Auditing dba to syslog

Hi Hemant,
11.2.0.1
Aix 6.1
I am still confused about sys logging.
I configured sys logging already thru:
editing pfile and add:
*.audit_file_dest='/var/log/oracle/proddr'
*.audit_sys_operations=TRUE
*.audit_trail='OS'
*.audit_syslog_level='LOCAL5.INFO'
The auditor asked me to test login sys and drop the EMP table at scott;
Then check if I was logged in OS syslog. But it was not there
How do I include this sys activity in syslog?
Thanks,
zxy

yxes2013 wrote:
Hi Jg, can you spank Sybrand for me so he gets politeness lesson
I really don't know who was impolite here, since when saying to someone to read doc is impolite ?
You are trying to make funny post with your smiley, but it is not anymore long ago.
Should I add that you marked the answer of smon as correct whereas it has nothing to do with your original question ? That's just a shame. Who's impolite ?
-- Once more, and as long as your threads are slipping down, I'm gonna to lock them. That one too --
Nicolas.

Similar Messages

  • Fine Grained Audit records to syslog

    Hello experts,
    I am working on Standard Auditing and Fine Grained Auditing on 11.2.0.3 databases on Red Hat x86_64.
    I am trying to send Fine Grained Audit records to syslog as for my Standard Audit records with audit_trail set to OS, but can't find any appropriate option.
    When I create FGA policies with the ADD_POLICY procedure of the DBMS_FGA package, the audit_trail parameter can only be set to DB or XML, as stated in [PL/SQL Packages and Types Reference|http://docs.oracle.com/cd/E11882_01/appdev.112/e25788/d_fga.htm#CDEIECAG].
    Does somebody know if it is possible to send FGA audit records to syslog directly:
    1. without using any additional product (e.g. Oracle Audit Vault)?
    2. without doing manual extraction from fga_log$ or DBA_COMMON_AUDIT_TRAIL?
    Thanks for any suggestion.

    Hi,
    Well, i did not used FGA yet.
    I used audit_Trail=db and the query SELECT username,extended_timestamp,owner,obj_name,action_name,sql_text FROM dba_audit_trail WHERE to_char(extended_timestamp, 'DD/MM/RR') = to_char(SYSDATE - 1, 'DD/MM/RR') ORDER BY timestamp)
    Then i wrote a procedure, and exported the results using utl_file .
    And i scheduled this procedure to run daily.
    It works pretty good, if you like the solution as ask for details.
    Hope that helps,
    Regards.

  • Audit DBA Activity, skip table from logical standby!

    Dear All,
    My database is 10gR2 on windows 2003 server.
    I want to know if I can put some audit on the commands: execute dbms_logstdby.skip() to skip tables from Logical standby and also the same on unskipping the objects exec dbms_logstdby.unskip.
    Thanks, Imran

    Hi,
    Given that your Database is 10g, the auditing options were extended to included DML from only SELECT in 9i, but not audit on procedures.  You could double check the Fine Grained Auditing options in 10g, but I don't think this extends to DBMS_ packages.
    I would consider writing a trigger or a small job that monitors the DBA_LOGSTDBY_SKIP view for additional entries.  This is the only workaround that I can suggest that might fit your needs.

  • Standard and sys audit to syslog

    Hello,
    I have question about enabling auditing to syslog.
    Is it possible to configure standard and sys auditing to local syslog in linux environment?
    I have read that from version 10.2 it is possible to add AUDIT_SYSLOG_LEVEL parameter to init.ora to send audit trail to syslog. But I need to have both auditings: standard auditing and sys operations auditing on a remote host using syslog.
    Regards
    Dominik

    Hi,
    I hope that the following document helps: http://www.springerlink.com/index/ut68j3652k06747j.pdf
    Regards,
    Naveed.

