The database audit

Similar Questions

• How s/n know when and what account perform a function using the database link?

  Dear,

  My application of the CIM team asked DBA to create new function and run it. Function must use the database link for remote database data. So I need to create a new database to their licensing link. Cause we guess we'll experience the performance issue after the user performs this function, or another question and errors may occur. So we want to know when and who use this feature that connects to a remote database through the new database connection in advance. And I also need to know when and which connect to the remote database using this new database link. We have no idea to get this information?  Can anyone recommend how do? Thank you very much.

  Best reqards, Otis.

  Check what business purpose, it will solve.  If the function is so safe, why everyone will use. Only admin people should access.

  All of these additional controls of this kind must be avoided as much as possible to improve the overall performance of the application.

  Still if you need, see the database audit mechanism, specifically designed for this type of activity.

  Kind regards

  Harman

• The vault database Audit trail

  Hi all

  11.2.0.1

  AIX 6.1

  We met the performance issue because one of the entry in the config DB Vault configuration has been deleted.

  Where can we find that erased the configuration? This part of the database is audit? It goes back in SYS $ AUD

  Thank you.

  Answer: Log is also in SYS$ AUD

• Apex - with the external database audit trail

  I'm currently installing a primitive audit trail that allows me to record data, create users, update, update user. I currently have 3/4 but I can not get the user name in the database like V ('APP_USER') is at the top and the database in Oracle 10 G elsewhere.

  Suggestions or alternative ideas?

  f1f7a787-7f56-4451-8300-5a9a0215226b

  If v() and apex_application.g_user are not available in the trigger on the external database code.

  But the external database package variables and procedures are available on the database running APEX.

  What I would do, is to create a package with a package variable that will contain the user of the apex. (in the external database)

  Then, in the application definition > session database > initialization code PL/SQL defined this package to the apex user variable.

  Clear the package again variable in the cleanup code.

  Using a package variable means that the value is aviable at the session of entire database but not outside the East.

  Apex every page load or submit and load next page is a database session.

  Now the package variable will be set when a user of the apex and the null value when there is a database user.

  Using an nvl around the package with user variable as an alternative, will give you the user apex when the action was made by a user of the apex and the database user is not.

  Nicolette

  PS change your handle or at the signing of all least your post will result in a more friendly welcome message.

• Audit on any imapact on the database

  Hello
  
  If in the audit on the basis of data is their impact on the database as performace or everything?

  It depends on how many objects you want to audit? Personally I don' t want to get along with the audit of the database. But it may require the audit in your database.

  Carefully use the ROLES and PRIVILEGES, you can avoid audit.

  Concerning
  Asif Kabir

  Manage: Celina
  Status level: Beginner
  Join date: May 11, 2010
  Messages total: 16
  Total Questions: * 7 (6 pending) *.

  -Mark your useful post as correct/helpful and close all threads replied.

• How to check if utl_file was used in the database with the n ° / limited audit

  How can you check the database to see if any user has used the UTL_FILE pacakge?
  
  Thank you

  Another angle based priv study's directory objects. Read and write access to a directory object is necessary so UTL_FILE work. If some patterns have a write access to the directory objects, can create files.

  A schema that has the priv to create any directory has full access to create any necessary directory object.

  This, along with the methods suggested above, will restrict just what patterns have code and the privs required to use UTL_FILE successfully.

  If the code has been dynamic PL/SQL (an anonymous block), then who does identify actual code executed UTL_FILE, very difficult.

• Impossible to find information of the domain in the database and access is denied. (Exception from HRESULT: 0x80070005)

  Configuration of the VM Windows 8 of my model fails and causes the following error in log audit Broker rd.

  I'm running vWorkspace 8 with different Hyper-V hosts (without SCVMM).

  clues?

  Broker - INFO - CVdiMachineHyperV::startHyperVClone: cloning xxx, try = 1...

  Broker - INFO - CVdiMachineHyperV::buildParentVHDPath: entering, the folder path is "D:\". ', file name is "xxx.vhdx".

  Broker - DEBUG - CDbManager: Re-use of conn = 0x038215c0 (50)

  Conn CDbManager:keeping broker - DEBUG - = 0x038215c0 (50, lastCount = 49)

  Broker - INFO - CDbManager:connection held 0MS

  Broker - INFO - CVdiMachineHyperV::buildParentVHDPath: the Final folder path is «D:\Quest VMs\ParentVHDs\ vWorkspace»

  Broker - INFO - CVdiMachineHyperV::buildParentVHDFilePart: Extension, part of parent's name is "xxx".

