Re: Protecting contents of AUDIT_FILE_DEST from 'oracle' OS user on *NIX...

From: David Mann <>
Date: Mon, 21 Nov 2011 11:51:09 -0500
Message-ID: <>

On Sat, Nov 19, 2011 at 11:48 AM, David Robillard <> wrote:
> Hello David,
> Why don't you send the audit logs over to syslog? Once configured to
> work with syslog, you can keep a local copy or have then sent over to
> your central syslog server. Easy, clean and secure.
> <ShamelessPlug>
> Maybe that could help?
> </ShamelessPlug>

I think this is the way to go. I have probably skimmed that section of the docs a half dozen times but obviously it never 'stuck;. Also thanks to Paul D. who replied to me directly about the same method. Now on to talk to the sysadmins and get a thumbs up from them :)

Don we are on our way to locking oracle user and using sudo 100% of the time but not quite there yet.

Tim I like your method for getting granularity better than 1 time/minute with cron... but I think still there is some exposure there ... if a malicious DBA is determined he could brute force rm* in that directory and possibly remove some files.


Dave Mann - Database Stuff -
Received on Mon Nov 21 2011 - 10:51:09 CST

Original text of this message