DBA Opinion on Audit Logs in Oracle Database

Similar Messages

• DBA Cockpit: Planning calendar and remote Oracle databases- which method?

  For using DBA Planning Calendar to schedule BR*Tools for remote Oracle database AS Java systems I have successfully implemented both the Secure Shell and SAP gateway methods in [Note 1025707 - DBA Cockpit: Planning calendar and remote Oracle databases|https://service.sap.com/sap/support/notes/1025707] and was interested in which of these two methods others have found to be more supportable and maintainable?
  In more detail, the note has these two methods for non-ABAP remote systems:
  2. Connection through Remote/Secure Shell
  Specifically Secure Shell. Rejecting remote shell as too old and insecure a protocol.
  3 Connection through SAP gateway
  The note provides clues as to how these methods work. Expanding on that:
  With #2, central ABAP system calls out to its OS user level to execute the ssh client (after gw/rem_start has been set to the non-default value SSH_SHELL) which it finds in the location specified in gw/ssh (default value is /usr/bin/ssh). It must use password-less authentication and the key-based authentication must also not require a passphrase. (Using ssh-agent is not an option since this is being called from SAP, not from your own script.)
  It remotely runs via ssh a command, sapxpg, which must be found in the PATH of the remote user. (This is why the note, which has you place this exe sapxpg and a subset of the BR*Tools in the home dir of the remote user, also has you make sure the home dir is included in the path--your OS might or might not include the user's home dir in the path in the default shell environment for a new user.)
  Then via sapxpg, the BR*Tools are invoked.
  One thing that may be confusing here is you have to check at least one gateway parameter 'gw/...' in the central system to get the method #2 the non-gateway method to work--this is because the two methods are technically almost the same: in #2, secure shell is used to basically start a gateway on the fly with sapxpg in order to call the BR*Tools each time a DBA Planning Calendar action runs or you view DBA or Backup logs of the remote system from the central system. With #3, the gateway runs continuously on the remote system.
  With #3, central system connects to remote SAP standalone gateway, which executes the BR*Tools installed in the standard SAP kernel directory of the SAP gateway. This method is simpler to describe so it sounds like it has less components than the secure shell method, however you do have an entire SAP system running, although it is just a standalone gateway.
  Thoughts:
  These pros/cons are UNIX/Linux-oriented since I assume most Windows environments do not have added 3rd-party products that provide secure shell so SAP gateway is the only method.
  Secure shell
  + Less software required (not counting secure shell which comes with the operating system distribution): just a few SAP executables placed in the home dir of an ordinary user on the remote system.
  + Secure shell service probably automatically starts upon boot of the remote system operating system.
  + Secure shell is a widely used tool outside of SAP for executing commands remotely without passwords.
  - Installation is non-standard: shell environment of remote user is not adapted by SAP installer since SAP installer is not used, SAP executables in the home dir of the remote user is non-standard. Has to be setup manually.
  - Requires setting up secure shell key-based authentication, which should be known by UNIX/Linux admins or combined Basis/UNIX/Linux admins, but might be less familiar to SAP Web AS only admins.
  - If your admin config policy is to have SAP interact as little possible with the OS level for interfaces with other systems, here you are relying on the OS-level secure shell.
  - Using a private key that does not require a passphrase on the central system may not fit with your security policies if you have standards for secure shell configuration.
  SAP gateway
  + The gateway is a standard installation, performed with SAP installation tool, with the exception of a few additional environment settings that have to be added after the installation. BR*Tools are installed in the standard location. Can use standard procedures for updating this software.
  + Only uses SAP software.
  - More software on remote system: standalone gateway just to run BR*Tools and view logs.
  - SAP Kernel of remote gateway should probably be updated whenever you do SAP kernel updates across your systems for consistency. One more system to update.
  - Shell environment of remote user that runs the gateway looks like something setup by the SAP installer but is not standard because it has a few additional environment variables added.
  - Need to make sure the SAP gateway is started on the remote system.

