.2.0.1
AIX 6.1
Our auditor TI wants to save our audit of the log files of the operating system, which can be protected by the root, so that - dba oracle (sys) can not touch it. Then the auditor wanted to send it to our server on another central audit trail machine.
I found this link in google:
http://underdarkonsole.blogspot.com/2011/10/send-Oracle-11g-audit-log-to-syslog.html
The 3rd party software such as kiwis and Splunk mentioned link. Is it necessary to send the audit log to syslog?
Thank you very much
zxy
You do not write. Oracle sends audit messages to the syslog facility. It is the syslog daemon which is writing.
Hemant K Collette
-
Access Cisco profile 42 "Console, syslog and SSH
Hello
I profile 42 "with the version of the TCNC 4.2.1265253 software
I have query on Cisco profile 42 "and 52"
(1) profile 42 ", I activated the Serial Port Mode 'on '.
but I am not able to connect to profile 42 "(à l'intérieur de codec peut être c20) the console with onCOM1 rate 38400 baud rate"
Is it disabled in the profile 42 "code?
(2) I have configured security-> Audit-> IP server of syslog and logging-> external
But any change in configuration, I do it on profile 42 "is not loggin to syslog server.
But other devices such as the VCS and MCU send syslog server syslog message.
I have attached the profile 42 "screen shot, is there anything else required for syslog?
(3) profile 42 "with TCNC 4.2.1265253 - SSH software version is not supported?
even if I enable SSH mode 'on' I'm not able to ssh to the machine.
(4) we have another point of termination profile 52 "with active encryption version TC4.2.1.265253 software.
I am able to connect through SSH, but the problem is, it accepts the connection without asking for user name and password...!
I have attached the profile 42 "GUI config screenshot
Pls. suggest, if you have the solution to all these questions.
Thank you
Rajesh
Hello
I tried on my SX20 and I see the messages are sent to the port TCP 514:
[dderidde-sx20: / var/log/eventlog] $ tcp port 514 - vv x tcpdump
10:27:03.870003 IP (tos 0x0, ttl 64, id 2654, offset 0, flags [DF], proto TCP (6), length 145)
DHCP-dgm2-vl300-144-254-13-42.Cisco.com.53345 > drop.cisco.com.514: flags [P.], cksum 0xe629 (correct), seq, ack, 1:94 1, winning 137, the options [nop, nop, Rec. TS 45532890 3096889259 val], length 93
0x0000: 4500 4000-4006 e792 90fe 0d2a E...^@.@...* 0a5e 0091
0 0010 x: 0 to 30 a01e d061 0202 dd1b cc8c d 014 3b 09. 0... a... M;.
0 x 0020: 8018 0089 e629 0000 0101 080 a 02 b 6 c6da...) ..........
0 x 0030: c7ab 3 38 c b896 363rd 4a 61 3233 2031 6e20... <86>Jan.23.1
0 x 0040: 303 3 a 31 3236 286th 3720 6529 2073 6f6e a 0:26:17. (none) .s
0 x 0050: 645 b 7368 3233 3039 345 d 3 has 20 7061 6d5f shd [23094]: .pam_
0 x 0060: 756 6978 2873 7368 643 a 7365 7373 696f unix (sshd:sessio
0 x 0070: 3 a 20 7365 and 7373 696f 6e20 636 6e29 c 6f73 n):. session.clos
0 x 0080: 6564 2066 2075 7365 7220 726f 6f74 ed.for.user.root 6f72
0x0 0090: a
I found this DDT which tells me to use the TCP protocol as a "Workaround".
CSCts98937 - EX60/EX90 and impossible to get work of Syslog C90/C60
Symptom:
Not seeing the SNMP or Syslog traffic on port 514 UDP.
Conditions:
Normal operation.
Workaround solution:
Use port TCP 514...
Note:
Make sure you restart the codec after you enable the Syslog.
Contact the engineering/documentation if TCP is the only mode of transport.
86> -
Hi, I need to create an audit table every time someone connects to the database using a TOAD, PL/SQL Developer, SQLPlus, etc..
