The database audit
Hi all
11.2.0.3
AIX 6.1
I'm new to this company and my boss asks me to configure auditing in the database.
So I tried to take the first step in the docs:
SQL > see the parameter checking
VALUE OF TYPE NAME
------------------------------------ ----------- ------------------------------
audit_file_dest string/oracle/app/oracle/admin/istua
t/adump
audit_sys_operations Boolean TRUE
audit_syslog_level string
AUDIT_TRAIL DB string
To my surprise, auditing is already enabled.
And
1 * select count (*) in sys.aud$
SQL > /.
COUNT (*)
----------
1437599
How will I know what audit types were ignited?
Thank you very much
zxy
yxes2013 wrote:
Thank you... But I want to check what audting were lit and want to disable others except AUDIT SESSION.
I want to keep this one only. So please help me dictionary that contains it
Well, it's not what you said just an hour and a half ago:
>
But I do not need disable everything, because if there is a check I want to turn it on then I do not do it anymore.
>
If you only want the SESSION to CHECK that disable the audit ALL and then re-enable AUDIT SESSION.
Tags: Database
Similar Questions
-
How s/n know when and what account perform a function using the database link?
Dear,
My application of the CIM team asked DBA to create new function and run it. Function must use the database link for remote database data. So I need to create a new database to their licensing link. Cause we guess we'll experience the performance issue after the user performs this function, or another question and errors may occur. So we want to know when and who use this feature that connects to a remote database through the new database connection in advance. And I also need to know when and which connect to the remote database using this new database link. We have no idea to get this information? Can anyone recommend how do? Thank you very much.
Best reqards, Otis.
Check what business purpose, it will solve. If the function is so safe, why everyone will use. Only admin people should access.
All of these additional controls of this kind must be avoided as much as possible to improve the overall performance of the application.
Still if you need, see the database audit mechanism, specifically designed for this type of activity.
Kind regards
Harman
-
The vault database Audit trail
Hi all
11.2.0.1
AIX 6.1
We met the performance issue because one of the entry in the config DB Vault configuration has been deleted.
Where can we find that erased the configuration? This part of the database is audit? It goes back in SYS $ AUD
Thank you.
Answer: Log is also in SYS$ AUD
-
Apex - with the external database audit trail
I'm currently installing a primitive audit trail that allows me to record data, create users, update, update user. I currently have 3/4 but I can not get the user name in the database like V ('APP_USER') is at the top and the database in Oracle 10 G elsewhere.
Suggestions or alternative ideas?
f1f7a787-7f56-4451-8300-5a9a0215226b
If v() and apex_application.g_user are not available in the trigger on the external database code.
But the external database package variables and procedures are available on the database running APEX.
What I would do, is to create a package with a package variable that will contain the user of the apex. (in the external database)
Then, in the application definition > session database > initialization code PL/SQL defined this package to the apex user variable.
Clear the package again variable in the cleanup code.
Using a package variable means that the value is aviable at the session of entire database but not outside the East.
Apex every page load or submit and load next page is a database session.
Now the package variable will be set when a user of the apex and the null value when there is a database user.
Using an nvl around the package with user variable as an alternative, will give you the user apex when the action was made by a user of the apex and the database user is not.
Nicolette
PS change your handle or at the signing of all least your post will result in a more friendly welcome message.
-
Audit on any imapact on the database
Hello
If in the audit on the basis of data is their impact on the database as performace or everything?It depends on how many objects you want to audit? Personally I don' t want to get along with the audit of the database. But it may require the audit in your database.
Carefully use the ROLES and PRIVILEGES, you can avoid audit.
Concerning
Asif KabirManage: Celina
Status level: Beginner
Join date: May 11, 2010
Messages total: 16
Total Questions: * 7 (6 pending) *.-Mark your useful post as correct/helpful and close all threads replied.
-
How to check if utl_file was used in the database with the n ° / limited audit
How can you check the database to see if any user has used the UTL_FILE pacakge?
Thank youAnother angle based priv study's directory objects. Read and write access to a directory object is necessary so UTL_FILE work. If some patterns have a write access to the directory objects, can create files.
A schema that has the priv to create any directory has full access to create any necessary directory object.
This, along with the methods suggested above, will restrict just what patterns have code and the privs required to use UTL_FILE successfully.
If the code has been dynamic PL/SQL (an anonymous block), then who does identify actual code executed UTL_FILE, very difficult.
-
Configuration of the VM Windows 8 of my model fails and causes the following error in log audit Broker rd.
I'm running vWorkspace 8 with different Hyper-V hosts (without SCVMM).
clues?
