Re: Sarbaynes-Oxley and the Oracle DBA

From: Mark Bole <makbo_at_pacbell.net>
Date: Mon, 13 Sep 2004 02:15:38 GMT
Message-ID: <ep71d.18878$2p6.8643@newssvr27.news.prodigy.com>

Mark D Powell wrote:

> "Howard J. Rogers" <hjr_at_dizwell.com> wrote in message news:<41329c33$0$22855$afc38c87_at_news.optusnet.com.au>...
> 

>>Mladen Gogala wrote:
>>
>>
>>>On Sun, 29 Aug 2004 11:12:11 -0700, Prem K Mehrotra wrote:
>>>
>>>
>>>>I sure admire your wit but not your understanding of logminer.
>>>>Logminer can be used to audit databases and database auditing is part
>>>>of security.
>>>
>>>Logminer serves to re-construct transactions. It is hardly suitable for
>>>auditing. Logminer is used to re-construct information from redo-logs and
>>>is unsuitable for auditing purposes, especially now when there is FGA.
>>>Logminer should not be covered in a security book. It belongs to the DBA
>>>books.
>>
>>Interested to know why you are of that opinion, since it's one I
>>fundamentally disagree with. [..]
>>
>>But redo is generated regardless of your auditing needs. So suddenly
>>deciding to use redo as an auditing mechanism incurs no overhead on the
>>database which the database wasn't already suffering (querying from
>>v$logminer_contents excepted, obviously). It captures times, usernames and
>>sql statements. And it captures precisely the values that were modified by
>>DML. [...]
>>
>>Regards
>>HJR

> 
> 
> I agree with HJR's position on the use of the archived redo logs via
> logminer as a valid auditing tool.  It would be even better if the
> logminer function could be ran completely separate from the database
> in batch. [...]
> 
> IMHO -- Mark D Powell --

In agreement also. (... met with some former co-workers at party recently, Sarbaynes-Oxley was mentioned.. thanx to c.d.o.s I could actually say, "oh, yeah, I've heard about that").

Based on the previous comment, I'm obviously not an S-O expert, but in the general field of "auditing", I am confident in the following:

One very important feature of logmining hasn't been mentioned. Not only does it include every DML value that was changed, but it includes UN-committed transactions. It could be interesting, from an auditing perspective, to know what was tried and subsequently rolled back, as opposed to just what succeeded. Kind of like a Recycle Bin in Windows that you can never completely empty... ;-)

As for "batch" use of logminer, you can run it completely independently of the source database, even on a different server (but yes, you do need a database of some kind to mine the log).

--Mark Bole Received on Sun Sep 12 2004 - 21:15:38 CDT