I want to write from this query, a record in my table of audit
My question is, is there something in which I can put this code whenever a connection to the database occurs? Please note that my subject line States, I'm not a DBA but if what I do requires access s/n, I get that.SELECT sys_context('USERENV', 'SESSION_USER'), sys_context('USERENV', 'IP_ADDRESS'), sys_context('USERENV', 'TERMINAL') FROM dual;
Thanks in advanceIf use you the trigger, you can put in an if statement only insert in a certain situation.
For example if the user = JOE then insert, else do nothing.
The exception handler 'ignore errors' is "when other then null.
Published by: Robert Geier on March 4, 2010 10:50
-
I'm not a DBA - question audit
* My apologies if this is the wrong forum *.
deleted... posted in the forum of the database...
Published by: DM on March 4, 2010 10:27Please look in the DATABASE TRIGGERS.
Sample Code can be like this,
-- DROP TABLE SESSION_INFORMATION; CREATE TABLE SESSION_INFORMATION ( SSIF_ID NUMBER PRIMARY KEY, SSIF_USERNAME VARCHAR2(100), SSIF_SESSION_ID VARCHAR2(100), SSIF_AUTH_TYPE VARCHAR2(100), SSIF_HOST VARCHAR2(100), SSIF_IP VARCHAR(100), SSIF_LOGON DATE, SSIF_LOGOFF DATE );
CREATE OR REPLACE TRIGGER TRG_LOGON_DB AFTER LOGON ON DATABASE DECLARE vUserName VARCHAR2(100); vSessionId VARCHAR2(100); vAuthType VARCHAR2(100); vHostName VARCHAR2(100); vIP VARCHAR2(100); vId INTEGER; BEGIN SELECT SESSION_INFORMATION_SEQ.NEXTVAL INTO vId FROM DUAL; SELECT SYS_CONTEXT('USERENV', 'OS_USER') INTO vUserName FROM DUAL; SELECT SYS_CONTEXT('USERENV', 'SESSIONID')INTO vSessionId FROM DUAL; SELECT SYS_CONTEXT('USERENV', 'AUTHENTICATION_TYPE')INTO vAuthType FROM DUAL; SELECT SYS_CONTEXT('USERENV', 'HOST')INTO vHostName FROM DUAL; SELECT SYS_CONTEXT('USERENV', 'IP_ADDRESS')INTO vIP FROM DUAL; INSERT INTO SESSION_INFORMATION (SSIF_ID,SSIF_USERNAME,SSIF_SESSION_ID,SSIF_AUTH_TYPE,SSIF_HOST,SSIF_IP,SSIF_LOGON) VALUES (vId,vUserName,vSessionId,vAuthType,vHostName,vIP,SYSDATE); COMMIT; END;
CREATE OR REPLACE TRIGGER TRG_BEFORE_LOGOFF BEFORE LOGOFF ON DATABASE DECLARE vSessionId VARCHAR2(100); BEGIN SELECT SYS_CONTEXT('USERENV', 'SESSIONID')INTO vSessionId FROM DUAL; UPDATE SESSION_INFORMATION SET SSIF_LOGOFF = SYSDATE WHERE SSIF_SESSION_ID = vSessionId; END TRG_BEFORE_LOGOFF;
Note: It is just one example of code, please change according to your requirement.
Thank you
Dharan VPublished by: DharanV on March 4, 2010 16:00-IE.
It's wrong... I do not expect that the thread will be closed in this short period :-( -
Hello
I would like to know how can I check SYSTEM SYS, SYSDBA, and
Oracle role granted DBA user ID.
I made these changes
SQL > ALTER SYSTEM SET audit_sys_operations = TRUE scope = spfile;
SQL > ALTER SYSTEM SET audit_trail = db, extended the scope = SPFILE;
and also I tried to run this command. But somehow sysdba records do not receive
audited.
SYS BY ACCESS VERIFICATION;
But I got this error:
ORA-00983: can not audit or noaudit SYS user actions
Basically, I'd like to see these audit documents in
SYS. AUD$.