  Hi Joe,
  I configured a monitoring/dba landscape for two SAP Portals and one SAP BusinessObjects system on a SAP landscape by using DBACOCKPIT, at a customer site. These systems are running on AIX, Windows 2003/2008 servers and attached to the central monitoring system with standalone SAP gateway installations.
  One another reason to not use OS based commands or 3rd party tools is security. We are stopping and disabling most of the services on OS where SAP system is running on, because of the security reasons. I faced more security gaps on rsh/ssh and the other tools than standalone SAP Gateway installations. As you can figure out that rsh/ssh is getting more attack than standalone SAP Gateway, because of well known by the IT world.
  As a summary of it, this depends to point of view and policy of the IT organization. I applied both ssh and standalone SAP Gateway solutions at my customers, but I choose standalone SAP Gateway installation among of them.
  Best regards,
  Orkun Gedik

• Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  Can i  use Oracle Database Audit Vault and Oracle Database Firewall on Solaris?

  4195bee8-4db0-4799-a674-18f89aa500cb wrote:
  i dont have access to My Oracle Support can u send text or html of document please?
  Moderator Action:
  No they cannot send you a document that is available only to those with access to MOS.
  That would violate the conditions of having such service contract credentials.
  Asking someone to violate such privileges is a serious offense and could get that other person's organization banned from all support and all their support contracts cancelled.
  Your post is locked.
  Your duplicate post that you placed into the Audit Vault forum space has been removed (it had no responses).
  This thread which you had placed in the Solaris 10 forum space is moved to the Audit Vault forum space.
  That's the proper location for Audit Vault questions.

• Connection pooling and auditing on an oracle database

  Integration of a weblogic application with an oracle backend,
  Connection pooling, and auditing ,2 conflicting requirements ?
  Problem statement :
  We are in the process of maintaining a legacy client server application where
  the client is
  written in PowerBuilder and the backend is using an Oracle database.
  Almost all business logic is implemented in stored procedures on the database.
  When working in client/server mode ,1 PowerBuilder User has a one-to-one relation
  with
  a connection(session) on the oracle database.
  It is a requirement that the database administrator must see the real user connected
  to the database
  and NOT some kind of superuser, therefore in the PowerBuilder app each user connects
  to the database
  with his own username.(Each user is configured on the database via a seperate
  powerbuilder security app).
  For the PowerBuilder app all is fine and this app can maintain conversional state(setting
  and
  reading of global variables in oracle packages).
  The management is pushing for web-based application where we will be using bea
  weblogic appserver(J2EE based).
  We have build an business app which is web-based and accessing the same oracle
  backend app as
  the PowerBuilder app is doing.
  The first version of this web-based app is using a custom build connector(based
  on JCA standard and
  derived from a template provided by the weblogic integration installation).
  This custom build connector is essentially a combination of a custom realm in
  weblogic terms
  and a degraded connection pool , where each web session(browser) has a one-to-one
  relation
  with the back end database.
  The reason that this custom connector is combining the security functionality
  and the pooling
  functionality , is because each user must be authenticated against the oracle
  database(security requirement)
  and NOT against a LDAP server, and we are using a statefull backend(oracle packages)
  which would make it
  difficult to reuse connections.
  A problem that surfaced while doing heavy loadtesting with the custom connector,
  is that sometimes connections are closed and new ones made in the midst of a transaction.
  If you imagine a scenario where a session bean creates a business entity ,and
  the session bean
  calls 1 entity bean for the header and 1 entity bean for the detail, then the
  header and detail
  must be created in the same transaction AND with the same connection(there is
  a parent-child relationship
  between header and detail enforced on the back end database via Primary and Foreing
  Keys).
  We have not yet found why weblogic is closing the connection!
  A second problem that we are experincing with the custom connector, is the use
  of CMP(container managed persistence)
  within entity beans.
  The J2EE developers state that the use of CMP decreases the develoment time and
  thus also maintenance costs.
  We have not yet found a way to integrate a custom connector with the CMP persistence
  scheme !
  In order to solve our loadtesting and CMP persistence problems i was asked to
  come up with a solution
  which should not use a custom connector,but use standard connection pools from
  weblogic.
  To resolve the authentication problem on weblogic i could make a custom realm
  which connects to the
  backend database with the username and password, and if the connection is ok ,
  i could consider this
  user as authenticated in weblogic.
  That still leaves me with the problem of auditing and pooling.
  If i were to use a standard connection pool,then all transaction made in the oracle
  database
  would be done by a pool user or super user, a solution which will be rejected
  by our local security officer,
  because you can not see which real user made a transaction in the database.
  I could still use the connection pool and in the application , advise the application
  developers
  to set an oracle package variable with the real user, then on arrival of the request
  in the database,
  the logic could use this package variable to set the transaction user.
  There are still problems with this approach :
  - The administrator of the database can still not see who is connected , he will
  only see the superuser connection.
  - This scheme can not be used when you want to use CMP persistence , since it
  is weblogic who will generate the code
  to access the database.
  I thought i had a solution when oracle provided us with a connection pool known
  as OracleOCIConnectionPool
  where there is a connection made by a superuser, but where sessions are multiplexed
  over this physical pipe with the real user.
  I can not seem to properly integrate this OCI connectionpool into weblogic.
  When using this pool , and we are coming into a bean (session or entity bean)
  weblogic is wrapping
  this pool with it's own internal Datasource and giving me back a connection of
  the superuser, but not one for the real user,
  thus setting me with my back to the wall again.
  I would appreciate if anyone had experienced the same problem to share a possible
  solution with us
  in order to satisfy all requirements(security,auditing,CMP).
  Many Thanks
  Blyau Gino
  [email protected]

