Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: audit_sys_operations and audit_file_dest > syslog facility

RE: audit_sys_operations and audit_file_dest > syslog facility

From: Reidy, Ron <>
Date: Thu, 3 Aug 2006 08:24:29 -0600
Message-ID: <>

What version of Oracle? Oracle 10gR2 can log to syslog.

Ron Reidy
Lead DBA
Array BioPharma, Inc.

-----Original Message-----
From: on behalf of Stefan Knecht
Sent: Thu 8/3/2006 3:46 AM
To: oracle-l
Subject: audit_sys_operations and audit_file_dest > syslog facility
Hello folks

a client wants to tighten their auditing setup, and they need to log all
events in central syslog server. This is no problem using the regular oracle
database auditing.

However, applying the same to auditing policy for SYS seems not so trivial.
As Oracle provides no means of setting audit_sys_operations=syslog or the
like, but merely writing it into files
located in audit_file_dest, I need some mechanism to re-route these messages
to the syslog service so they can be forwarded to the core syslog server.

This poses several issues:

- The OS is AIX, Filesystem is UFS - and I'm unaware of any
filesystem-triggers that could handle such a job using OS supported functionality
- Running a background process that constantly monitors the directory -
could easily be killed
- Protecting it via a cronjob still leaves a window open where the files can
be tampered with
- And it all seems like a hack, not like an elegant solution
Has anybody got any experience with these kinda situations ? Appreciate any kind of feedback Regards Stefan This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system. --
Received on Thu Aug 03 2006 - 09:24:29 CDT

Original text of this message