Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: audit problem
Hi Peter
You do not mention the version but if you have 9i then a solution would be to use fine grained auditing. It is possible to capture the SQL statement that matches the predicate. You should be able to set a predicate that will always match and therefore capture the SQL statement. Have a look on my site in http://www.petefinnigan.com/orasec. htm, there are a few links to papers written about the features and how to use fine grained auditing. Something may be of use to you.
One other less appealing approach is to capture the SQL at source. If you have access to the application source and if you can guarantee (never i would say!!) that access is always through the app you could capture the SQL there. I seem to remember a recent discussion on doing just this, either on this group or Jared's group.
Hope some of this helps
kind regards
Pete
-- Pete Finnigan Email : pete_at_petefinnigan.com Web site: http://www.petefinnigan.com Pete is the founder of PeteFinnigan.com Limited a UK based company specialising in Oracle security audits and services. Email info_at_petefinnigan.com for details and availability. Pete Finnigan is the author of the recently published book about Oracle security from the SANS Institute "Oracle security Step-by-step (A survival guide for Oracle security)" - see http://store.sans.org for details. Some recently published articles include: http://online.securityfocus.com/infocus/1689 - "Introduction to simple Oracle auditing" http://online.securityfocus.com/infocus/1644 - "SQL injection and Oracle - part one" http://online.securityfocus.com/infocus/1646 - "SQL injection and Oracle - part two"Received on Tue May 13 2003 - 07:40:19 CDT