Broker - INFO - CVdiMachineHyperV::startHyperVClone: cloning xxx, try = 1...
Broker - INFO - CVdiMachineHyperV::buildParentVHDPath: entering, the folder path is "D:\". ', file name is "xxx.vhdx".
Broker - DEBUG - CDbManager: Re-use of conn = 0x038215c0 (50)
Conn CDbManager:keeping broker - DEBUG - = 0x038215c0 (50, lastCount = 49)
Broker - INFO - CDbManager:connection held 0MS
Broker - INFO - CVdiMachineHyperV::buildParentVHDPath: the Final folder path is «D:\Quest VMs\ParentVHDs\ vWorkspace»
Broker - INFO - CVdiMachineHyperV::buildParentVHDFilePart: Extension, part of parent's name is "xxx".
Broker - INFO - CVdiMachineHyperV::buildParentVHDPath: Final full path is «D:\Quest VMs\ParentVHDs\xxx-20130927090200.vhdx vWorkspace»
Broker - INFO - CVdiMachineHyperV::startHyperVClone: Call to CHyperVClone::doClone...
Broker - INFO - CVdiUtils::pnGetDomainControllers: entering, strDnsDomainName is "xxx".
Broker - INFO - CVdiUtils::getDnsServersForManagedDomain: entering, strDnsDomainName is "xxx".
Broker - DEBUG - CDbManager: Re-use of conn = 0x038215c0 (50)
Broker - INFO - CVdiUtils::getDnsServersForManagedDomain: ERROR: could not find the domain managed in the database information for xxx
Conn CDbManager:keeping broker - DEBUG - = 0x038215c0 (50, lastCount = 49)
Broker - INFO - CDbManager:connection held 0MS
Broker - INFO - CVdiUtils::pnGetDomainControllers: WARNING: could not find the domain information managed in the database for xxx
Broker - INFO - CVdiMachineHyperV::startHyperVClone: domain name into IP [xxx] [xxx]
Broker - INFO - CHyperVClone::doClone: taken exception. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
Broker - INFO - CVdiMachineHyperV::startHyperVClone: took CJvmErr during the CHyperVClone::doClone call.
Broker - INFO - CVdiMachineHyperV::doVdiAction: ERROR: create failed. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) - call stacks - to System.Management.ThreadDispatch.Start)
Hi Freek,
I think you have a support case to open to this question as it seems similar to the one I was talking to Sam earlier, is that correct?
Thank you
David
-
Virtual elimination journals or in the database
Hi all
Just a small matter of curiosity.
When you turn on the HS. Con to create the audit, you can see that the newspaper is created in the value of [eliminating].
Do you know if these reviews are on the database or HFM them generates on the fly? I noticed that the sent date and time is the time that you open the form and I think that these virtual newspapers
See you soon,.
Thanos
Hello. Should be tables. It's the 11.1.2.3 help on the HS. Con the function.
You can also use the string information likely to generate journal reports for consolidation and elimination entries. If you want to see this data in a journal report, this parameter is required. Reviews for Proportion and elimination entries are reported of tables RTS/RTD. Depending on your needs, it can be appropriate create HS [disposal] log data. Con entries, but not for [percentage] HS. Con entries to reduce the volume of the RTS/RTD table entries.
Eric
-
AUD_JMS generates a high load on the database
Hello
We have OIM 11 g R2 PS2 installed. Our DBA said that AUD_JMS generates high loads, every 5 minutes on the database.
I think that this will be generated by scheduled tasks.
Do you have any idea how to do to reduce the load on the database side?
Is there a setting guide that describes the AUD_JMS?
The problem comes from the scheduled task ""Audit Messages task issue " "
Is there a guide how to improve the performance of this task?
That's the question Audit Message scheduled task that is running to process the events in the aud_jms table. You can reduce the burden by lowering the level of verification, or by changing the amount of files being processed.
-Kevin
-
Hello!
I have v7 IBM AIX and cluster HACMP set up two identical nodes included
I have a head node after the installation of database using dbca I got error with the message:
ORA-01102: cannot mount database in EXCLUSIVE mode
Database cannot mount)
Here is the information from the alert log:
MON may 25 18:00:07 2015
Starting ORACLE instance (normal)
LICENSE_MAX_SESSION = 0
LICENSE_SESSIONS_WARNING = 0
SNA system picked latch-free 3
With the help of LOG_ARCHIVE_DEST_1 parameter value by default as USE_DB_RECOVERY_FILE_DEST
Autotune undo retention is enabled.