  Hi Blyau,
  As Joe has already provided some technical advice,
  I'll try to say something on engineering process level.
  While migrating an application from one technology to
  other, like client-server to n-tier in you case, customers and
  stakeholders want to push into the new system as many old
  requirements as possible. This approach is AKA "we must
  have ALL of the features of the old system". Mostly it happens
  because they don't know what they want. Ad little understanding
  of abilities of the new technology, and you will get a requirement
  like the one you have in you hands.
  I think "DBA must see real user" is one of those. For this
  type of requirements it can make sense to try to drop it,
  or to understand its nature and suggest alternatives. In this
  particular case it can be a system that logs user names,
  login and logout times.
  Blind copying of old features into an incompatible new architecture
  may endanger the whole project and can result in its failure.
  Hope this helps.
  Regards,
  Slava Imeshev
  "Blyau Gino" <[email protected]> wrote in message
  news:[email protected]...
  >
  Integration of a weblogic application with an oracle backend,
  Connection pooling, and auditing ,2 conflicting requirements ?
  Problem statement :
  We are in the process of maintaining a legacy client server applicationwhere
  the client is
  written in PowerBuilder and the backend is using an Oracle database.
  Almost all business logic is implemented in stored procedures on thedatabase.
  When working in client/server mode ,1 PowerBuilder User has a one-to-onerelation
  with
  a connection(session) on the oracle database.
  It is a requirement that the database administrator must see the real userconnected
  to the database
  and NOT some kind of superuser, therefore in the PowerBuilder app eachuser connects
  to the database
  with his own username.(Each user is configured on the database via aseperate
  powerbuilder security app).
  For the PowerBuilder app all is fine and this app can maintainconversional state(setting
  and
  reading of global variables in oracle packages).
  The management is pushing for web-based application where we will be usingbea
  weblogic appserver(J2EE based).
  We have build an business app which is web-based and accessing the sameoracle
  backend app as
  the PowerBuilder app is doing.
  The first version of this web-based app is using a custom buildconnector(based
  on JCA standard and
  derived from a template provided by the weblogic integrationinstallation).
  This custom build connector is essentially a combination of a custom realmin
  weblogic terms
  and a degraded connection pool , where each web session(browser) has aone-to-one
  relation
  with the back end database.
  The reason that this custom connector is combining the securityfunctionality
  and the pooling
  functionality , is because each user must be authenticated against theoracle
  database(security requirement)
  and NOT against a LDAP server, and we are using a statefull backend(oraclepackages)
  which would make it
  difficult to reuse connections.
  A problem that surfaced while doing heavy loadtesting with the customconnector,
  >
  is that sometimes connections are closed and new ones made in the midst ofa transaction.
  If you imagine a scenario where a session bean creates a business entity,and
  the session bean
  calls 1 entity bean for the header and 1 entity bean for the detail, thenthe
  header and detail
  must be created in the same transaction AND with the same connection(thereis
  a parent-child relationship
  between header and detail enforced on the back end database via Primaryand Foreing
  Keys).
  We have not yet found why weblogic is closing the connection!
  A second problem that we are experincing with the custom connector, is theuse
  of CMP(container managed persistence)
  within entity beans.
  The J2EE developers state that the use of CMP decreases the develomenttime and
  thus also maintenance costs.
  We have not yet found a way to integrate a custom connector with the CMPpersistence
  scheme !
  In order to solve our loadtesting and CMP persistence problems i was askedto
  come up with a solution
  which should not use a custom connector,but use standard connection poolsfrom
  weblogic.
  To resolve the authentication problem on weblogic i could make a customrealm
  which connects to the
  backend database with the username and password, and if the connection isok ,
  i could consider this
  user as authenticated in weblogic.
  That still leaves me with the problem of auditing and pooling.
  If i were to use a standard connection pool,then all transaction made inthe oracle
  database
  would be done by a pool user or super user, a solution which will berejected
  by our local security officer,
  because you can not see which real user made a transaction in thedatabase.
  I could still use the connection pool and in the application , advise theapplication
  developers
  to set an oracle package variable with the real user, then on arrival ofthe request
  in the database,
  the logic could use this package variable to set the transaction user.
  There are still problems with this approach :
  - The administrator of the database can still not see who is connected ,he will
  only see the superuser connection.
  - This scheme can not be used when you want to use CMP persistence , sinceit
  is weblogic who will generate the code
  to access the database.
  I thought i had a solution when oracle provided us with a connection poolknown
  as OracleOCIConnectionPool
  where there is a connection made by a superuser, but where sessions aremultiplexed
  over this physical pipe with the real user.
  I can not seem to properly integrate this OCI connectionpool intoweblogic.
  When using this pool , and we are coming into a bean (session or entitybean)
  weblogic is wrapping
  this pool with it's own internal Datasource and giving me back aconnection of
  the superuser, but not one for the real user,
  thus setting me with my back to the wall again.
  I would appreciate if anyone had experienced the same problem to share apossible
  solution with us
  in order to satisfy all requirements(security,auditing,CMP).
  Many Thanks
  Blyau Gino
  [email protected]