  Broker - INFO - CVdiMachineHyperV::buildParentVHDPath: Final full path is «D:\Quest VMs\ParentVHDs\xxx-20130927090200.vhdx vWorkspace»

  Broker - INFO - CVdiMachineHyperV::startHyperVClone: Call to CHyperVClone::doClone...

  Broker - INFO - CVdiUtils::pnGetDomainControllers: entering, strDnsDomainName is "xxx".

  Broker - INFO - CVdiUtils::getDnsServersForManagedDomain: entering, strDnsDomainName is "xxx".

  Broker - DEBUG - CDbManager: Re-use of conn = 0x038215c0 (50)

  Broker - INFO - CVdiUtils::getDnsServersForManagedDomain: ERROR: could not find the domain managed in the database information for xxx

  Conn CDbManager:keeping broker - DEBUG - = 0x038215c0 (50, lastCount = 49)

  Broker - INFO - CDbManager:connection held 0MS

  Broker - INFO - CVdiUtils::pnGetDomainControllers: WARNING: could not find the domain information managed in the database for xxx

  Broker - INFO - CVdiMachineHyperV::startHyperVClone: domain name into IP [xxx] [xxx]

  Broker - INFO - CHyperVClone::doClone: taken exception. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

  Broker - INFO - CVdiMachineHyperV::startHyperVClone: took CJvmErr during the CHyperVClone::doClone call.

  Broker - INFO - CVdiMachineHyperV::doVdiAction: ERROR: create failed.  Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) - call stacks - to System.Management.ThreadDispatch.Start)

  Hi Freek,

  I think you have a support case to open to this question as it seems similar to the one I was talking to Sam earlier, is that correct?

  Thank you

  David

• Virtual elimination journals or in the database

  Hi all

  Just a small matter of curiosity.

  When you turn on the HS. Con to create the audit, you can see that the newspaper is created in the value of [eliminating].

  Do you know if these reviews are on the database or HFM them generates on the fly? I noticed that the sent date and time is the time that you open the form and I think that these virtual newspapers

  See you soon,.

  Thanos

  Hello. Should be tables. It's the 11.1.2.3 help on the HS. Con the function.

  You can also use the string information likely to generate journal reports for consolidation and elimination entries. If you want to see this data in a journal report, this parameter is required. Reviews for Proportion and elimination entries are reported of tables RTS/RTD. Depending on your needs, it can be appropriate create HS [disposal] log data. Con entries, but not for [percentage] HS. Con entries to reduce the volume of the RTS/RTD table entries.

  Eric

• AUD_JMS generates a high load on the database

  Hello

  We have OIM 11 g R2 PS2 installed. Our DBA said that AUD_JMS generates high loads, every 5 minutes on the database.

  I think that this will be generated by scheduled tasks.

  Do you have any idea how to do to reduce the load on the database side?

  Is there a setting guide that describes the AUD_JMS?

  The problem comes from the scheduled task ""Audit Messages task issue " "

  Is there a guide how to improve the performance of this task?

  That's the question Audit Message scheduled task that is running to process the events in the aud_jms table.  You can reduce the burden by lowering the level of verification, or by changing the amount of files being processed.

  -Kevin

• ORA-01102: cannot mount database in EXCLUSIVE mode in AIX after you have installed the database using dbca

  Hello!

  I have v7 IBM AIX and cluster HACMP set up two identical nodes included

  I have a head node after the installation of database using dbca I got error with the message:

  ORA-01102: cannot mount database in EXCLUSIVE mode

  Database cannot mount)

  Here is the information from the alert log:

  MON may 25 18:00:07 2015

  Starting ORACLE instance (normal)

  LICENSE_MAX_SESSION = 0

  LICENSE_SESSIONS_WARNING = 0

  SNA system picked latch-free 3

  With the help of LOG_ARCHIVE_DEST_1 parameter value by default as USE_DB_RECOVERY_FILE_DEST

  Autotune undo retention is enabled.

  IMODE = BR

  ILAT = 84

  LICENSE_MAX_USERS = 0

  SYS audit is disabled

  Commissioning:

  Oracle Database 11 g Enterprise Edition Release 11.2.0.3.0 - 64 bit Production

  With the options of partitioning, OLAP, Data Mining and Real Application Testing.

  ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1/

  System name: nodename

  Name of the node: nodename

  Version: 1

  Version: 7

  Machine: 0003F6E5D600

  Using the settings in /u01/app/oracle/product/11.2.0/dbhome_1/dbs/spfiletestdb.ora side Server spfile

  Parameters of the system with default values:

  process = 500

  sessions = 772

  = 18G memory_target

  control_files = "/ ctl1/oradata/testdb/control01.ctl".

  control_files = "/ ctl2/oradata/testdb/control02.ctl".

  control_files = "/ ctl3/oradata/testdb/control03.ctl".

  DB_BLOCK_SIZE = 8192

  compatible = "11.2.0.0.0."

  db_recovery_file_dest = ' / backup/fra.

  db_recovery_file_dest_size = 100G

  undo_tablespace = 'UNDOTBS1.

  Remote_login_passwordfile = "EXCLUSIVE."

  db_domain = «»

  dispatchers = "(PROTOCOL=TCP) (SERVICE = testdbXDB)" "

  audit_file_dest = ' / u01/app/oracle/admin/testdb/adump.

  AUDIT_TRAIL = 'DB '.

  db_name = 'testdb '.

  open_cursors = 300

  diagnostic_dest = ' / u01/app/oracle '.

  MON may 25 18:00:08 2015

  PMON started with pid = 2, OS id = 14418020

  MON may 25 18:00:08 2015

  PSP0 started with pid = 3, OS id = 17891420

  MON may 25 18:00:09 2015

  VKTM started with pid = 4, OS id = 14090348 high priority

  VKTM clocked at (10) precision of milliseconds with DBRM quantum (100) ms

  MON may 25 18:00:09 2015

  GEN0 started with pid = 5, OS id = 9109714

  MON may 25 18:00:09 2015

  DIAG started with pid = 6, OS id = 16449704

  MON may 25 18:00:09 2015

  DBRM started with pid = 7, OS id = 17104928

  MON may 25 18:00:10 2015

  DIA0 started with pid = 8, OS id = 13303950

  MON may 25 18:00:10 2015

  MA started with pid = 9, OS id = 12517522

  MON may 25 18:00:10 2015

  DBW0 started with pid = 10, OS id = 11993232

  MON may 25 18:00:10 2015

  LGWR started with pid = 11, OS id = 15401010

  MON may 25 18:00:10 2015

  CKPT started with pid = 12, OS id = 6619318

  MON may 25 18:00:10 2015

  SMON started with pid = 13, OS id = 16515222

  MON may 25 18:00:10 2015

  RECCE has started with pid = 14, OS id = 13172906

  MON may 25 18:00:10 2015

  MMON started with pid = 15, OS id = 15794324

  commissioning 1 dispatcher (s) for '(ADDRESS =(PARTIAL=YES) (PROTOCOL = TCP))' network address...

  MON may 25 18:00:10 2015

  MMNL started with pid = 16, OS id = 18546742

  commissioning or shared server 1...

  Environment ORACLE_BASE = / u01/app/oracle /.

  MON may 25 18:00:11 2015

  ALTER DATABASE MOUNT

  sculkget: failed to lock /u01/app/oracle/product/11.2.0/dbhome_1//dbs/lkTESTDB exclusive

  sculkget: lock held by PID: 3670226

  ORA-09968: cannot lock file

  IBM AIX RISC System/6000 error: 13: permission denied

  Additional information: 3670226

  ORA-1102 marked during: ALTER DATABASE MOUNT...

  But if I install the darabase even dbca on node secondary, all installed and executed successfully.

  But in the two nodes even permissions, user oracle and oinstall group ID identified the same and $ORACLE_BASE and $ORACLE_HOME user owner oracle and oinstall user group.

  A someone has encountered this problem and solved?

  Thanks in advance!

  Hello

  you are using IBM AIX PowerHA for your database (active/passive) configuration. then you just install the binaries 'once' on one of the nodes. then coordinate with your operating system administrator to configure the fail the test scenarios.

  for your question. before you start the database, make sure that there are no "orphaned" oracle process using the UNIX grep command:

  $ ps - ef | grep ora

  Kill the oracle of the hanging of the process to release the lock on the database file handle:

  $ kill-9

  I hope this helps.