IMODE = BR
ILAT = 84
LICENSE_MAX_USERS = 0
SYS audit is disabled
Commissioning:
Oracle Database 11 g Enterprise Edition Release 11.2.0.3.0 - 64 bit Production
With the options of partitioning, OLAP, Data Mining and Real Application Testing.
ORACLE_HOME = /u01/app/oracle/product/11.2.0/dbhome_1/
System name: nodename
Name of the node: nodename
Version: 1
Version: 7
Machine: 0003F6E5D600
Using the settings in /u01/app/oracle/product/11.2.0/dbhome_1/dbs/spfiletestdb.ora side Server spfile
Parameters of the system with default values:
process = 500
sessions = 772
= 18G memory_target
control_files = "/ ctl1/oradata/testdb/control01.ctl".
control_files = "/ ctl2/oradata/testdb/control02.ctl".
control_files = "/ ctl3/oradata/testdb/control03.ctl".
DB_BLOCK_SIZE = 8192
compatible = "11.2.0.0.0."
db_recovery_file_dest = ' / backup/fra.
db_recovery_file_dest_size = 100G
undo_tablespace = 'UNDOTBS1.
Remote_login_passwordfile = "EXCLUSIVE."
db_domain = «»
dispatchers = "(PROTOCOL=TCP) (SERVICE = testdbXDB)" "
audit_file_dest = ' / u01/app/oracle/admin/testdb/adump.
AUDIT_TRAIL = 'DB '.
db_name = 'testdb '.
open_cursors = 300
diagnostic_dest = ' / u01/app/oracle '.
MON may 25 18:00:08 2015
PMON started with pid = 2, OS id = 14418020
MON may 25 18:00:08 2015
PSP0 started with pid = 3, OS id = 17891420
MON may 25 18:00:09 2015
VKTM started with pid = 4, OS id = 14090348 high priority
VKTM clocked at (10) precision of milliseconds with DBRM quantum (100) ms
MON may 25 18:00:09 2015
GEN0 started with pid = 5, OS id = 9109714
MON may 25 18:00:09 2015
DIAG started with pid = 6, OS id = 16449704
MON may 25 18:00:09 2015
DBRM started with pid = 7, OS id = 17104928
MON may 25 18:00:10 2015
DIA0 started with pid = 8, OS id = 13303950
MON may 25 18:00:10 2015
MA started with pid = 9, OS id = 12517522
MON may 25 18:00:10 2015
DBW0 started with pid = 10, OS id = 11993232
MON may 25 18:00:10 2015
LGWR started with pid = 11, OS id = 15401010
MON may 25 18:00:10 2015
CKPT started with pid = 12, OS id = 6619318
MON may 25 18:00:10 2015
SMON started with pid = 13, OS id = 16515222
MON may 25 18:00:10 2015
RECCE has started with pid = 14, OS id = 13172906
MON may 25 18:00:10 2015
MMON started with pid = 15, OS id = 15794324
commissioning 1 dispatcher (s) for '(ADDRESS =(PARTIAL=YES) (PROTOCOL = TCP))' network address...
MON may 25 18:00:10 2015
MMNL started with pid = 16, OS id = 18546742
commissioning or shared server 1...
Environment ORACLE_BASE = / u01/app/oracle /.
MON may 25 18:00:11 2015
ALTER DATABASE MOUNT
sculkget: failed to lock /u01/app/oracle/product/11.2.0/dbhome_1//dbs/lkTESTDB exclusive
sculkget: lock held by PID: 3670226
ORA-09968: cannot lock file
IBM AIX RISC System/6000 error: 13: permission denied
Additional information: 3670226
ORA-1102 marked during: ALTER DATABASE MOUNT...
But if I install the darabase even dbca on node secondary, all installed and executed successfully.
But in the two nodes even permissions, user oracle and oinstall group ID identified the same and $ORACLE_BASE and $ORACLE_HOME user owner oracle and oinstall user group.
A someone has encountered this problem and solved?
Thanks in advance!
Hello
you are using IBM AIX PowerHA for your database (active/passive) configuration. then you just install the binaries 'once' on one of the nodes. then coordinate with your operating system administrator to configure the fail the test scenarios.
for your question. before you start the database, make sure that there are no "orphaned" oracle process using the UNIX grep command:
$ ps - ef | grep ora
Kill the oracle of the hanging of the process to release the lock on the database file handle:
$ kill-9
I hope this helps.
Kind regards
-
Check the installed oracle components are actually used in the database
I got a new database I have to optimize. So I think to delete some installed components that I think are not be used somehow in the database (IE procedures calls etc.). I see a whole bunch of components as "ODD", 'ORDIM', which I think are not used, but previous DBAs have installed them. So, is it possible to make sure that no part of the database are actually using these components so that I can remove these components. Also, what are your expert comments on it?