• How can I enable trace log in Oracle Database 10g ( in RedHat Linux)

  Dear Forums Members,
  Could u plz drop a message about how can I enable $Oracle_Home/network/trace
  in Oracle Database 10g (Operating system is RedHat Linux Advanced Server 3).
  I will very greatful if someone reply my message.
  Thanks
  Aungshu

  To enable Tracing for a session Level.
  ALTER SESSION SET TRACEFILE_IDENTIFIER = 'my_trace_id';
  Enable the SQL Trace facility for the session by using one of the following:
  SQL> Exec DBMS_SESSION.SET_SQL_TRACE
  or
  SQL> ALTER SESSION SET SQL_TRACE = TRUE;
  To disable the SQL Trace facility for the session, enter:
  ALTER SESSION SET SQL_TRACE = FALSE;
  To enable Tracing for a database level.
  Edit init parameter SQL_TRACE = TRUE.
  Its not recomended because running the SQL Trace facility increases system overhead, enable it only when tuning SQL statements, and disable it when you are finished

• The format of Audit log file

  We have a perl script to extract data from Audit log files(Oracle Database 10g Release 10.2.0.1.0) which have format as bellow.
  Audit file /u03/oracle/admin/NIKKOU/adump/ora_5037.aud
  Oracle Database 10g Release 10.2.0.1.0 - Production
  ORACLE_HOME = /u01/app/oracle/product/10.2.0
  System name:     Linux
  Node name:     TOYDBSV01
  Release:     2.6.9-34.ELsmp
  Version:     #1 SMP Fri Feb 24 16:54:53 EST 2006
  Machine:     i686
  Instance name: NIKKOU
  Redo thread mounted by this instance: 1
  Oracle process number: 22
  Unix process pid: 5037, image: oracleNIKKOU@TOYDBSV01
  Sun Jul 27 03:06:34 2008
  ACTION : 'CONNECT'
  DATABASE USER: 'sys'
  PRIVILEGE : SYSDBA
  CLIENT USER: oracle
  CLIENT TERMINAL:
  STATUS: 0
  After we update the db from Release 10.2.0.1.0 to Release 10.2.0.4.0, the format of Audit log file had been changed to something likes below.
  Audit file /u03/oracle/admin/NIKKOU/adump/ora_1897.aud
  Oracle Database 10g Release 10.2.0.4.0 - Production
  ORACLE_HOME = /u01/app/oracle/product/10.2.0
  System name:     Linux
  Node name:     TOYDBSV01
  Release:     2.6.9-34.ELsmp
  Version:     #1 SMP Fri Feb 24 16:54:53 EST 2006
  Machine:     i686
  Instance name: NIKKOU
  Redo thread mounted by this instance: 1
  Oracle process number: 21
  Unix process pid: 1897, image: oracle@TOYDBSV01
  Tue Oct 14 10:30:29 2008
  LENGTH : '135'
  ACTION :[7] 'CONNECT'
  DATABASE USER:[3] 'SYS'
  PRIVILEGE :[6] 'SYSDBA'
  CLIENT USER:[0] ''
  CLIENT TERMINAL:[7] 'unknown'
  STATUS:[1] '0'
  Because we have to rewrite the perl script, could anyone tell us where we can find the manual to describe the format of the Audit log file.

  Oracle publishes views of the audit trail data. You can find a list of the views for the 11.1 database here:
  http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#BCGIICFE