  • Audit  to syslog

    Hi all,
    11.2.0.1
    OEL 6
    I have finished configuring send oracle audit log to syslog.
    In the /etc/syslog.conf configuration file:
    #Save oracle rdbms audit trail to oracle_audit.log
    local0.info          /var/log/oracle/oracle_audit.log
    #Send oracle rdbms audit trail to remote syslog server
    local0.info          @192.168.100.1
    It mentioned   local0.info @192.168.100.1  , which file_name & folder location is the log written on this remote target server? Do I need to configure it also?
    Thanks a lot,
    zxy

    Hi,
    I hope that the following document helps: http://www.springerlink.com/index/ut68j3652k06747j.pdf
    Regards,
    Naveed.

  • Audit is enable in local zone

    Audit is enabled and working fine in Global zone.
    root@MMS11:/var/audit# uname -a
    SunOS MMS11 5.11 11.2 sun4v sparc sun4v
    root@MMS11:/var/audit#
    root@MMS11:/var/audit#
    root@MMS11:/var/audit# pkg info entire
              Name: entire
           Summary: entire incorporation including Support Repository Update (Oracle Solaris 11.2.3.4.1).
       Description: This package constrains system package versions to the same
                    build.  WARNING: Proper system update and correct package
                    selection depend on the presence of this incorporation.
                    Removing this package will result in an unsupported system.  For
                    more information see
                    https://support.oracle.com/rs?type=doc&id=1672221.1.
          Category: Meta Packages/Incorporations
             State: Installed
         Publisher: solaris
           Version: 0.5.11 (Oracle Solaris 11.2.3.4.1)
    Build Release: 5.11
            Branch: 0.175.2.3.0.4.1
    Packaging Date: October  2, 2014 10:39:23 PM
              Size: 5.46 kB
              FMRI: pkg://solaris/[email protected],5.11-0.175.2.3.0.4.1:20141002T223923Z
    root@MMS11:/var/audit#
    root@MMS11:/var/audit# ls -lhtr
    total 34343
    -rw-r-----   1 root     root        400K Apr  7 16:41 20150407134107.20150407134155.MMS11
    -rw-r-----   1 root     root         11M Apr  7 17:21 20150407134157.20150407142120.MMS11
    -rw-r-----   1 root     root        5.5M May  4 13:57 20150504103940.not_terminated.MMS11
    root@MMS11:/var/audit#
    root@MMS11:/var/audit# ls -lhtr /var/adm/auditlog
    -rw-r-----   1 root     root        1.0M May  4 13:57 /var/adm/auditlog
    root@MMS11:/var/audit# audit -s
    root@MMS11:/var/audit# zoneadm list -cv
      ID NAME             STATUS      PATH                         BRAND      IP   
       0 global           running     /                            solaris    shared
       5 MMS_NG         running     /zones/MMS_NG              solaris    shared
    =======================================================
    but I am unable to enable audit on local zone.
    I have following
    root@MMS11:/var/audit# zlogin MMS_NG
    [Connected to zone 'MMS_NG' pts/14]
    Oracle Corporation      SunOS 5.11      11.2    September 2014
    You have mail.
    root@MMS_NG:~#
    root@MMS_NG:~#
    root@MMS_NG:~# audit -s
    audit: Neither local nor remote auditing is configured in the non-global zone.
    root@MMS_NG:~#
    root@MMS_NG:~# audit -n
    audit: Neither local nor remote auditing is configured in the non-global zone.
    root@MMS_NG:~# cd /var/audit
    root@MMS_NG:/var/audit# ls -lhtr
    total 94399
    -rw-r-----   1 root     root        149M Apr  7 16:40 20150208124745.not_terminated.MMS_NG
    How I can enable audit in NG zone, I want to enable audit logs with syslog service. as enabled and configured on Global Zone.

