Audit logs found on Oracle 9.2.0.5

Similar Messages

• Unable to get Audit logs for Data Mining Model Oracle11g

  Hi All, I followed all the steps given below 2 links but not getting any audit logs.
  http://download.oracle.com/docs/cd/B28359_01/datamine.111/b28130/install_odm.htm#DMADM024
  http://download.oracle.com/docs/cd/B28359_01/datamine.111/b28130/schemaobjs.htm#sthref233
  Made sure the audit_trail is set to DB.
  SQL cmds and its output shown below
  SQL> AUDIT GRANT,AUDIT,COMMENT,RENAME,SELECT ON mining model NB_SH_Clas_sample;
  Audit succeeded.
  SQL> COMMENT ON MINING MODEL NB_SH_Clas_sample IS 'i am here';
  COMMENT ON MINING MODEL NB_SH_Clas_sample IS 'i am here'
  ERROR at line 1:
  ORA-03113: end-of-file on communication channel
  Process ID: 31648
  Session ID: 135 Serial number: 114
  SQL> quit
  Please help me if i have left out any step
  Thanks in Advance

  Hi.
  Please take a look at the other concurrent thread on model object auditing for more detailed information. If you have Oracle support, please file a TAR with Metalink (http://metalink.oracle.com).
  Regards, Peter.

• TFS 2013 - Export Audit Log - API?

  Trying to use the new 2013 access audit log found on the "Access Levels" Admin web page to compare against list of users with MSDN accounts to ensure licensing compliance.  While I can manually export the access log to .csv per the built-in
  functionality, is the audit log accessible via the TFS API?
  Would like to automate, say obtaining audit log entries for the last 6 months ... within a PS script.

  Hi Jdlaw64,  
  Thanks for your post.
  The Export Audit Log shows all current users and groups information in TFS Server, it contains all the information of who accessed the TFS Server and when they did that, and it also shows what level of access that user or group has. We cannot get the entries
  from this log by date time(last 6 months).
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• DBA Opinion on Audit Logs in Oracle Database

  As the title suggests - what are your initial reaction when your auditors come to you and say "why arent audit logs turned on table a, b, c, d.....z, a1 etc".
  Scenario - say the auditor is interested in audit logs and settings as the Database houses PII and bank account data....
  The common response from the DBA from what I have seen is "do you realise how much this will cost and what impact it will have on performance" (waving your fists).
  So please tell me as a profressional Oracle DBA:
  What financial (broke down in detail if poss) considerations need to be made when deploying an audit policy to a database housign sensitive data.
  What technical (broke down in detail if poss) considerations need to be made when deploying an audit policy to a database housign sensitive data.
  I look forward to your replies.

  Many, many things to consider.
  It will be generally not practical to audit everything down to excruciating detail (as usually requested by well-meaning but technically challenged auditors) without causing significant overhead. Having said that it will be equally irresponsible not to setup auditing on a database that will be used for production. So every DBA needs to find a happy medium that is acceptable to the management, users, auditors, plus compliance with industry/state/federal regulations, etc.
  If you wish to use Fine-grained Auditing (FGA), it requires an Enterprise Edition license.
  If you need a crash course, Rampant publishes a book that addresses Oracle Auditing:
  Oracle Privacy Security Auditing

• Can oracle audit logs keep info of Blocking or blacklisting a user ID, terminal or access port, and the reason for the action?

  Hello,
  I am workin on Oracle 11G STIGs and one STIGs states that audit log should include followings;
  - User ID.
  - Successful and unsuccessful attempts to access security files
  - Date and time of the event.
  - Type of event.
  - Success or failure of event.
  - Successful and unsuccessful logons.
  - Denial of access resulting from excessive number of logon attempts.
  - Blocking or blacklisting a user ID, terminal or access port, and the reason for the action.
  - Activities that might modify, bypass, or negate safeguards controlled by the system.
  I know how to enable audit trial with OS or DB, EXTENDED levels.  However, I could not find if it is possible that audit logs can contain info of Blocking or blacklisting a user ID, terminal or access port, and the reason for the action.

