RE: Auditing statements

From: Lange, Kevin G <kevin.lange_at_ppoone.com>
Date: Wed, 3 Aug 2011 16:45:31 -0500
Message-ID: <F077F09A0E11504D9E720358BEE994D1085248BB_at_APSW0553EVS.ms.ds.uhc.com>

There is an audit record kept in the audit directory outside the database for stops and starts (at least in 10.2). Agree with the rest.

From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of David Fitzjarrell Sent: Wednesday, August 03, 2011 4:33 PM To: pdba1966_at_hotmail.com; oracle-l_at_freelists.org Subject: Re: Auditing statements

Audit drop user; -- addresses the schema drop (although it doesn't specify "unused")

I see no way to audit any autonomous transactions outside of instrumenting the code to populate a table.

You'll need to set up audits for all create statements -- there is no 'blanket' audit for creates. Same for drops and inserts, with the added criteria of "whenever not successful" to only capture failed inserts. GRANTs also need to be individually audited (grant table , etc.) but this also audits REVOKEs.

There is no audit on starting/stopping the database because those operations are recorded in the alert log.

If anyone knows any differently I'll be happy to be proven wrong.

David Fitzjarrell

From: P D <pdba1966_at_hotmail.com>
To: oracle-l_at_freelists.org
Sent: Wednesday, August 3, 2011 12:28 PM Subject: Auditing statements

We have been asked by our security division to run these specific statements on a database for auditing purposes. They don't work. These are 11.1.0.7 databases on Standard Edition. Are there some other broad-based generic commands that can be run that will capture the purpose of what is listed here? If they want it to capture information from every user in the database, wouldn't we have to also explicitly state each user name, otherwise all we are really auditing is actions by the sys user since that is where the command is being run from?

Audit drop unused schemas
Audit trap autonomous transactions
Audit any create statement
Audit any drop statement
Audit insert failures
Audit grant any object
Audit database start or stop

This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Aug 03 2011 - 16:45:31 CDT

This message: [ Message body ]
Next message: David Fitzjarrell: "Re: Auditing statements"
Previous message: David Fitzjarrell: "Re: Auditing statements"
In reply to: David Fitzjarrell: "Re: Auditing statements"
Next in thread: David Fitzjarrell: "Re: Auditing statements"
Reply: David Fitzjarrell: "Re: Auditing statements"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message