Thank you
GuzThe CHECK command for audit actions / connections etc can be run for SYS.
The SYS actions audited by AUDIT_SYS_OPERATIONS. These are NOT the SYS. AUD$ (inside the database) but go to files of the BONE - in $ORACLE_HOME/rdbms/audit in earlier versions, in the respective audit directory to 11 g.
There are two reasons for verification does not go to the database (in SYS. AUD$)
1. If the Tablespace SYSTEM is full and can not autoextend and SYS. AUD$ needs to grow and can not develop, you enter a deadlock. You won't be able to use SYS to same login / start / stop!
2 SYS can remove lines of SYS. AUD$. So a DBA to whom you have granted SYS AS SYSDBA can "cover his tracks". IF the audit goes to external files - and generally, this can be integrated with the OS syslog facility, the DBA doesn't have access to the audit trail (he may have read access but not write access).
See http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams014.htm#CHDGACIF
Hemant K Collette
http://hemantoracledba.blogspot.com -
Dear administrators,
We want to enable DBAs db / audit of operating system and to this end, we have created audit_trail for os and it records all activities carried out by the DBA in the operating system event log, then I put audit_trail DB but and rebounded from the database but does not meet one of the following tables for DBA activities ,
DBA_AUDIT_TRAIL
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
the audit_sys_operations has also been set to true,
Kindly help.
Kind regards
Asif AbbasiMeasures by accounts of DBA named (for example 'HEMANT"or"ASIF") will be the point of view DBA_AUDIT, but shares SYSDBA will go in the SysLog of BONES.
-
is it possible to configure syslog on ACS appliance running ver 3.3?
Hello
No, ACS 3.3 does not support syslogging.
This feature has been added to the ACS 4.1
Auditing and Reporting:
Release notes:
You can get logging remotely (method to store logs on a machine where the remote agent is installed) that ACS has a limited storage capacity.
HTH
Kind regards
Jousset
Please evaluate the useful messages-
-
DBMS_FGA audit. DISABLE_POLICY
Dear Experts
I created a policy FGA. It works very well. I mean I can see a record of any select statement on the ground that I put under the protection of FGA.
But I can't find a way to check any DBMS_FGA. DISABLE_POLICY() operation on this policy? My concern is that I want to know which invalidates the policy in.
Thank you.
Concerning
JG
You must use the Standard audit for this:
SQL > create user vlad identified by vlad;
Created by the user.
SQL > grant connect, the DBA to vlad.
Grant succeeded.
SQL > check run on dbms_fga by access;
Verification succeeded.
SQL > delete from aud$;
2650 deleted rows.
SQL > conn vlad/vlad
Connected.
SQL > start
DBMS_FGA 2. () ADD_POLICY
object_schema 3-online "scott."
object_name-online "emp",.
4 5 policy_name-online "mypolicy1."
audit_condition 6 => ' sal<>
audit_column 7 => 'comm, sal',.
handler_schema => NULL,
8 9 handler_module => NULL,
10 activate-online TRUE,
11 statement_types => 'INSERT, updated',
12 audit_trail-online DBMS_FGA. XML + DBMS_FGA. EXTENDED,
13 audit_column_opts-online DBMS_FGA. ANY_COLUMNS);
14 end;
15.
PL/SQL procedure successfully completed.
SQL > start
DBMS_FGA. () DISABLE_POLICY
object_schema-online "scott."
object_name-online "emp",.
POLICY_NAME-online 'mypolicy1');
end;
/ 2 3 4 5 6 7
PL/SQL procedure successfully completed.
