RE: setting of audit_trail initialization parameter

From: Don Granaman <DonGranaman_at_solutionary.com>
Date: Tue, 28 May 2013 13:56:48 -0500
Message-ID: <A4B582B1B91D3C4D956D8880535CC098130505F859_at_MAIL.solutionary.com>



In the initial post, you said: "We set it to DB, EXTENDED as we need to get the DBID in the syslog file". Perhaps you meant "the OS audit file" instead of "the syslog file"?

Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955 | Solutionary - Relevant | Intelligent | Security

-----Original Message-----
From: John Hallas [mailto:John.Hallas_at_morrisonsplc.co.uk] Sent: Tuesday, May 28, 2013 9:17 AM
To: Don Granaman; hemantkchitale_at_gmail.com; JBECKSTROM_at_gcrta.org Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter

Not sure what you mean Don.
One correction to my original post - the extended option also provides details of what the 'alter system' command actually did, whereas without it all the trail file (or syslog file to be precise) shows is that somebody ran an 'alter system command'

Show parameter audit

audit_file_dest                      string      /app/oracle/admin/SID/adump
audit_sys_operations                 boolean     TRUE
audit_syslog_level                   string      LOCAL0.INFO
audit_trail                          string      DB, EXTENDED

cat /etc/syslog.conf

# _at_(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug              /var/adm/syslog/mail.log
local0.info             _at_xx.x.xxx.xx

*.info;mail.none;local0.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*.emerg

              *
-----Original Message-----
From: Don Granaman [mailto:DonGranaman_at_solutionary.com] Sent: 28 May 2013 15:14
To: John Hallas; hemantkchitale_at_gmail.com; JBECKSTROM_at_gcrta.org Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter

You must have a custom process to insert DB audit records into syslog, as it is not a native option.

Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955 | Solutionary - Relevant | Intelligent | Security

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of John Hallas Sent: Monday, May 27, 2013 2:10 AM
To: hemantkchitale_at_gmail.com; JBECKSTROM_at_gcrta.org Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter

We set it to DB, EXTENDED as we need to get the DBID in the syslog file. The file is sent to am external company for them to manage and filter on anything untoward. We provide a mapping of DBID to database name so they can report back to us.

John
www.jhdba.wordpress.com



Wm Morrison Supermarkets Plc is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL. This email and any attachments are intended for the addressee(s) only and may be confidential.

If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way.

This email does not constitute a contract in writing for the purposes of the Law of Property (Miscellaneous Provisions) Act 1989.

Our Standard Terms and Conditions of Purchase, as may be amended from time to time, apply to any contract that we enter into. The current version of our Standard Terms and Conditions of Purchase is available at: http://www.morrisons.co.uk/gscop

Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks.


--
http://www.freelists.org/webpage/oracle-l
Received on Tue May 28 2013 - 20:56:48 CEST

Original text of this message