Re: Auditing statements
From: David Fitzjarrell <oratune_at_yahoo.com>
Date: Wed, 3 Aug 2011 14:54:27 -0700 (PDT)
Message-ID: <1312408467.65866.YahooMailNeo_at_web65415.mail.ac4.yahoo.com>
I thought I was missing something. Thanks, Kevin. David Fitzjarrell From: "Lange, Kevin G" <kevin.lange_at_ppoone.com> To: oracle-l_at_freelists.org Sent: Wednesday, August 3, 2011 2:45 PM Subject: RE: Auditing statements There is an audit record kept in the audit directory outside the database for stops and starts (at least in 10.2). Agree with the rest. From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of David Fitzjarrell Sent: Wednesday, August 03, 2011 4:33 PM To: pdba1966_at_hotmail.com; oracle-l_at_freelists.org Subject: Re: Auditing statements Audit drop user; -- addresses the schema drop (although it doesn't specify "unused") I see no way to audit any autonomous transactions outside of instrumenting the code to populate a table. You'll need to set up audits for all create statements -- there is no 'blanket' audit for creates. Same for drops and inserts, with the added criteria of "whenever not successful" to only capture failed inserts. GRANTs also need to be individually audited (grant table , etc.) but this also audits REVOKEs. There is no audit on starting/stopping the database because those operations are recorded in the alert log. If anyone knows any differently I'll be happy to be proven wrong. David Fitzjarrell From: P D <pdba1966_at_hotmail.com> To: oracle-l_at_freelists.org Sent: Wednesday, August 3, 2011 12:28 PM Subject: Auditing statements We have been asked by our security division to run these specific statements on a database for auditing purposes. They don’t work. These are 11.1.0.7 databases on Standard Edition. Are there some other broad-based generic commands that can be run that will capture the purpose of what is listed here? If they want it to capture information from every user in the database, wouldn’t we have to also explicitly state each user name, otherwise all we are really auditing is actions by the sys user since that is where the command is being run from? Audit drop unused schemas Audit trap autonomous transactions Audit any create statement Audit any drop statement Audit insert failures Audit grant any object Audit database start or stop This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.
Date: Wed, 3 Aug 2011 14:54:27 -0700 (PDT)
Message-ID: <1312408467.65866.YahooMailNeo_at_web65415.mail.ac4.yahoo.com>
I thought I was missing something. Thanks, Kevin. David Fitzjarrell From: "Lange, Kevin G" <kevin.lange_at_ppoone.com> To: oracle-l_at_freelists.org Sent: Wednesday, August 3, 2011 2:45 PM Subject: RE: Auditing statements There is an audit record kept in the audit directory outside the database for stops and starts (at least in 10.2). Agree with the rest. From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of David Fitzjarrell Sent: Wednesday, August 03, 2011 4:33 PM To: pdba1966_at_hotmail.com; oracle-l_at_freelists.org Subject: Re: Auditing statements Audit drop user; -- addresses the schema drop (although it doesn't specify "unused") I see no way to audit any autonomous transactions outside of instrumenting the code to populate a table. You'll need to set up audits for all create statements -- there is no 'blanket' audit for creates. Same for drops and inserts, with the added criteria of "whenever not successful" to only capture failed inserts. GRANTs also need to be individually audited (grant table , etc.) but this also audits REVOKEs. There is no audit on starting/stopping the database because those operations are recorded in the alert log. If anyone knows any differently I'll be happy to be proven wrong. David Fitzjarrell From: P D <pdba1966_at_hotmail.com> To: oracle-l_at_freelists.org Sent: Wednesday, August 3, 2011 12:28 PM Subject: Auditing statements We have been asked by our security division to run these specific statements on a database for auditing purposes. They don’t work. These are 11.1.0.7 databases on Standard Edition. Are there some other broad-based generic commands that can be run that will capture the purpose of what is listed here? If they want it to capture information from every user in the database, wouldn’t we have to also explicitly state each user name, otherwise all we are really auditing is actions by the sys user since that is where the command is being run from? Audit drop unused schemas Audit trap autonomous transactions Audit any create statement Audit any drop statement Audit insert failures Audit grant any object Audit database start or stop This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Aug 03 2011 - 16:54:27 CDT