SQL > select username, action_name, obj_name dba_audit_trail where username = 'VLAD ';
USER NAME ACTION_NAME
------------------------------ ----------------------------
OBJ_NAME
--------------------------------------------------------------------------------
VLAD RUN THE PROCEDURE
DBMS_FGA
OPENING OF SESSION OF VLAD
VLAD RUN THE PROCEDURE
DBMS_FGA
You can set the DB audit trail, EXPANDED to capture the entire block pl/sql executed
-
Select * from v$ PDB returning some lines of non - sys account DBA
I am unable to find any documentation related to this privilege can benefit a common user in CBD root of database that allows the user to select from V$ PDB
Server11:CPPPRD:Oracle: / u01/app > sqlplus C ##IMDBA - this user has a DBA role in the base of the root
SQL * more: Production of the version 12.1.0.2.0 on Mon Sep 14 08:26:17 2015
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Enter the password:
Last successful login time: Fri Sep 11-2015 15:55:05-0600
Connected to:
Database Oracle 12 c Enterprise Edition Release 12.1.0.2.0 - 64 bit Production
With the partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified audit options
SQL > select * from v$ PDB;
no selected line
SQL > exit
Disconnected from the database Oracle 12 c Enterprise Edition Release 12.1.0.2.0 - 64 bit Production
With the partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified audit options
Server11:CPPPRD:Oracle: / u01/app > sqlplus / as sysdba
SQL * more: Production of the version 12.1.0.2.0 on Mon Sep 14 08:26:36 2015
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Database Oracle 12 c Enterprise Edition Release 12.1.0.2.0 - 64 bit Production
With the partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified audit options
SQL > select name from v$ PDB;
NAME
------------------------------
PDB$ SEEDS
APPPROD
SQL > exit
Disconnected from the database Oracle 12 c Enterprise Edition Release 12.1.0.2.0 - 64 bit Production
With the partitioning, OLAP, Advanced Analytics, Real Application Testing
and Unified audit options
If you want that the common user will be able to view this data across all containers, you will need to use the container_data clause.
Run through the user SYS to the CBD$ ROOT the following command:
change user C ##IMDBA set container_data = container all = current
BTW, you can also specify that C ##IMDBA will have the ability to view the data across all the container only for V$ PDB by running:
change user ##IMDBA set container_data = all Molok sys.v_ C $pdbs = current
And you can also check the settings of data container by selecting CDB_CONTAINER_DATA
According to the Oracle doc:
container_data_clause
The
container_data_clause
allows the game and changeCONTAINER_DATA
to a common user attributes. Use of theFOR
clause to indicate whether to set or change the defaultCONTAINER_DATA
attribute or a specific objectCONTAINER_DATA
attribute. These attributes determine all of the containers (which can never exclude the root) whose data will be visible viaCONTAINER_DATA
objects to the common user specified when the current session is the root.Read more here:
http://docs.Oracle.com/database/121/Admin/cdb_mon.htm#ADMIN13931
http://docs.Oracle.com/database/121/SQLRF/statements_4003.htm#SQLRF01103
-
Dear friends, DBA,
Version of DB - 11.1.0.7
I have a situation where I have to trace SQLs run by a specific user. The user executes the action click in front end application and I need to follow what SQLs it is running in the database.
This is not feasible with the tracing session level that the session ID changes in the course of the series click and go the actions performed by this user in the application.
What would be an apt approach to follow the action performed by the user on the database? An option of the audit?
Thank you.
within the LOGON trigger you could do as below based on the value of the USER
ALTER SESSION SET SQL_TRACE = TRUE;
-
I have installation BSM on my solaris 10 Server. I configured BSM to be sent to syslog. I registered my target secure on the server of the AV type Oracle Solaris. Add an audit trail of pointing to the syslog file. The Audit Trail starts and stops after a few seconds. the error I get from the agent log is
[2014 11-25 T 11: 36:38.647 + 02:00] [collfwk] [ERROR] [] [] [tid: 10] [ecid: 192.169.1.50:11353:1416908198895:0, 0] FVO-8015: initialization of the instanceCollectionController AuditEventCollector error: run: process() Exception. [[
Instance of Error initializing AuditEventCollector
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:322)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:402)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:350)
at java.lang.Thread.run(Thread.java:662)
Nested exception:
java.lang.NumberFormatException: for input string: "invalid audit trail: / var/adm."
