Re: audit_trail=os

From: Jay Hostetter <hostetter.jay_at_gmail.com>
Date: Fri, 21 Jun 2013 07:22:19 -0400
Message-ID: <CAD7fdYuJsrAbs9k+5ucGckqo0OW2fisYiUxjvx8-ufhmct7BJQ_at_mail.gmail.com>

grep is OK, but at a previous job I had a script that would check AUD$ for certain undesirable activities (like x failed logins for a user in the last 15 minutes). Seems like that would be a bit hard to script using grep. Plus I'd have to look up the action codes. Maybe I'm just being lazy, since the SQL was straightforward.
External tables would be an option. I may have to explore that route a bit further.

Thank you for the responses.

Jay

On Fri, Jun 21, 2013 at 6:38 AM, Nuno Souto <dbvision_at_iinet.net.au> wrote:

> On 21/06/2013 4:41 AM, Jay Hostetter wrote:
> > For those of you who send your audit records to the OS, what tool(s) do
> you
> > use to mine/monitor/parse the data? I've inherited some databases that
> send
> > it to the syslog. The data is then loaded via a custom Perl script into
> a
> > central database. This seems like we're reinventing the wheel. I just
> > wanted to see what other folks are doing (outside of using Audit Vault).
> > We're running mostly 11gR2 on SUSE Linux.
> >
>
> I use good old grep but I'm after specific information.
> My logs are also sent to an auditing company that does God only knows
> what with them...
>
> --
> Cheers
> Nuno Souto
> dbvision_at_iinet.net.au
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Jun 21 2013 - 13:22:19 CEST

This message: [ Message body ]
Next message: Martin Berger: "Re: ORA-08177 at insert?"
Previous message: Bala Krishna: "Archive log file sizes at OS is different from i get the values."
In reply to: Nuno Souto: "Re: audit_trail=os"
Next in thread: bill thater: "RE: audit_trail=os"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message