  2687254 wrote:
  Hello,
  I am workin on Oracle 11G STIGs and one STIGs states that audit log should include followings;
  - User ID.
  - Successful and unsuccessful attempts to access security files
  - Date and time of the event.
  - Type of event.
  - Success or failure of event.
  - Successful and unsuccessful logons.
  - Denial of access resulting from excessive number of logon attempts.
  - Blocking or blacklisting a user ID, terminal or access port, and the reason for the action.
  - Activities that might modify, bypass, or negate safeguards controlled by the system.
  I know how to enable audit trial with OS or DB, EXTENDED levels.  However, I could not find if it is possible that audit logs can contain info of Blocking or blacklisting a user ID, terminal or access port, and the reason for the action.
  Think about that.  If the port or terminal (client ip address) is blocked, then the communication never got to the database.  So how would the database be able to audit an action that never got there?

• Attribute Encryption in the Audit log

  All,
  I am encrypting attributes so sensitive data is encyrpted at rest. Found out that the audit log doesn't encrypt these attributes. It encrypts userpassword, but not these. Is there a setting or configuration I can extend that will encrypt these attributes in the audit file?
  And if there is, what happens if I need to expand the list of encrypted attributes.
  I am currently running v 6.3.x, and in process of upgrading to ODSEE 11g.x
  Frank

  Hello,
  as far as I can understand, I'm afraid that what you're trying to accomplish is not possible, since attribute encryption is something that happens 'within the Directory Server instance, between the protocol and the DB'... so the informations are sent in clear over the protocol, and this is what the audit log captures. According to the official product documentation:
  http://docs.oracle.com/cd/E19261-01/820-2763/bcaeg/index.html
  "Attribute encryption protects sensitive data while it is stored in the directory. Attribute encryption allows you to specify that certain attributes of an entry are stored in an encrypted format. This prevents data from being readable while stored in database files, backup files, and exported LDIF files.
  With this feature, attribute values are encrypted before they are stored in the Directory Server database, and decrypted back to their original value before being returned to the client. You must use access controls to prevent clients from accessing such attributes without permission, and SSL to encrypt the attribute values when in transit between the client and Directory Server."
  HTH,
  Marco

• Suggestions needed to implement Audit Logging

  In our project we have a requirement to implement Audit logging. i.e., we need to track any changes in the form of CREATE, UPDATE and DELETE of any field in the database. We have some UI also which will present this change history to the user.
  After a couple of internal discussion we found two solutions
  Solution - 1
  Create one AUDIT_LOG table with columns like TABLE_NAME, COLUMN_NAME, OLD_VALUE, NEW_VALUE, UPDATED_BY and create triggers in every table to insert the old value and new value to this AUDIT_LOG table.
  Solution - 2
  create separate Audit tables which match exactly same as original table and whenever a change happens in the main table, insert a entry in the audit table by using trigger.
  We are planning to choose the second solution as it looks like, in the long run this approach will help us to avoid any maintenance issues arise out of storing all changes in the entire DB in to one table. Only problem here is our application team may need to add some logic in their code to present the data to user through their application in old value and new value format.
  Do anybody have any other good solution for implementing Audit logging in Database layer. Please put your comments on the 2 solutions which i described above.
  Thanks In advance

  Hi,
  Only problem here is our application team may need to add some logic in their code to present the data to user through their application in old value and new value format.Through trigger, you can invoke old and new value, no change is necessary to your app code. You can read more info about this on Oracle doc : http://download-west.oracle.com/docs/cd/B10501_01/server.920/a96540/statements_76a.htm#2064355
  Nicolas.
  Message was edited by:
  Nicolas Gasparotto
  I read one more your question, my response is not in direct link with this last one. I'm sorry, it's a little misunderstood.