    I'm not sure why Ur looking for /etc/system in zones..
    now in soalris 10u10 /soalrs 11..you can configure the kernel parameters as application/user specific
    you can use projadd command to add the resources like shared memory
    if you want add the parameters as global you can use
    zonecfg
    you can refer this doc what parameters u can add to zone with zonecfg
    http://docs.oracle.com/cd/E19455-01/817-1592/z.config.ov-1/index.html
    zone.cpu-shares (preferred: cpu-shares)
    zone.max-locked-memory
    zone.max-lwps (preferred: max-lwps)
    zone.max-msg-ids (preferred: max-msg-ids)
    zone.max-sem-ids (preferred: max-sem-ids)
    zone.max-shm-ids (preferred: max-shm-ids)
    zone.max-shm-memory (preferred: max-shm-memory)

  • BSM / audit_syslog ... how to get command line parameters in syslog?

    Hi All!
    I have been experimenting with Sun Basic Security Module (BSM) and was trying to send audit data via syslog to a central logging server like so:
    # cat /etc/security/audit_startup
    /usr/sbin/auditconfig -setpolicy +argv,arge
    # cat /etc/security/audit_control
    plugin: name=audit_syslog.so;p_flags=lo,ex,fr,fc,fd,fw,fmThis does produce the desired log output on the central logging server, except that the log lines do not contain command line parameters / environment variables:
    2008-10-14T15:04:26-06:00 csadm4/csadm4 audit: [ID 702911 audit.notice] execve(2) ok session 1576737601 by rem_adm as root:root in csadm4 from csadm1-16.shell.ca obj /usr/bin/lessAs this makes it pretty useless for keeping proper audit records (there is a difference between
    rm ~/file and
    rm /file that I would like to see) I was wondering if there is a way to customize what is actually produced by audit_syslog.so?
    Thanks in advance,
    Rudolf

    No, your plugin doesn't get any access to the command line.  Look for other methods of IAC (COM, DDE, shared memory, shared file, etc.)

  • How to check which privileges user is using

    Hello All,
    I have a user assigned DBA role in mistake many years back.
    During our security overview I is flagged and now I need to revoke the DBA role from that user.At the moment it look like as follows and I am on 10204 database
    Privilege
    Category Granted Privilege
    Role Privs CONNECT
    DBA
    OEM_MONITOR
    RESOURCE
    Sys Privs ALTER ANY MATERIALIZED VIEW
    ANALYZE ANY
    CREATE ANY MATERIALIZED VIEW
    CREATE PROCEDURE
    CREATE ROLE
         CREATE SEQUENCE
    CREATE SESSION
    CREATE TABLE
    CREATE VIEW
    DROP ANY MATERIALIZED VIEW
    GLOBAL QUERY REWRITE
    UNLIMITED TABLESPACE
    Now I need to find what all privileges out of approx 158 in the DBA role this user is using so that I can revoke the DBA role and assign that sys privielege exclusively and later on trim down a bit on those as well if possible?
    Can someone help me in finding or is there a way possible to find out which privileges are actually being used by the user assigned to him via DBA role?
    I can find something on net on those lines, any help or useful pointers would be highly appreciated.
    Many Thanks,
    Rishi

    Hello All,
    Right I think auditing the DBA role could save my day.I have enable the auditing on the DB for dba role as shown below:
    audit_file_dest string /oraadmin/tgtx/10/adump
    audit_sys_operations boolean FALSE
    audit_syslog_level string
    audit_trail string DB, EXTENDED
    Exact version of the database is:
    Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Prod
    PL/SQL Release 10.2.0.4.0 - Production
    CORE 10.2.0.4.0 Production
    TNS for Linux: Version 10.2.0.4.0 - Production
    NLSRTL Version 10.2.0.4.0 - Production
    I have enable the audit dba role for user exeter as shown:
    SYS@TGTX> AUDIT DBA by exeter WHENEVER SUCCESSFUL;
    Audit succeeded.
    Now I expect to audit all the sys privs assigned to dba role but alas its not working as expected if anyone can shed any light ON it, what I am trying to do is as follows:
    I am trying to use the sys priv that is create any table as user exeter who is assigned dba role as follows:
    SYS@TGTX> select * from dba_role_privs where grantee='EXETER';
    GRANTEE GRANTED_ROLE ADM DEF
    EXETER DBA NO YES
    EXETER CONNECT NO YES
    EXETER RESOURCE NO YES
    EXETER OEM_MONITOR NO YES
    EXETER@TGTX> create table dbaschema.test2 (srno number(10));
    Table created.
    Now I expect to see some records in dba_audit_trail as a result of above commands but there is none, am I doing anything wrong here?
    SELECT * FROM dba_audit_trail
    WHERE USERNAME = 'EXETER'
    ORDER BY timestamp;
    No rows returned but I shall have expected atleast one row to be returned here after enabling the audit on DBA role by exeter.
    Any Ideas?
    Thanks
    Rish