Is it a production or a development environment? If an object is not used then this isn't necessarily a problem (performance wise) unless it is either cluttering up your dictionary or raising concerns regarding the consumption of unnecessary space. Personally, I would recommend that it is preferable to resolve what is to be used / taken of resources. It is maybe once a year report or a few old utility out once a year, the best monitoring, why those things are there.
If you go down the road of a fall, rather than drop anything immediately block accounts for an agreed period to ensure that the scheme is not used & check all references other schemas of objects in the schema that you intend to drop, potentially of audit to check if they are being called by other patterns / verification dba_dependencies between schemas and objects using a hierarchical query to check the sub-levels.
There are also quite a few standard Oracle components that are installed by default that have interdependencies and not necessarily be used in the dictionary (control dba_features_usage_statistics)
-
Tables of the database for users of Shared Services
Hi all
I'm discovering in the database tables, know when a user has been added as a group in Shared Services. This is for purposes of SOX. Can you let me know which database table, we need to check that we can get a timestamp date for added user?
We use HFM 11.1.2.2 and Microsoft SQL server
Thank you
Steffi.
Hey Steffi,
I don't know any tables db HSS that contain this timestamp. The CSS_GROUP_MEMBERS table lists groups/members, but no other information. There are the timestamps for the CSS_USERS and CSS_GROUPS tables, but they show only when Aboriginal users/groups have been created and updated.
The best way to record this information for your next audit would be to enable auditing of Shared Services. To do this:
- HSS > Administration > configure audit
- Enable audit value
- Select the items that you want to audit (Directory Management has elements such as 'Assign the user as a member of the group' and 'Remove user as a member of the group'
- Restart the Services
Thank you
Erich
-
How to stop all means of copying the database
Hello
I'm out of oracle database 11g R2 under windown server 2008 (the database name is ORCL)
I need to prevent all means of transporting data to a different database
I tried the encryption (TDE) portfolio with tablespace but always utility data expdp works
and I can copy the file (oracle_home\oradata\orcl) what hv the datafile to and replace it with a different database on another pc that have installed oracle on same directory then provided works perfectly
even if there were the portfolio on the first database, we can create another portfolio with new password and every thing will be decrypted and it is not accepted.
I need your help to find a way of:
1-stop exp and utility expdp
2-stop backup and restore of database with RMAN (auxiliary or copying RMAN files is added to the different database)
3 - stop copy replace and folder (oracle_home\oradata\orcl) is the different database in the same place (another pc)
(Note: in addition to the operating system user account is administrator)
Thanks in advance
Please specify. You can't restrict exp/imp, because it is installed on any client anywhere. If they can query the database, they can export all they have access. Check the roles that have EXPORT_FULL_DATABASE and limit those to yourself or to administrative positions under your control.
expdp/impdp files similar to exp/imp of output, but put them on the database server (or a drive connected to the network). You can't prevent their execution. The API of PL/SQL is part of the database, so even without the expdp/impdp executable, you can do the equivalent within the database. The same basic data access control applies.
RMAN backups can be run from remote machines, and the backup files can go to local disk, NAS network drive or tape. On the local computer, you can use operating system permissions to protect them, but another admin on the computer can do what they want. You can delete rman of this machine, but someone could just run rman from another machine and that it points to the database. Limit which has the SYSDBA privilege.
The raw database files are not useful if they are copied while the database is in place, but if there are other administrators on the computer, they may be able to stop the Oracle service, which stops the database, and then they can copy files wherever he wishes. It's a situation TDE can protect against, because someone needs your encryption key to use database files, even if they copy them elsewhere.
It was really far from saying these features can really turn off; you usually have to handle this with database privileges.
If you can afford the extra option you can look into Oracle Database Vault. It offers more restriction and auditing options, designed to prevent or detect abuse by privileged users.
-
How to install Oracle Database Audit Vault
Hi all
I have my database in oracle 10g in linux environment, I used to install oracle database audit Vault 10.2.3 Linux
can any 1 tell me how to install it or what or the required steps.
any useful link would be useful
Thank you...
Hello
Please check: How to install Oracle Database Audit Vault - Yahoo video search results
Thank you
-
RC-40201: unable to connect to the database
Hi Experts,
While running 'perl adcfgclone.pl appsTier' I get below error.
[applmgr@tfnvlskp01 bin] $ perl adcfgclone.pl appsTier
Enter the password [APPS] APPS:
....
....