• The format of Audit log file

  We have a perl script to extract data from Audit log files(Oracle Database 10g Release 10.2.0.1.0) which have format as bellow.
  Audit file /u03/oracle/admin/NIKKOU/adump/ora_5037.aud
  Oracle Database 10g Release 10.2.0.1.0 - Production
  ORACLE_HOME = /u01/app/oracle/product/10.2.0
  System name:     Linux
  Node name:     TOYDBSV01
  Release:     2.6.9-34.ELsmp
  Version:     #1 SMP Fri Feb 24 16:54:53 EST 2006
  Machine:     i686
  Instance name: NIKKOU
  Redo thread mounted by this instance: 1
  Oracle process number: 22
  Unix process pid: 5037, image: oracleNIKKOU@TOYDBSV01
  Sun Jul 27 03:06:34 2008
  ACTION : 'CONNECT'
  DATABASE USER: 'sys'
  PRIVILEGE : SYSDBA
  CLIENT USER: oracle
  CLIENT TERMINAL:
  STATUS: 0
  After we update the db from Release 10.2.0.1.0 to Release 10.2.0.4.0, the format of Audit log file had been changed to something likes below.
  Audit file /u03/oracle/admin/NIKKOU/adump/ora_1897.aud
  Oracle Database 10g Release 10.2.0.4.0 - Production
  ORACLE_HOME = /u01/app/oracle/product/10.2.0
  System name:     Linux
  Node name:     TOYDBSV01
  Release:     2.6.9-34.ELsmp
  Version:     #1 SMP Fri Feb 24 16:54:53 EST 2006
  Machine:     i686
  Instance name: NIKKOU
  Redo thread mounted by this instance: 1
  Oracle process number: 21
  Unix process pid: 1897, image: oracle@TOYDBSV01
  Tue Oct 14 10:30:29 2008
  LENGTH : '135'
  ACTION :[7] 'CONNECT'
  DATABASE USER:[3] 'SYS'
  PRIVILEGE :[6] 'SYSDBA'
  CLIENT USER:[0] ''
  CLIENT TERMINAL:[7] 'unknown'
  STATUS:[1] '0'
  Because we have to rewrite the perl script, could anyone tell us where we can find the manual to describe the format of the Audit log file.

  Oracle publishes views of the audit trail data. You can find a list of the views for the 11.1 database here:
  http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#BCGIICFE
  The audit trail does not really change between patchsets as that would constitute underlying structure changes and right now, the developers are not allowed to change the underlying structure of tables in patchsets. But, we can change what may be displayed in a column from patchset to patchset. For example, we are getting ready to update the comment$text field to display more information like dblinks and program names.
  I personally don't like overloading the comment$text field like that, but sometimes when you need the information, that is the only choice except to wait for the next major release :)
  As for the output of the audit log files, those can change between patchsets because of bugs that were found and some changes to support Audit Vault. My apologies out there for anyone that is reading the audit files written to the OS directly, I would recommend using the views.
  Hope that helps. Tammy

• Feature Question - Audit Logging

  Hello forum. Sorry if this is the wrong thread for this topic, but I was wondering if audit logging is a Standard Edition feature or if it's Enterprise only.
  I can't find anything specifically saying that it is or isn't, and it's not enabled on my database so other than trying to enabling it and getting an error message (or not) I can't find an answer.
  Sorry if this is a noob question, but I couldn't find anything about whether RMAN backup encryption was a Standard or Enterprise feature either, and it bit me in the ass when I found out it was Enterprise only.
  Thanks in advance...

  My apologies if you think I wasn't thorough enough in my own research before asking the question. I did do my own research using oracle's docs and google, and my final resource was the 10g Oracle Database Security Guide, which mentioned nothing about which versions supported which features.
  I did post my original question yesterday morning and received no response. As you said, this is a volunteer forum, and I'm grateful for the assistance, but as sad as you think it is that I asked for an answer within a time frame, I was left with no choice. The question was posed to me yesterday morning and I needed to return an answer this afternoon.
  In any event, thank you for the information.

• Error while trying to Log In to Oracle BI Publisher through Microsoft Word

  Hi:
  I get a runtime error when I try to log in to Oracle BI Publisher through MS Word. It says - "File or assembly name XDOUtilities, or one of its dependencies, was not found."
  Please help.
  OBIEE Version 10.1.3.2
  BI Publisher Version 10.1.3.2

  Hi,
  Check your Deployments with in weblogic Admin console.
  Might one of your App might get into failed state or prepared state.
  If it is prepared state then make it active and try to access your App again.
  Regards,
  kal

• I got warning in audit log but I don't get any alerts...

  Hello,
  I have File Adapter sender with FCC.
  Because I was curious how FCC will behave when invalid file is used as a source file.
  I deleted much of the contents in the source file and the File adpater with FCC read it.
  In communication channel monitoring in RWB, I got this message in Audit log.
  "Empty document found - proceed without sending message".
  However, I cannot find this message anywhere else... Either in Message Monitoring (RWB) or SXMB_MONI (SAPGUI).
  Also, I don't get any alerts.
  How do I get alerts when file is not processed by file adapter?
  Also, how do I view alert view for this kind of error?
  Thank you.
  -Won

