Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: audit response
Hi!
> For example, in 9i Release 2, you can audit SYS actions (set
> AUDIT_SYS_OPERATIONS=TRUE). That produces a trace file at the O/S level,
> and one presumes that it would be possible (and sensible) to arrange for
> the file to be written to a directory to which the DBA doesn't have
rights.
One problem is that when you're a DBA you can create a directory in Oracle and mess the audit file up with utl_file or call some external library to do other dark things...
One solution I've used is to run a tail -f on log file under root which either saves copy of alert & audit logs to really secure directory not accessible to oracle executables or even transports them to monitoring or audit server using SSH.
Tanel. Received on Fri Jul 25 2003 - 18:02:56 CDT