  The audit trail does not really change between patchsets as that would constitute underlying structure changes and right now, the developers are not allowed to change the underlying structure of tables in patchsets. But, we can change what may be displayed in a column from patchset to patchset. For example, we are getting ready to update the comment$text field to display more information like dblinks and program names.
  I personally don't like overloading the comment$text field like that, but sometimes when you need the information, that is the only choice except to wait for the next major release :)
  As for the output of the audit log files, those can change between patchsets because of bugs that were found and some changes to support Audit Vault. My apologies out there for anyone that is reading the audit files written to the OS directly, I would recommend using the views.
  Hope that helps. Tammy

• Audit Logs

  Hi,
  May i know more about Audit logs in oracle.
  Thanks
  Bobby

  Hi,
  I am using database version is 9.2.0.3. When I check these 2 audit views (dba_stmt_audit_opts & dba_priv_audit_opts), I haven't got what was change by the user "APPS".
  For example, what data has been changed by user APPS.
  Where can I have this info?
  SQL> show parameter audit
  NAME TYPE VALUE
  audit_file_dest string ?/rdbms/audit
  audit_sys_operations boolean FALSE
  audit_trail string NONE
  transaction_auditing boolean TRUE
  Thanks.
  Edited by: user12239027 on Jul 1, 2010 8:10 PM

• Sqlplus audit log username

  We have a restriction on access to the applmgr and oracle accounts.  Users must first logon as themselves and then SU (yes this is UNIX) to
  the oracle or applmgr account.
  Once the user SU's to oracle and runs sqlplus, the AUDIT log shows oracle as the user, not the real logged on user.
  On the OS side, while as oracle user, if I run "who am i", I get the original OS user account name, not "oracle".
  How do I force sqlplus to record the real user and not the oracle account in the AUDIT log?
  -=user8699678

  Sorry to say so, but this is a really BAD BAD policy. End-users should NEVER su to the oracle account.
  The oracle account is allowed to do everything, including destroying the database and removing files.
  This policy needs to be stopped IMMEDIATELY,
  Sybrand Bakker
  Senior Oracle DBA

• Query Regarding Oracle Database Client

  Hello,
  I'm new to ORACLE and Intented to become Oracle Developer and DBA. I've question regarding Oracle Database Client software.
  I know that there is Oracle Database server software but what is this Oracle Database Client. Is there any need to Install it on client machine as client mostly access the database use application software mainly develope in Java or C# etc. So, what is it need.
  and one more question regarding SQL *Plus. Is it client process or server process as I learnent that it is client process and if it is. Is it can be part of Oracle Database Client. and can we seperately install the Oracle Database Client on machine on which DB server is aslo Installed.
  Looking for reply.
  Regards,
  Danish Kamran