  • Oracle parsing SQL with Hibernate

    Hi,
    I build an J2EE application using framework Hibernate. After auditing DBA on any scenario from my soft, I note all request SQL executed are parsed. Same request, using "bind variable", so identical, is parse as many time it execute (ratio 1/1)... Not really powerful, isn't it?
    Did somebody already encounter the problem?
    Thanks

    This sort of technical question needs to be addressed to one of the technical forums. Products | Database | SQL and PL/SQL would seem to be appropriate here.
    Have you tried applying the latest patchset for your database? Seems to work for me on 9.2.0.5
    SCOTT @ HP92 Local> select * from (
      2  select dept.*,emp.ename from dept
      3  left outer join emp on (emp.deptno=dept.deptno)
      4  )
      5  where (deptno) in
      6  (
      7  select deptno a from
      8  (
      9  select deptno,dname from dept where deptno=10
    10  UNION ALL
    11  select deptno,dname from dept where deptno=20
    12  )
    13  )
    14  /
        DEPTNO DNAME          LOC           ENAME
            10 ACCOUNTING     NEW YORK      CLARK
            10 ACCOUNTING     NEW YORK      KING
            10 ACCOUNTING     NEW YORK      MILLER
            20 RESEARCH       DALLAS        SMITH
            20 RESEARCH       DALLAS        JONES
            20 RESEARCH       DALLAS        SCOTT
            20 RESEARCH       DALLAS        ADAMS
            20 RESEARCH       DALLAS        FORD
    8 rows selected.
    SCOTT @ HP92 Local> select * from v$version;
    BANNER
    Oracle9i Enterprise Edition Release 9.2.0.5.0 - Production
    PL/SQL Release 9.2.0.5.0 - Production
    CORE    9.2.0.6.0       Production
    TNS for 32-bit Windows: Version 9.2.0.5.0 - Production
    NLSRTL Version 9.2.0.5.0 - ProductionJustin
    Distributed Database Consulting, Inc.
    http://www.ddbcinc.com/askDDBC

  • Lighthouse Waveset Database Structure

    Hi All,
    Can anybody help me in figuring out the database structure for the default Lighthouse Database - waveset
    In IDM 5.0, 9 tables have been defined in the waveset database (14 tables in idm 6.0). Primary, foreign and composite keys have been defined for the same. Can anyone help me in finding out which attribute is the primary/foreign/composite key to which table..
    I would also appreciate if somebody helps me in finding out which attribute(from which table) holds the application data viz .... User data(Provisioning Status like deleted, disabled, etc etc), Logs, Reports etc.
    Any help will be highly appreciated....
    Best Regards

    The data structure is found in the scripts which create the tables for you in the db_scripts directory. When you install you have to run that script. All the info should be there.
    Main tables (userobj, account etc) all have a PK of ID. The tables are linked to the *attr tables  via the id column (1-many relation). Most of the information you are looking for is part of the xml stored for each object if it is not specifically stored as an extended attribute in attr1..5.
    a bit more so you know where to start looking:
    userobj, userattr: user objects, no account information
    account, acctattr: all resource account objects
    task, taskattr: all tasks
    org, orgatrr: organisations in IDM
    object, attribute: all other objects
    Logging:
    log, logattr: audit log information
    syslog, slogattr: system log
    Reports are always generated they are not stored.
    WilfredS

