Re: Auditing statements
Date: Thu, 4 Aug 2011 09:57:58 +0200
Message-ID: <CAMP1=tvTarRri2tGcM_=rB2QNA+ei=93Mm1scEv_wtUPNaYpFw_at_mail.gmail.com>
Logging of create, drop, grant statements can de done using ddl triggers. For a lot of good examples look here:
http://psoug.org/reference/ddl_trigger.html For start and stop of the database and logging of errors use a system event triggers: http://psoug.org/reference/system_trigger.html
Then all you need is a procedure that will write the information either to a table (maybe use fine grained auditing on that table) or to a file in a secure location. Lots of examples on the great wide internet on how to do that, but write me, if you get stuck.
2011/8/3 P D <pdba1966_at_hotmail.com>
> We have been asked by our security division to run these specific
> statements on a database for auditing purposes. They don’t work. These
> are 11.1.0.7 databases on Standard Edition. Are there some other
> broad-based generic commands that can be run that will capture the purpose
> of what is listed here? If they want it to capture information from
> every user in the database, wouldn’t we have to also explicitly state each
> user name, otherwise all we are really auditing is actions by the sys user
> since that is where the command is being run from?
>
>
>
> Audit drop unused schemas
>
> Audit trap autonomous transactions
>
> Audit any create statement
>
> Audit any drop statement
>
> Audit insert failures
>
> Audit grant any object
>
> Audit database start or stop
>
> **** **
>
> ** **
>
>
-- Regards, Morten Egan http://www.dbping.com -- http://www.freelists.org/webpage/oracle-lReceived on Thu Aug 04 2011 - 02:57:58 CDT