  Certainly you are not mentioning the Oracle version, it is very important. Whenever you post a question reference the oracle version. There is a disk known as the oracle Client (10gR1, 10gR2 and 11gR1), this disk contains all required software to setup a client environment. If you are working with clients such as Java or C# you must have either the jdcb client driver (Jjava) or the ODBC software to access the database, this is included in the Oracle client disk.
  Instant Client
  There are other options for the client, you can install the instant client, this option allows you to install only the drivers without the Oracle utilities, this is particular useful if you are deploying third party applications and you don't want to install the complete client disk.
  SQLPlus
  SQL*Plus is a client application that runs on the client side, when you open a session it requests an Oracle server process to be executed on the server side. Once the session has been successfully setup then you can issue SQL commands from the client side. You should be aware that even if you launch SQL*Plus from the server side you will be working with two processes, one for the client and the second one for the oracle server. This connection mode is also known as dedicated server, but you should be aware that there is another connection mode known as shared server, I won't explain it since it already goes off topic.
  ~ Madrid
  http://hrivera99.blogspot.com

• Oracle Database Control

  How and where (which menu) can I log into Oracle Database Control (AKA DB Control)?

  C:\>set oracle_sid=db02
  C:\>emctl status dbconsole
  Oracle Enterprise Manager 10g Database Control Release 10.1.0.2.0
  Copyright (c) 1996, 2004 Oracle Corporation.  All rights reserved.
  http://ALwarid-Taj.fakhruddin.local:5501/em/console/aboutApplicationOracle Enterprise Manager 10g is running.
  Logs are generated in directory D:\oracle\product\10.1.0\Db_1/ALwarid-Taj.fakhru
  ddin.local_db02/sysman/logIf enterprise manager 10g. services is stop then
  cmd>emctl start dbconsole

• Tracking oracle database activities in security/system logs of windows server

  Can database activity like create or drop tables and packages be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?
  Can purging of oracle log, n case the file has become big or even tempered be tracked in the security/system logs of windows 2003 server for the oracle database 10.2.0.4?
  dhomya

  Hi Dhomya,
  I am not familiar with Oracle database, though you may try to enable file system auditing:
  Audit object access
  https://technet.microsoft.com/en-us/library/cc776774(v=ws.10).aspx
  Apply or modify auditing policy settings for an object using Group Policy
  https://technet.microsoft.com/en-us/library/cc757864(v=ws.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Oracle Database Vault vs Audit Vault and database firewall

  Hi All,
  I would like to know the main difference between Oracle Database Vault and Oracle Audit Vault and Database firewall.
  I have read all the white papers and documents on them both and find them very similar in work process.
  Only difference I see in the pricing.
  I feel Oracle audit Vault can do all the work of Database Vault with added feature of proactive session monitoring.
  If someone can help me based on their knowledge and experience it would be appreciated.
  Thank you.

  I have read the white papers of both Database Vault and Audit Vault
  According to database Vault sessions can be managed using various roles created as per business requirements.
  Audit vault offers same thing in terms of a firewall which manages and restrictions based on roles created .
  From the white papers:
  DATABAES VAULT:
  Oracle Database Vault restricts access to specific areas in an Oracle database from any user, including users who have administrative access.
  This enables you to apply fine_grained access control to your sensitive data in a variety of ways.
  Oracle Database Vault enables you to create the following components to manage security for your database:
  Realms
  Command Rules
  Factors
  Rule Sets.
  DATABAE AUDIT AND FIREWALL:
  Oracle Audit Vault and database Firewall consolidates database activity monitoring events and audit logs. Policies enforce expected application behaviour, helping preventing SQL injection, application bypass, and other malicious activities from reaching the database while also monitoring and auditing privileged users and other activities inside the database.
  To me these sound very similar of doing same work.
  My apologies as I am unable to paste the whole text here and I cannot type full documents here 

• Java DB like logging via oracle auditing?

