| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Lots of Oracle10g Audit Log Files, Created every one or two second(s)
On Apr 19, 7:19 pm, haiwu..._at_gmail.com wrote:
> On Apr 16, 12:31 am, Digeratus 2006
>
>
>
>
>
> <digeratus2..._at_nospam.hotmaildotcom> wrote:
> > This looks like it is is a connect / as sysdba which is always audited.
> > I think that kind of connect can only come from the Linux database
> > server. You might be able to identify the Linux process by listing all
> > processes owned by oracle and trying to match it with the pid in the
> > .aud file. In HPUX, this is
> > ps -ef|grep oracle
>
> > HTH,
> > Andy Young
>
> > haiwu..._at_gmail.com wrote in news:1176503310.079589.89440
> > @w1g2000hsg.googlegroups.com:
>
> > > This is Oracle10g RAC, and there are lots of audit log files created
> > > by default under $ORACLE_HOME/rdbms/audit folder, they got created
> > > every one or two second(s) on each node, for each database instance
> > > running on this RAC.
>
> > > The following is one entry. As you can see, it does not have "CLIENT
> > > TERMINAL" information, and I don't know how to track this to find out
> > > which processes or application or background process is causing this
> > > sys login, so frequently.
>
> > > Any ideas?
> > > Thanks,
> > > Hai
>
> > > Audit file /home/oracle/app/product/10.1.0.4/rdbms/audit/ora_17242.aud
> > > Oracle Database 10g Enterprise Edition Release 10.1.0.4.2 - Production
> > > With the Partitioning, Real Application Clusters, OLAP and Data Mining
> > > options
> > > ORACLE_HOME = /home/oracle/app/product/10.1.0.4
> > > System name: Linux
> > > Node name: wpprddb1
> > > Release: 2.4.21-37.ELsmp
> > > Version: #1 SMP Wed Sep 7 13:28:55 EDT 2005
> > > Machine: i686
> > > Instance name: oid1
> > > Redo thread mounted by this instance: 1
> > > Oracle process number: 26
> > > Unix process pid: 17242, image: oracle_at_wpprddb1 (TNS V1-V3)
>
> > > Fri Apr 13 17:25:06 2007
> > > ACTION : 'CONNECT'
> > > DATABASE USER: '/'
> > > PRIVILEGE : SYSDBA
> > > CLIENT USER: oracle
> > > CLIENT TERMINAL:
> > > STATUS: 0- Hide quoted text -
>
> > - Show quoted text -
>
> The connection were done so fast, it is not possible for me to capture
> it.- Hide quoted text -
>
> - Show quoted text -
That's why I suggested using an after logon database trigger ... have it enabled for just a brief period of time.
There's no way for a connection request to escape from the ater logon trigger. Received on Thu Apr 19 2007 - 18:25:18 CDT
 |
 |