Re: audit problem

Hi Peter

You do not mention the version but if you have 9i then a solution would be to use fine grained auditing. It is possible to capture the SQL statement that matches the predicate. You should be able to set a predicate that will always match and therefore capture the SQL statement. Have a look on my site in http://www.petefinnigan.com/orasec. htm, there are a few links to papers written about the features and how to use fine grained auditing. Something may be of use to you.

One other less appealing approach is to capture the SQL at source. If you have access to the application source and if you can guarantee (never i would say!!) that access is always through the app you could capture the SQL there. I seem to remember a recent discussion on doing just this, either on this group or Jared's group.

Hope some of this helps

kind regards

Pete

-- 
Pete Finnigan

Email : pete_at_petefinnigan.com
Web site: http://www.petefinnigan.com

Pete is the founder of PeteFinnigan.com Limited a UK based company specialising 
in Oracle security audits and services. Email info_at_petefinnigan.com for details 
and availability.

Pete Finnigan is the  author of the recently published book about Oracle 
security from the SANS  Institute "Oracle security Step-by-step (A survival 
guide for Oracle security)" - see http://store.sans.org for details.

Some recently published articles include:

http://online.securityfocus.com/infocus/1689 - "Introduction to simple Oracle
auditing"

http://online.securityfocus.com/infocus/1644 - "SQL injection and Oracle - part 
one"

http://online.securityfocus.com/infocus/1646 - "SQL injection and Oracle - part 
two"