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
at java.lang.Integer.parseInt(Integer.java:449)
in java.lang.Integer. < init > (Integer.java:660)
to oracle.av.platform.common.exception.AuditException. < init > (AuditException.java:118)
to oracle.av.platform.agent.collfwk.AuditEventCollectorException. < init > (AuditEventCollectorException.java:59)
at com.oracle.solaris.SolarisCollector.initializeCollector(SolarisCollector.java:86)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:316)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:402)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:350)
at java.lang.Thread.run(Thread.java:662)
]]
[2014 11-25 T 11: 47:49.248 + 02:00] [collfwk] [ERROR] [] [] [tid: 11] [ecid: 192.169.1.50:11353:1416908869249:1, 0] FVO-8015: initialization of the instanceCollectionController AuditEventCollector error: run: process() Exception. [[
Instance of Error initializing AuditEventCollector
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:322)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:402)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:350)
at java.lang.Thread.run(Thread.java:662)
Nested exception:
java.lang.NumberFormatException: for input string: "invalid audit trail: / var/audit.
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:48)
at java.lang.Integer.parseInt(Integer.java:449)
in java.lang.Integer. < init > (Integer.java:660)
to oracle.av.platform.common.exception.AuditException. < init > (AuditException.java:118)
to oracle.av.platform.agent.collfwk.AuditEventCollectorException. < init > (AuditEventCollectorException.java:59)
at com.oracle.solaris.SolarisCollector.initializeCollector(SolarisCollector.java:86)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.initialize(CollectionController.java:316)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.process(CollectionController.java:402)
at oracle.av.platform.agent.collfwk.impl.controller.CollectionController.run(CollectionController.java:350)
at java.lang.Thread.run(Thread.java:662)
]]
Can you please help with instructions/solution implementation of Oracle Solaris secure target? A beginner in Audit Vault.
I have the installation path for the database and which works very well
concerning
Thanks for the pointers. After you add hostname to the location of the trail, the audit trail is running
-
I am trying to run
"AUDIT INSERT, UPDATE, DELETE on emp BY ACCESS WHENEVER SUCCESSFUL;"
in "SQL commands" on oracle-apex (version 4.2.5.00.08).
I get the error message ' ORA-00911: invalid character '.
Can someone tell me the solution for this?
Apex environment we need to set the database AUDIT_TRAIL to TRUE for the control
"AUDIT INSERT, UPDATE, DELETE on emp BY ACCESS WHENEVER SUCCESSFUL;" to work.
By their Summit, to be able to change the setting of database AUDIT_TRAIL we have to log-in as a DBA from the link "SQL workshop--> utilities--> on the database.
-
AUDIT only creates a record if the privilege is granted
Hello world. I try to configure auditing for security requirements and did some tests on a test database. (10.2.0.5 on RHEL 6) with the statement of VERIFICATION BY CREATING the ACCESS USERS.
Just did some quick tests, I found that VERIFICATION will only create a folder if I have the privilege to CREATE a USER. For example, here's my test case and the result:
1. without privilege
-CHECK CREATE USER BY ACCESS
-Scott doesn't have the privilege to create users
-Try to create the user, without success.
-No record is generated in the audit log.
2. with privilege
-CHECK CREATE USER BY ACCESS
-Scott got the privilege to create users
-Try to create users, success
-Record is generated in the audit log
-Try to remove the user, without success
-No record is generated in the audit log.
I guess it comes to the design provided by Oracle, but this is not a little limited with respect to the audit of the attempts of creating a user? For example, if a user can access the database and kept the attempt to add users or perform other commands to test the limits of its privileges, which doesn't record? Just my 2 cents.
CHECKING DBA;
will begin recording failures.