  Kind regards

• Check the installed oracle components are actually used in the database

  I got a new database I have to optimize. So I think to delete some installed components that I think are not be used somehow in the database (IE procedures calls etc.). I see a whole bunch of components as "ODD", 'ORDIM', which I think are not used, but previous DBAs have installed them. So, is it possible to make sure that no part of the database are actually using these components so that I can remove these components. Also, what are your expert comments on it?

  Is it a production or a development environment? If an object is not used then this isn't necessarily a problem (performance wise) unless it is either cluttering up your dictionary or raising concerns regarding the consumption of unnecessary space. Personally, I would recommend that it is preferable to resolve what is to be used / taken of resources. It is maybe once a year report or a few old utility out once a year, the best monitoring, why those things are there.

  If you go down the road of a fall, rather than drop anything immediately block accounts for an agreed period to ensure that the scheme is not used & check all references other schemas of objects in the schema that you intend to drop, potentially of audit to check if they are being called by other patterns / verification dba_dependencies between schemas and objects using a hierarchical query to check the sub-levels.

  There are also quite a few standard Oracle components that are installed by default that have interdependencies and not necessarily be used in the dictionary (control dba_features_usage_statistics)

• Tables of the database for users of Shared Services

  Hi all

  I'm discovering in the database tables, know when a user has been added as a group in Shared Services. This is for purposes of SOX. Can you let me know which database table, we need to check that we can get a timestamp date for added user?

  We use HFM 11.1.2.2 and Microsoft SQL server

  Thank you

  Steffi.

  Hey Steffi,

  I don't know any tables db HSS that contain this timestamp.  The CSS_GROUP_MEMBERS table lists groups/members, but no other information.  There are the timestamps for the CSS_USERS and CSS_GROUPS tables, but they show only when Aboriginal users/groups have been created and updated.

  The best way to record this information for your next audit would be to enable auditing of Shared Services.  To do this:

  • HSS > Administration > configure audit
  • Enable audit value
  • Select the items that you want to audit (Directory Management has elements such as 'Assign the user as a member of the group' and 'Remove user as a member of the group'
  • Restart the Services

  Thank you

  Erich

• How to stop all means of copying the database

  Hello

  I'm out of oracle database 11g R2 under windown server 2008 (the database name is ORCL)

  I need to prevent all means of transporting data to a different database

  I tried the encryption (TDE) portfolio with tablespace but always utility data expdp works

  and I can copy the file (oracle_home\oradata\orcl) what hv the datafile to and replace it with a different database on another pc that have installed oracle on same directory then provided works perfectly

  even if there were the portfolio on the first database, we can create another portfolio with new password and every thing will be decrypted and it is not accepted.

  I need your help to find a way of:

  1-stop exp and utility expdp

  2-stop backup and restore of database with RMAN (auxiliary or copying RMAN files is added to the different database)

  3 - stop copy replace and folder (oracle_home\oradata\orcl) is the different database in the same place (another pc)

  (Note: in addition to the operating system user account is administrator)

  Thanks in advance

  Please specify.  You can't restrict exp/imp, because it is installed on any client anywhere.  If they can query the database, they can export all they have access.  Check the roles that have EXPORT_FULL_DATABASE and limit those to yourself or to administrative positions under your control.

  expdp/impdp files similar to exp/imp of output, but put them on the database server (or a drive connected to the network).  You can't prevent their execution.  The API of PL/SQL is part of the database, so even without the expdp/impdp executable, you can do the equivalent within the database. The same basic data access control applies.

  RMAN backups can be run from remote machines, and the backup files can go to local disk, NAS network drive or tape.  On the local computer, you can use operating system permissions to protect them, but another admin on the computer can do what they want.  You can delete rman of this machine, but someone could just run rman from another machine and that it points to the database.  Limit which has the SYSDBA privilege.

  The raw database files are not useful if they are copied while the database is in place, but if there are other administrators on the computer, they may be able to stop the Oracle service, which stops the database, and then they can copy files wherever he wishes.  It's a situation TDE can protect against, because someone needs your encryption key to use database files, even if they copy them elsewhere.

  It was really far from saying these features can really turn off; you usually have to handle this with database privileges.

  If you can afford the extra option you can look into Oracle Database Vault.  It offers more restriction and auditing options, designed to prevent or detect abuse by privileged users.

• How to install Oracle Database Audit Vault

  Hi all

  I have my database in oracle 10g in linux environment, I used to install oracle database audit Vault 10.2.3 Linux

  can any 1 tell me how to install it or what or the required steps.

  any useful link would be useful

  Thank you...