  • Login attempts with wrong /expired password..Security

    Hi,
    I need to know dictionary view , which tells which user is trying to login with wrong password.
    Actually login history for oracle user account.
    please tell procedure or configurations for this.
    Thanks in advance.
    Aj

    This is a correct method for OLD versions
    See correct value for AUDIT_TRAIL in 10g : http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/initparams016.htm#REFRN10006
    From a security point of view, the best is to audit into OS (syslog : http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/auditing.htm#sthref1168)
    From a day-by-day point of view, the simplier is to audit into DB (SYS.AU$)
    Thoses parameters are not dynamic but you've to modify thoses in spfile, as Oracle recommand using spifile instead of pfile.
    svrmgrl no longer exist, you have to do this in sqlplus.

  • Lh console error

    Hi,
    When trying to launch the console using lh console, getting Failed to write audit record and syslog record error.
    -----------------------<Start Cause>-----------------------
    ==> com.waveset.util.InternalError:
    ==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    com.sun.idm.logging.LoggingException:
    ==> com.waveset.util.InternalError:
    ==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    at com.sun.idm.logging.audit.AbstractAuditLogPublisher.handleError(Abstr
    actAuditLogPublisher.java:105)
    at com.sun.idm.logging.audit.RepoPublisher.publish(RepoPublisher.java:84
    at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
    isher.java:79)
    at java.lang.Thread.run(Thread.java:595)
    Wrapped exception:
    com.waveset.util.InternalError:
    ==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    at com.waveset.repository.RelationalDataStore.addItem(RelationalDataStor
    e.java:1653)
    at com.waveset.repository.OracleDataStore.addItem(OracleDataStore.java:1
    495)
    at com.waveset.repository.RelationalDataStore$Item.add(RelationalDataSto
    re.java:461)
    at com.waveset.repository.AbstractDataStore.addItems(AbstractDataStore.j
    ava:7703)
    at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:3
    009)
    at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:2
    409)
    at com.waveset.repository.ServerRepository.add(ServerRepository.java:282
    3)
    at com.waveset.server.InternalSession.checkinObject(InternalSession.java
    :697)
    at com.sun.idm.logging.audit.RepoPublisher.writeRecord(RepoPublisher.jav
    a:126)
    at com.sun.idm.logging.audit.RepoPublisher.publish(RepoPublisher.java:81
    at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
    isher.java:79)
    at java.lang.Thread.run(Thread.java:595)
    Wrapped exception:
    weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    at weblogic.jdbc.rmi.internal.PreparedStatementImpl_weblogic_jdbc_wrappe
    r_PreparedStatement_oracle_jdbc_driver_T4CPreparedStatement_921_WLStub.setBlob(U
    nknown Source)
    at weblogic.jdbc.rmi.internal.PreparedStatementStub_weblogic_jdbc_rmi_in
    ternal_PreparedStatementImpl_weblogic_jdbc_wrapper_PreparedStatement_oracle_jdbc
    driverT4CPreparedStatement_921_WLStub.setBlob(Unknown Source)
    at weblogic.jdbc.rmi.SerialPreparedStatement_weblogic_jdbc_rmi_internal_
    PreparedStatementStub_weblogic_jdbc_rmi_internal_PreparedStatementImpl_weblogic_
    jdbc_wrapper_PreparedStatement_oracle_jdbc_driver_T4CPreparedStatement_921_WLStu
    b.setBlob(Unknown Source)
    at com.waveset.repository.OracleDataStore.setString(OracleDataStore.java
    :783)
    at com.waveset.repository.TypeHandler.setString(TypeHandler.java:281)
    at com.waveset.repository.LogTypeHandler.prepareToAddObject(LogTypeHandl
    er.java:1152)
    at com.waveset.repository.RelationalDataStore.addItem(RelationalDataStor
    e.java:1638)
    at com.waveset.repository.OracleDataStore.addItem(OracleDataStore.java:1
    495)
    at com.waveset.repository.RelationalDataStore$Item.add(RelationalDataSto
