RE: setting of audit_trail initialization parameter
Date: Tue, 28 May 2013 13:56:48 -0500
Message-ID: <A4B582B1B91D3C4D956D8880535CC098130505F859_at_MAIL.solutionary.com>
In the initial post, you said: "We set it to DB, EXTENDED as we need to get the DBID in the syslog file". Perhaps you meant "the OS audit file" instead of "the syslog file"?
Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955 | Solutionary - Relevant | Intelligent | Security
-----Original Message-----
From: John Hallas [mailto:John.Hallas_at_morrisonsplc.co.uk]
Sent: Tuesday, May 28, 2013 9:17 AM
To: Don Granaman; hemantkchitale_at_gmail.com; JBECKSTROM_at_gcrta.org
Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter
Not sure what you mean Don.
One correction to my original post - the extended option also provides details of what the 'alter system' command actually did, whereas without it all the trail file (or syslog file to be precise) shows is that somebody ran an 'alter system command'
Show parameter audit
audit_file_dest string /app/oracle/admin/SID/adump audit_sys_operations boolean TRUE audit_syslog_level string LOCAL0.INFO audit_trail string DB, EXTENDED
cat /etc/syslog.conf
# _at_(#)B.11.31_LR # # syslogd configuration file. # # See syslogd(1M) for information about the format of this file. # mail.debug /var/adm/syslog/mail.log local0.info _at_xx.x.xxx.xx*.emerg
*.info;mail.none;local0.none /var/adm/syslog/syslog.log
*.alert /dev/console
*.alert root
*
-----Original Message-----
From: Don Granaman [mailto:DonGranaman_at_solutionary.com]
Sent: 28 May 2013 15:14
To: John Hallas; hemantkchitale_at_gmail.com; JBECKSTROM_at_gcrta.org
Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter
You must have a custom process to insert DB audit records into syslog, as it is not a native option.
Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955 | Solutionary - Relevant | Intelligent | Security
-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of John Hallas
Sent: Monday, May 27, 2013 2:10 AM
To: hemantkchitale_at_gmail.com; JBECKSTROM_at_gcrta.org
Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter
We set it to DB, EXTENDED as we need to get the DBID in the syslog file. The file is sent to am external company for them to manage and filter on anything untoward. We provide a mapping of DBID to database name so they can report back to us.
John
www.jhdba.wordpress.com
Wm Morrison Supermarkets Plc is registered in England with number 358949. The registered office of the company is situated at Gain Lane, Bradford, West Yorkshire BD3 7DL. This email and any attachments are intended for the addressee(s) only and may be confidential.
If you are not the intended recipient, please inform the sender by replying to the email that you have received in error and then destroy the email. If you are not the intended recipient, you must not use, disclose, copy or rely on the email or its attachments in any way.
This email does not constitute a contract in writing for the purposes of the Law of Property (Miscellaneous Provisions) Act 1989.
Our Standard Terms and Conditions of Purchase, as may be amended from time to time, apply to any contract that we enter into. The current version of our Standard Terms and Conditions of Purchase is available at: http://www.morrisons.co.uk/gscop
Although we have taken steps to ensure the email and its attachments are virus-free, we cannot guarantee this or accept any responsibility, and it is the responsibility of recipients to carry out their own virus checks.
-- http://www.freelists.org/webpage/oracle-lReceived on Tue May 28 2013 - 20:56:48 CEST