  Hello

  Please check: How to install Oracle Database Audit Vault - Yahoo video search results

  Thank you

• RC-40201: unable to connect to the database

  Hi Experts,

  While running 'perl adcfgclone.pl appsTier' I get below error.

  [applmgr@tfnvlskp01 bin] $ perl adcfgclone.pl appsTier

  Enter the password [APPS] APPS:

  ....

  ....

  Enter the number of the port pool [0-99]:

  70

  Audit of the pool of port 70

  fact: Port pool 70 is free

  Information available at /app/oracle/testappl/admin/out/TEST_tfnvlskp01/portpool.lst complete port

  Checking the connection to the base...

  RC-40201: unable to connect to the TEST database.

  Enter the listener of the port database [1531]: 1526

  RC-40201: unable to connect to the TEST database.

  Could not establish connection to database on Port 1526.

  Please verify that the database is running.

  Make sure that the Port DB corresponds to that used on the dbTier.

  ERROR: creation of context not completed successfully.

  Please check for errors in the /tmp/adcfgclone_28867.err file

  But when I check the listener and the DB to db node status, everything is running.

  STATUS of the LISTENER

  ------------------------

  Alias TEST

  Version TNSLSNR for Linux: Version 11.2.0.3.0 - Production

  Start date October 14, 2013 06:33:49

  Uptime 0 days 0 h 0 min 0 sec

  Draw level off

  Security ON: OS Local Authentication

  SNMP OFF

  Parameter Listener of the /app/orabin/testdb/11.2.0/network/admin/TEST_tfnslskp01/listener.ora file

  The listener log file /app/orabin/testdb/11.2.0/log/diag/tnslsnr/tfnslskp01/test/alert/log.XML

  Summary of endpoints listening...

  (DESCRIPTION = (ADDRESS = (PROTOCOL = ipc) (KEY = EXTPROCTEST)))

  (DESCRIPTION = (ADDRESS = (PROTOCOL = tcp)(HOST=tfnslskp01.d1.peapod.com) (PORT = 1526)))

  Summary of services...

  Service 'PLSExtProc' has 1 instance (s).

  Instance of 'PLSExtProc', status UNKNOWN, has 1 operation for this service...

  Service 'TEST' has 1 instance (s).

  Instance of 'TEST', status UNKNOWN, has 1 operation for this service...

  The command completed successfully

  SQL > select instance_name, status from v$ instance;

  STATUS INSTANCE_NAME

  ---------------- ------------

  OPEN TEST

  Outputs information complete port available at /app/oracle/testappl/admin/out/TEST_tfnvlskp01/portpool.lst

  List of allocated ports based on port 70 pool *.

  Web listening port: 8070

  Database port: 1591

  RPC port: 1696

  Reports port: 7070

  OPROC Manager of Port: 8170

  Web PLSQL Port: 8270

  Port of servlet: 8870

  Listening port of forms: 9070

  Data port for the server Metrics: 9170

  Req server settings. Port: 9270

  JTF Fulfillment Server Port: 9370

  Map Viewer Servlet Port: 9870

  Utility Web OEM port: 10070

  VisiBroker OrbServer Agent Port: 10170

  ACEM Server Port: 10620-10625

  ACEM Telnet Port: 10620,10622,10624

  ACEM Port Dispatcher: 10580-10583

  Range of ports OACORE Servlet: 16700-16709

  Port range of discoverer Servlet: 17700-17709

  Port range of forms Servlet: 18700-18709

  Port TCF: 15070

  Range of ports XMLSVCS Servlet: 19700-19709

  Port of Java object Cache: 12415

  iMeeting Collaboration Server Port: 9570

  iMeeting the registration Server Port: 9670

  iMeeting iMon port Monitor Port: 9770

  Please let me know if the value portpool.lst to the Port of database should be 1526

  Or

  Miss me a few concepts here and I have to choose another port instead of the 70 pool value.

  OS - RHEL 5.4 version (64-bit)

  Version of DB - 11.2.0.3

  Version of the EBS - 11.5.10.2

  -Thank you

  Hello

  This is what has been done on my previous post on the basin of the port and the listening port you are trying to connect, as above, that you use 70 portpool was offset... This is what did not create a connection on port 1526 (which means chicken port 5)

  anyway nice to hear that the problem is now resolved

  Please mark the thread as answered and close it.

  Thank you &

  Best regards