    re.java:461)
    at com.waveset.repository.AbstractDataStore.addItems(AbstractDataStore.j
    ava:7703)
    at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:3
    009)
    at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:2
    409)
    at com.waveset.repository.ServerRepository.add(ServerRepository.java:282
    3)
    at com.waveset.server.InternalSession.checkinObject(InternalSession.java
    :697)
    at com.sun.idm.logging.audit.RepoPublisher.writeRecord(RepoPublisher.jav
    a:126)
    at com.sun.idm.logging.audit.RepoPublisher.publish(RepoPublisher.java:81
    at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
    isher.java:79)
    at java.lang.Thread.run(Thread.java:595)
    Caused by: java.rmi.MarshalException: failed to marshal setBlob(ILjava.sql.Blob;
    ); nested exception is:
    java.io.NotSerializableException: oracle.sql.BLOB
    at weblogic.rjvm.BasicOutboundRequest.marshalArgs(BasicOutboundRequest.j
    ava:91)
    at weblogic.rmi.internal.BasicRemoteRef.invoke(BasicRemoteRef.java:222)
    ... 18 more
    Caused by: java.io.NotSerializableException: oracle.sql.BLOB
    at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1081)
    at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:302)
    at weblogic.rjvm.MsgAbbrevOutputStream.writeObject(MsgAbbrevOutputStream
    .java:614)
    at weblogic.rjvm.MsgAbbrevOutputStream.writeObjectWL(MsgAbbrevOutputStre
    am.java:603)
    at weblogic.rmi.internal.ObjectIO.writeObject(ObjectIO.java:38)
    at weblogic.rjvm.BasicOutboundRequest.marshalArgs(BasicOutboundRequest.j
    ava:87)
    ... 19 more
    ------------------------<End Cause>------------------------
    -----------------------<Start Cause>-----------------------
    ==> com.waveset.util.InternalError:
    ==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    com.sun.idm.logging.LoggingException:
    ==> com.waveset.util.InternalError:
    ==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    at com.sun.idm.logging.RepositoryLogWriter.handleError(RepositoryLogWrit
    er.java:141)
    at com.sun.idm.logging.RepositoryLogWriter.publish(RepositoryLogWriter.j
    ava:83)
    at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
    isher.java:79)
    at java.lang.Thread.run(Thread.java:595)
    Wrapped exception:
    com.waveset.util.InternalError:
    ==> weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    at com.waveset.repository.RelationalDataStore.addItem(RelationalDataStor
    e.java:1653)
    at com.waveset.repository.OracleDataStore.addItem(OracleDataStore.java:1
    495)
    at com.waveset.repository.RelationalDataStore$Item.add(RelationalDataSto
    re.java:461)
    at com.waveset.repository.AbstractDataStore.addItems(AbstractDataStore.j
    ava:7703)
    at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:3
    009)
    at com.waveset.repository.AbstractDataStore.add(AbstractDataStore.java:2
    409)
    at com.waveset.repository.ServerRepository.add(ServerRepository.java:282
    3)
    at com.waveset.server.InternalSession.checkinObject(InternalSession.java
    :697)
    at com.sun.idm.logging.RepositoryLogWriter.writeRecord(RepositoryLogWrit
    er.java:127)
    at com.sun.idm.logging.RepositoryLogWriter.publish(RepositoryLogWriter.j
    ava:80)
    at com.sun.idm.logging.AsynchronousPublisher$Writer.run(AsynchronousPubl
    isher.java:79)
    at java.lang.Thread.run(Thread.java:595)
    Wrapped exception:
    weblogic.rmi.extensions.RemoteRuntimeException: Unexpected Exception
    at weblogic.jdbc.rmi.internal.PreparedStatementImpl_weblogic_jdbc_wrappe
    r_PreparedStatement_oracle_jdbc_driver_T4CPreparedStatement_921_WLStub.setBlob(U
    nknown Source)
    at weblogic.jdbc.rmi.internal.PreparedStatementStub_weblogic_jdbc_rmi_in
    ternal_PreparedStatementImpl_weblogic_jdbc_wrapper_PreparedStatement_oracle_jdbc
    driverT4CPreparedStatement_921_WLStub.setBlob(Unknown Source) ......
    Anyone familiar with this?
    Thanks,
    Teena