Enter the number of the port pool [0-99]:
70
Audit of the pool of port 70
fact: Port pool 70 is free
Information available at /app/oracle/testappl/admin/out/TEST_tfnvlskp01/portpool.lst complete port
Checking the connection to the base...
RC-40201: unable to connect to the TEST database.
Enter the listener of the port database [1531]: 1526
RC-40201: unable to connect to the TEST database.
Could not establish connection to database on Port 1526.
Please verify that the database is running.
Make sure that the Port DB corresponds to that used on the dbTier.
ERROR: creation of context not completed successfully.
Please check for errors in the /tmp/adcfgclone_28867.err file
But when I check the listener and the DB to db node status, everything is running.
STATUS of the LISTENER
------------------------
Alias TEST
Version TNSLSNR for Linux: Version 11.2.0.3.0 - Production
Start date October 14, 2013 06:33:49
Uptime 0 days 0 h 0 min 0 sec
Draw level off
Security ON: OS Local Authentication
SNMP OFF
Parameter Listener of the /app/orabin/testdb/11.2.0/network/admin/TEST_tfnslskp01/listener.ora file
The listener log file /app/orabin/testdb/11.2.0/log/diag/tnslsnr/tfnslskp01/test/alert/log.XML
Summary of endpoints listening...
(DESCRIPTION = (ADDRESS = (PROTOCOL = ipc) (KEY = EXTPROCTEST)))
(DESCRIPTION = (ADDRESS = (PROTOCOL = tcp)(HOST=tfnslskp01.d1.peapod.com) (PORT = 1526)))
Summary of services...
Service 'PLSExtProc' has 1 instance (s).
Instance of 'PLSExtProc', status UNKNOWN, has 1 operation for this service...
Service 'TEST' has 1 instance (s).
Instance of 'TEST', status UNKNOWN, has 1 operation for this service...
The command completed successfully
SQL > select instance_name, status from v$ instance;
STATUS INSTANCE_NAME
---------------- ------------
OPEN TEST
Outputs information complete port available at /app/oracle/testappl/admin/out/TEST_tfnvlskp01/portpool.lst
List of allocated ports based on port 70 pool *.
Web listening port: 8070
Database port: 1591
RPC port: 1696
Reports port: 7070
OPROC Manager of Port: 8170
Web PLSQL Port: 8270
Port of servlet: 8870
Listening port of forms: 9070
Data port for the server Metrics: 9170
Req server settings. Port: 9270
JTF Fulfillment Server Port: 9370
Map Viewer Servlet Port: 9870
Utility Web OEM port: 10070
VisiBroker OrbServer Agent Port: 10170
ACEM Server Port: 10620-10625
ACEM Telnet Port: 10620,10622,10624
ACEM Port Dispatcher: 10580-10583
Range of ports OACORE Servlet: 16700-16709
Port range of discoverer Servlet: 17700-17709
Port range of forms Servlet: 18700-18709
Port TCF: 15070
Range of ports XMLSVCS Servlet: 19700-19709
Port of Java object Cache: 12415
iMeeting Collaboration Server Port: 9570
iMeeting the registration Server Port: 9670
iMeeting iMon port Monitor Port: 9770
Please let me know if the value portpool.lst to the Port of database should be 1526
Or
Miss me a few concepts here and I have to choose another port instead of the 70 pool value.
OS - RHEL 5.4 version (64-bit)
Version of DB - 11.2.0.3
Version of the EBS - 11.5.10.2
-Thank you
Hello
This is what has been done on my previous post on the basin of the port and the listening port you are trying to connect, as above, that you use 70 portpool was offset... This is what did not create a connection on port 1526 (which means chicken port 5)
anyway nice to hear that the problem is now resolved
Please mark the thread as answered and close it.
Thank you &
Best regards
Maybe you are looking for
-
I just added 1 GB of ram for my windows xp home edition. Hoping to play AA3. The series of ATI Radeon 200 graphics video is not good enough. can I upgrade it me? and how? I need to upgrade to windows 7, then download a graphic/video card more up-to
-
Portrait setting do not get blurred background
I have an eos rebel t3i. I am trying to use the portrait to a crisp in the head with a blurred background and it doesn't work. Any suggestions?
-
Security for Microsoft Office Excel 2003 (KB2553072) update is not installed
I have 22 of this type of updates which will not install, I need a solution to fix it.
-
When I type, the alphabet and the numbers are mixed together. Can I fix?
I need help fixing my computer online. My alphabet and numbers are mixing up.
-
Is there a setting that, when I send the outgoing mail on my PC at home through Windows Mail, I see 'sent' on another device (IE iPhone) or webmail signed into the same account? For the moment, at outgoing mail is sent using SMTP via an SSL connectio