  Please help me, i'm new to oracle and don't know how to achive my goal.
  In derby my log files presents me all the information i need for researching purposes.
  The same can be achived via auditing in oracle i guess.
  So my starting point is:
  I activated an audit as follows:
  AUDIT UPDATE,LOCK,SELECT on app.accouts by access;
  Here is a log of my audit session:
  I can't see the SQL_BIND information for example, can i activate it?
  SQL> select action_name,extended_timestamp,returncode from dba_audit_trail order by extended_timestamp;
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  SELECT
  23.05.08 08:44:10,734000 -07:00
  0
  SELECT
  23.05.08 08:58:27,453000 -07:00
  0
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  UPDATE
  23.05.08 08:58:28,562000 -07:00
  0
  SELECT
  23.05.08 08:58:28,968000 -07:00
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  0
  UPDATE
  23.05.08 08:58:29,140000 -07:00
  0
  UPDATE
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  23.05.08 08:58:29,234000 -07:00
  0
  6 Zeilen ausgewählt.
  SQL> spool off
  Here is the compareable derby log:
  4397482349590219485{1}), Executing prepared statement: UPDATE ACCOUNTS SET MONEY = ? WHERE (ID = ?) :End prepared statement with 2 parameters begin parameter #1: 2500 :end parameter begin parameter #2: 1 :end parameter
  2008-05-23 16:32:51.953 GMT Thread[DRDAConnThread_2,5,main] (XID = 3865), (SESSIONID = 0), (DATABASE = testDB), (DRDAID = NF000001.G4B9-4397482349590219485{1}), Committing
  What i'm missing in my oracle audit is, what SQL statement is actually used and what parameters are binded to them.
  Also i need to know if the SQL statement was successfull or failed and if the statement failed, why has it failed?
  Please help me :-)
  Kind regards
  Basti

  For Oracle database auditing, you need to set the audit_trail parameter to either db, extended to write the audit trail to aud$ table in the database or xml, extended to write your audit trail to an OS file in XML format.
  the 'extended' tells Oracle to collect the sql_text and bind variables in the standard audit trail.
  If you use FGA (fine grained auditing), the sql text is automatically included in the audit trail.
  Thanks.

• Configuring auditing with Oracle database

  we created auditing tables in Oracle and enabled auditing. According to our naming stardarts it gave names to the tables as follow: schema owner.table name (like BOE.AUDIT_EVENT). When we check in CMC it sais that auditing datasource is not configured correctly. Do we need to make any changes the way database tables are named? What other possiblle reasons could cause bad connection between database and BO (we verified in other tools that user account we are using in setting up connection can read auditing tables)?
  Thanks
  Vita

  Are you sure you used an oracle account with sufficient rights on the database level?
  Do you connect via "Oracle Names Service" or TNSNAMES entries?
  Since the database tables seem to be created properly(?), I guess there must be another problem., You could enable tracing at the oracle client level (see SQLNET.ORA entries) and maybe find something there.
  You can also enable tracing at the BO server levels, by starting up the BO servers in trace mode and look at the log files...
  hth,
  Walter

• Oracle Database Session events auditing

  Hi,
  I've have a unique audit requirement for which I want to design the solution. Kindly help me in this.
  What I want to do is that whenever the user create a session, say through scott schema and perform whatever in this session,
  it should be logged in the audit table. What I know about features that Oracle database provide for auditing like Mendatory.standard, value
  and fined grain auditing does not fullfill exect the about requirement.
  Like I can audit the user machine from which It login to database and other info through after log on trigger, but how can I log the information
  what he did after login like performing specific actions.
  Regards,
  Kamran

  What version of Oracle? Oracle supports over 200 auditing events, so basically if there is a system privilege you can audit it. If there is an object owned in a schema, you can audit access or attempts to modify it.
  Check out the 11g docs for auditing (or your relevant version) http://docs.oracle.com/cd/E11882_01/network.112/e16543/auditing.htm#BCGIDBFI
  You are going to have a lot of design work to understand your system and what is acceptable accesses, acceptable privileges, etc. and what is not. For example, you probably don't want to audit successful selects against a table when the application primarily does selects. You may only want to see unsuccessful select attempts audited. And you don't want a trigger to does this work for you. You want to turn auditing on (audit_trail=DB_EXTENDED for example) and allow the Oracle kernel to handle populating the audit trail.