    First of all, which version of WAS is this?
    Secondly, have you seen this: http://download.oracle.com/docs/cd/E19543-01/820-2956/AppC_Websphere_datasource_configuration.html#wp17404
    ==========
    # Point the repository to the new location. For example:
    lh -Djava.ext.dirs="$JAVA_HOME/jre/lib:$JAVA_HOME/jre/lib/ext: $WASHOME/lib:$WASHOME/:$WASHOME/runtimes" setRepo
    -Uusername
    -Ppassword
    -toracle -icom.ibm.websphere.naming.WsnInitialContextFactory -fDataSourcePath -n -o
    In the above example the DataSourcePath might be jdbc/jndiname. The -Djava.ext.dirs option adds all of the JAR files all of the JAR files in WebSphere's lib/ and java/jre/lib/ext/ directories to the CLASSPATH. This is necessary in order for the setRepo command to run normally.
    Change the -f option to match the value you specified for the JNDI Name field when configuring the data source. See setRepo Reference for more information about this command.
    java.ext.dirs is what's critical and if you follow the instructions on the above page it will work.
    "runtimes" will have the naming .jar , namingclient.jar... and others needed.
    ==========
    After reading that document and trying the steps, if it still doesn't work please let us know exactly what you did, step by step, along with the error you're seeing.
    Good luck.

  • Questions on Reflexive Access Lists

    Hi Sir,
    I'm trying to protect a server farm using reflexive access lists. I also would like any hosts to originate connections to the servers on TCP ports 23 (telnet) and 25 (smtp).
    The config on the core router is as follows:
    int Vlan10
    description *** Server Farm ***
    ip address 172.16.10.1 255.255.255.0
    ip access-group inboundfilters in
    ip access-group outboundfilters out
    int Vlan20
    description *** Marketing Department ***
    ip address 172.16.20.1 255.255.255.0
    int Vlan30
    description *** Engineering Department ***
    ip address 172.16.30.1 255.255.255.0
    ip access-list extended outboundfilters
    permit tcp any any eq telnet
    permit tcp any any eq smtp
    evaluate iptraffic
    ip access-list extended inboundfilters
    permit ip any any reflect iptraffic
    My questions:
    (1) I yet to test the above config on an actual router. However, is it correct theoretically?
    (2) If I were to allow outside hosts to initiate connections to the servers on more protocols/ports, I would be adding more normal "permit" statements in the outboundfilters ACL before the "evaluate" statement. Wouldn't this become very static-based, as far as security is concerned?
    (3) If you have other better feature options that meet my requirements, please do recommend.
    Please advise.
    Thank you.
    B.Rgds,
    Lim TS