Before checking dba:
Select username, extended_timestamp, action_name returncode from dba_audit_trail where username = 'AAA ';
USERNAME EXTENDED_TIMESTAMP ACTION_NAME RETURNCODE ------------------------------ --------------------------------------------------------------------------- ---------------------------- ----------
AAA 10.34.49.648357 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 10.53.58.118870 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 10.55.25.684156 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 11.07.13.836793 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 10.35.08.209502 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 AAA 10.54.18.688233 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 AAA 10.55.44.786759 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 AAA 11.07.23.881964 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 After checking dba:
Select username, extended_timestamp, action_name returncode from dba_audit_trail where username = 'AAA ';
USERNAME EXTENDED_TIMESTAMP ACTION_NAME RETURNCODE ------------------------------ --------------------------------------------------------------------------- ---------------------------- ----------
AAA 11.07.18.790623 25-SEP-14 H + 03:00 CREATING USER 1031 AAA 10.34.49.648357 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 10.53.58.118870 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 10.55.25.684156 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 11.07.13.836793 25-SEP-14 H + 03:00 OPENING OF SESSION 0 AAA 10.35.08.209502 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 AAA 10.54.18.688233 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 AAA 10.55.44.786759 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 AAA 11.07.23.881964 25-SEP-14 H + 03:00 CLOSURE OF SESSION 0 -
Hi all
11.2.0.3.11
AIX6
The security check is redundant question me again on the audit policy in our database.
He demanded that all actions taken by DBA must be registered.
I told him that this is the default Oracle to record all actions of dba and sys, right?
And the evidence is the log in right AUDIT_FILE_DEST?
SQL > see the parameter checking
VALUE OF TYPE NAME
------------------------------------ ----------- ------------------------------
audit_file_dest string/oracle/app/oracle/admin/batch dev/adump
audit_sys_operations Boolean TRUE
audit_syslog_level string
AUDIT_TRAIL DB string
But, he said, he needs proof of evidence.
Which of the following db views show that all the actions of dba is be saved?
ALL_DEF_AUDIT_OPTS;
DBA_AUDIT_POLICIES
DBA_AUDIT_POLICY_COLUMNS
DBA_AUDIT_EXISTS
DBA_AUDIT_OBJECT
DBA_AUDIT_SESSION
DBA_AUDIT_STATEMENT
DBA_AUDIT_TRAIL
DBA_COMMON_AUDIT_TRAIL
DBA_FGA_AUDIT_TRAIL
DBA_OBJ_AUDIT_OPTS
DBA_PRIV_AUDIT_OPTS
DBA_STMT_AUDIT_OPTS
Help, please.
MK
"
AUDIT_SYS_OPERATIONS
turns on or off the audit of higher level operations, which are SQL statements issued directly by users when connecting withSYSDBA
orSYSOPER
privileges. »That is, if you want to audit users with sysdba (sys, system) privileges this option must be set.
Because the user with sysdba privileges is able to manipulate the context of table sys.aud$ audit documents will OS location defined by audit_file_dest. This assumes that the user with sysdba privileges doesn't have access to this directory (segregation of duties) or at least has no write permission.
This verification of documents are simple text files (until audit_trail is set to xml or xml, extended). This means that operations intensive system, they could fill the disc and it is necessary to follow the free space on the disk and treat these files with external tools.
An another possible solution (in which documentation because I don't use it) is Oracle Audit Vault as mentioned Maran.
Maybe you are looking for
-
IOS 9.3.4 and "Stocks" in the Notifications, I guess that the quotes are delayed, but by how much?
-
MacBook is unable to return to Time Capsule; I-Mac backups are OK.
Olivier 10 usage but my MacBook can't run Time Capsule backups. I have Mac has no problem. Where can I find a solution?
-
ThinkPad Compact USB Keyboard (B 0, 47190) - cleaning tips
Hello I am a keyboard ThinkPad Compact USB Keyboard (model 0 B 47190 KU-1255). It's great to type on this keyboard. I would like to know what is the best way to clean the keyboard from time to time? Are there special cleaning kits? Please notify. Tha
-
Update for ATI Mobility HD Radeon 5650 on HP Pavilion dv6
Hello I have the following problem: When I want to update my graphics card on the following Web site: this Web site and I install, there is an error message that "AMD Catalyst Mobility cannot be downloaded on my computer because of incompatible hardw
-
No start-up of the thread when changing the HARD drive
My hard drive was broken and I had to replace it.I have a new hard drive HP (thanks for the quick support & delivery!) and he succeeded.Now, I want to start my laptop but it says the following: Not found boot devicePlease install an operating system