  Hi Won,
  I suppose that you have checked alredy that your alerts are setup correctly and rules are defined for it.
  First, you might set the log level of the file adapter to debug - you should see the issue in the NWA log.
  Should PI try to generate an alert but fails, you would also see it here and locate your problem.
  But, my opinon is that  your chances are not very good to get an alert in such case. SAP decided for which issue they issue an alert and for which not.
  When you have an empty file in the file adapter, it seems that SAP thiks that this is not to critical and therefore they don't issue an alert.
  The reason why you dont see it anywhere else is, that the adapter generates a message id only when there is something to make a message. Empty file means no message and you can not see it in the monitoring tools.
  best regards,
  Markus

• Audit log missing in message in Message Monitor

  Hi,
  I am facing a weird problem.
  I found this in one of my scenario where we are using AS2 adapter and its an IDoc to file scenario.
  When I go to details of messages in message monitor in RWB,sometimes the Audit log is empty.
  It is happening randomly and not specific to any scenario as later on I found the same problem in some messages from other scenarios too.
  I have never faced this problem till now and it was working fine before.
  Can anyone please let me know what could be the reason for this as this is difficult for me in case I need to analyse a message and there is no audit log.
  Thanks in advance.
  Regards,
  Shweta

  Hi Rajesh,
  Doesnt work for me :(((
  404   Not Found
    The requested resource /messagingsystem/monitor/monitor.jsp is not available
    Details:   File [messagingsystem/monitor/monitor.jsp] not found in application root of alias [/] of J2EE application [sap.com/com.sap.engine.docs.examples].
  Thanks.
  Regards,
  Shweta

• Missing Audit Log of Adapter Engine in Message Monitoring

  Hi!
  I've a problem with a fresh installed PI:
  The Adapter Engine doesn't log anything in the Message Monitoring. The Integration Engine logs everything properly, but all entries from the adapter engine are missing. It looks like no message was processed by the AE, but in fact AE is processing the messages properly, only logging fails.
  What can cause this behaviour?
  Best regards,
  Daniel

  Hi Agasthuri,
  yes, maybe something gone wrong in the post install, I will ask the guy which did the installation of the PI. Therefore I didn't have the logon data for performing a cache refresh, but in the log entries it seems that this is working properly.
  Hi Praveen,
  in Communication Channel Monitoring (In PI this is no longer found under Adapter Monitoring), I can see that the messages are delivered, but I can't see the Audit Log entries there.
  I checked the MDT, but there are also no messages displayed.
  End-to-End-Monitoring seems to be a good solution, but it seems that it is something configured wrong in this installation I will try to get the guy which cares for Basis to look after it.
  Best regards,
  Daniel

• Audit Log Report generating an "Out of Memory" error message.

  Greetings. We are a new IDM customer. We are running IDM 6.0 with an Oracle database. We are now getting the following error message when we run the IDM Audit Log Report for Today's Activities:
  "java.lang.OutOfMemoryError".
  How do we increase the memory setting for reporting? Thanks.

  Hi,
  I am also getting the same error. I have netbeans with tomcat andi modified the setting the netbeans.conf to
  netbeans_default_options="-J-Xms32m -J-Xmx750m -J-XX:PermSize=32m -J-XX:MaxPermSize=750m -J-Xverify:none -J-Dapple.laf.useScreenMenuBar=true"
  i have 896MB of RAM. However, the error is still showing up? Any ideas on how to resolve this?
  Thanks,

• Audit Log Management

  I cannot get my Audit Log Management job to run. It fails because "Invalid audit archive path. Please check your setting." Where do I check the setting? I am running 5.0.3 with Collab 4.0. Thanks.

  Just an FYI, with ZDM 6.5 HP3 the file name changed from AuditLog.txt to
  ZRMAudit.txt still located under system32 on Windows XP.
  Jim Webb
  >>> On 5/22/2006 at 3:27 PM, in message
  <[email protected]>,
  Jim Webb<[email protected]> wrote:
  > Well I found out the ZDM 6.5 HP2 fixes the problem of the log file not
  > being
  > created.
  >
  > Jim Webb
  >
  >>>> On 5/19/2006 at 8:37 AM, in message
  > <[email protected]>,
  > Jim Webb<[email protected]> wrote:
  >> Well, it does show up in the event log but not in the inventory. If I
  >> disable inventory the log file won't be deleted, correct?
  >>
  >> Jim Webb
  >>
  >>>>> On 5/18/2006 at 10:03 AM, in message
  >> <[email protected]>, Marcus
  >> Breiden<[email protected]> wrote:
  >>> Jim Webb wrote:
  >>>
  >>>> I did a search on a machine I am remote controlling, no log file. What
  >>>> next?
  >>> good question... does the session show up in the eventlog?