    Hi Lim,
    CBAC is good as well, considering the following features:
    1. Traffic Filtering:
    - filters TCP and UDP packets based on application-layer protocol session information.
    - permit specified TCP and UDP traffic through a firewall when the connection is initiated from inside protected network, or outside network.
    2. Traffic Inspection
    - discover and manage state information for TCP and UDP sessions which is used to create temporary openings in the firewall's access lists to allow return traffic and additional data connections for permissible sessions.
    - Protect against DoS attack by checking/verifying sequence no (must be within the expected range) and discard unknown packets. Same goes to attack via fragmented IP.
    3. Alerts and Audit Trails
    - can send real-time alerts and audit trails to syslog server (or buffer log)
    4. Intrusion Detection
    - Embedded with 59 well-known IDS signatures. Similar to IDS features in PIX.
    Limitations:
    1. Only protect protocol you specify. The rest will depend on ACL you have in the router but not up to session layer.
    2. No protection for attacks originating from internal network, unless if you have firewall (pix/asa/ios-firewall) protection.
    3. Only protect certain type of well-known attacks only - based on 59 embedded IDS signatures
    For spoofing protection, i.e spoof attack from outside/common user segment, maybe you should apply RFC2827 (prevent IP on protected segment from coming back into that segment from outside). Make sure your ACL has the 'establish' keyword as well. As recommended by Cisco, you should apply multiple layer of security protection both on your router and other devices connected to it.
    Cheers!

  • DBA Opinion on Audit Logs in Oracle Database

    As the title suggests - what are your initial reaction when your auditors come to you and say "why arent audit logs turned on table a, b, c, d.....z, a1 etc".
    Scenario - say the auditor is interested in audit logs and settings as the Database houses PII and bank account data....
    The common response from the DBA from what I have seen is "do you realise how much this will cost and what impact it will have on performance" (waving your fists).
    So please tell me as a profressional Oracle DBA:
    What financial (broke down in detail if poss) considerations need to be made when deploying an audit policy to a database housign sensitive data.
    What technical (broke down in detail if poss) considerations need to be made when deploying an audit policy to a database housign sensitive data.
    I look forward to your replies.

    Many, many things to consider.
    It will be generally not practical to audit everything down to excruciating detail (as usually requested by well-meaning but technically challenged auditors) without causing significant overhead. Having said that it will be equally irresponsible not to setup auditing on a database that will be used for production. So every DBA needs to find a happy medium that is acceptable to the management, users, auditors, plus compliance with industry/state/federal regulations, etc.
    If you wish to use Fine-grained Auditing (FGA), it requires an Enterprise Edition license.
    If you need a crash course, Rampant publishes a book that addresses Oracle Auditing:
    Oracle Privacy Security Auditing

  • Oracle auditing using syslogs

    Hello all....I am working on setting up the auditing to write to syslogs. I am having trouble understanding what to use for the facility and level. Can anyone point me in the right direction as to what these facilities and levels mean?
    TIA

    i believe those terms are related to syslog which is used on nix systems. if you are using nix then you should check the man page on syslog.conf.
    as the docs state, the facility indicates where the message is coming from (such as the kernel, cron, local0 - local 7), and there's the level, which indicates how urgent the message is (info, warning, critical...).
    i say this with never actually having used it though...
    if you're using windows, well, .... i can't say.

Maybe you are looking for

  • DATABASE LOGON SCREEN

    Whenever I run the test report and don;t fill in the USERID parameter before I click SUBMIT, the database logon screen appears prompting me to enter the db info..but when I enter the info and click SUBMIT, the same screen keeps reappearing with the f

  • First_value in Oracle olap based on non - time dimension

    Hi Experts, I am trying to figure out to do first_value kind of calculation in Oracle OLAP. Here is the requirement - Fact table - cust_id valid_flag balance 1 y 1000 1 y 1500 2 N 0 2 y 2000 2 y 2500 If valid_flag ='N' and balance =0, then set balanc

  • Script logic in default logic

    Hello How to include script logic in default logic?

  • Seemingly random 8-bit audio files

    We're running into several instances of files apparently changing from 16 to 8 bit. We can work on a project with 16 and 24 bit files without any issues. Then, occasionally, when reopening the same project, several files from a project become unplaya

  • Problem With XML and DataGrid)

    Hi, I do have a question how to get my XML data in the appropriate way into my DataGrid. I wrote a labelFunction to get the data into the grid but I still have the problem that the length of the DataGrid depends on the dataProvider and I can't find a