Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: How much of a load does auditing have? White Paper?

Re: How much of a load does auditing have? White Paper?

From: Barbara Baker <barb.baker_at_gmail.com>
Date: Mon, 27 Mar 2006 08:37:44 -0700
Message-ID: <47a6f72b0603270737q2a22a73ep69c1d4f9263b10f1@mail.gmail.com> 





Hi, Michael


I am (obviously) dreadfully behind on e-mails.
I was disappointed that I did not see a response to your e-mail on the
list.  Here's my .02



IMHO, there's a significant difference between what auditors will ask for,
and what a good DBA deems necessary to secure his/her database.  SoX seems
rather intent on "watching the dba".  If you have audit_sys_operations =
true along with some mechanism for protecting the associated output files,
and you're auditing the audit tables (for example audit all on sys.aud$ by
access), the SoX droids seem to be pretty happy.  (And you're using the SYS
account only when absolutely necessary.)



By contrast, I really like to watch several other things on my production
databases.  In production, no one should be adding/modifying tables,
procedures, triggers, etc.  If they are, I want to know about it.  I'm
auditing for creation or modification of these objects, as well as
unsuccessful 'create session' activity.  I have not noticed any performance
impact with enabling these kinds of audits.



I really don't know of a white paper regards impact of enabling auditing.
Tim Gorman has a nice paper on his web site (www.evdbt.com) titled
"Unraveling the Sweater - Oracle Database Security" that I like.



The 20% load you experienced seems awfully high.  I'd suggest the "just try
it" approach, but enabling only those things absolutely necessary.  Watch
performance for awhile and see what is really impacted.  Hopefully you'll
find a nice balance.



Good luck!


Barb




On 3/17/06, Kline.Michael <Michael.Kline_at_suntrust.com> wrote:


>

>       Is there a white paper out there that discusses what the load is for

> turning on auditing?

>

>

>

> In the past when we had short occurrences to just "try it", it seemed to

> put almost a 20% load which is unacceptable. Then again, you don't have to

> audit EVERYTHING.

>

>

>

> Is there a good paper and/or book on the fine details on the subject?

>

>

>

> What, if anything, have you done to sort of satisfy Sorbanes, etc?

>



--
http://www.freelists.org/webpage/oracle-l


Received on Mon Mar 27 2006 - 09:37:44 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US