RE: Oracle Audit aud$ vs Database Logon Trigger

From: Don Granaman <DonGranaman_at_solutionary.com>
Date: Fri, 19 Oct 2012 10:29:15 -0500
Message-ID: <FD98CB0EE75EEA438CAF4DA2E6071C421F0CFFEE85_at_MAIL.solutionary.com>

For a comparison of the performance impact and overhead of auditing to different AUDIT_TRAIL values and such see: http://www.oracle.com/technetwork/database/audit-vault/learnmore/twp-security-auditperformance-166655.pdf Unfortunately, AUDIT_SYSLOG_LEVEL is not covered.

For example, AUDIT_TRAIL=DB,EXTENDED is about 10x as expensive as AUDIT_TRAIL=OS and roughly twice as expensive as AUDIT_TRAIL=DB. XML overhead is between DB and OS, but there are a number of notable bugs in XML auditing, primarily related to using V$XML_AUDIT_TRAIL or DBA_COMMON_AUDIT_TRAIL - in 10g and even the latest 11.2.0.3.4. It is highly unlikely that logon triggers are as efficient as Oracle's internal auditing, but the idea proposed of using an "upsert" trigger to update the latest logon time for a user - or create a new record for the user if none exists - might prove the least offensive.

We DBAs tend to prefer auditing to the database since we are comfortable with SQL, but there is a cost. XML could provide the best of both worlds - relatively low overhead and access to the audit trail via SQL*Plus, but be aware of the potential issues, particularly in 10g (for a "biggie", see DocID: 755149.1. It was an XML show-stopper for us.). However, depending on version, XML might be more trouble than it is worth (periodically purging the audit files, rebuilding the 10g [only] index file, etc.).

However, if your auditing is limited to sessions - at a few hundred or a few thousand a day - then performance is likely not a determining factor.

-----Original Message-----

From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Sanjay Mishra Sent: Wednesday, October 17, 2012 9:32 PM To: oracle-l
Subject: Oracle Audit aud$ vs Database Logon Trigger

Can someone help as what is best approach in term system performance and best practices for auditing. Requirements is only to check what user has not logon to the database in x number of days and create a report on daily basis. Requirement is to report user who has not logon to the database in last 180 days. So what is best practices like to use Audit command or Database Logon Trigger. Any help in providing any fact is highly appreciable

TIA
Sanjay

--

http://www.freelists.org/webpage/oracle-l

--

http://www.freelists.org/webpage/oracle-l Received on Fri Oct 19 2012 - 17:29:15 CEST

This message: [ Message body ]
Next message: Niall Litchfield: "Re: MOS SR updates not showing dates anymore?"
Previous message: Ingrid Voigt: "Re: MOS SR updates not showing dates anymore?"
In reply to: Sanjay Mishra: "Oracle Audit aud$ vs Database Logon Trigger"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message