How to audit users who enabled traces?

Similar Messages

• [HELP] How to records user who use SQLPlus or SQL editor?

  Dear Gurus,
  Is onyone know how to record user who use SQLplus or any SQL editor?
  for instance...
  user1 using SQLplus on monday august 9.30.21 PM...and I have table which record this for audit user.
  Or..
  Can I block user who connect to oracle using SQLPlus?
  If anyone know how to do this..please inform me...
  Thanks and Regards
  Erie

  You can enable Auditing (AUDIT_TRAIL) and audit at the Session Level to record Logon and Log off of a required user. This can be enabled to be recorded in the audit table or operation system file. You can also audit user statements etc.
  For example, to enable auditing connect for user UGONIC
  SQL>audit connect by UGONIC;
  TO disable it
  SQL>noaudit connect by UGONIC;
  Check in the SQL Reference for the AUDIT statement and requirements.
  If you do not want the user to connect at all via SQL*Plus, you can use PRODUCT_USER_PROFILE to disable a users access to SQL*Plus or at the lower level, disable specified SQL*Plus and SQL commands for the user. You need to run the PUPBLD.SQL script as system user (if not run yet) and add records to it as required.
  Example: After running PUPBLD.SQL. This entry stops the user UGONIC from using the drop command at the backend in SQL*Plus.
  INSERT into product_user_profile (product,userid,attribute,char_value,date_value)
  values('SQL*Plus','UGONIC','DROP','DISABLED',NULL);
  Note that if a user is already connected by the profile entry, it is not activated on that session, but on subsequent logons. Again read the requied security documentations for this.
  For both auditing, you need to set the required database intialisation parameters and know where to get the audit records (in tables, views or OS file). For instance, when using tables, you maintain and query tables like audit$ to view the logs. When using OS type logging, it is recorded on the path specified in the AUDIT_FILE_DEST init parameter (In Windows, it is logged in the Windows Event and you can view it from the event viewer).

• How to find user who loaded the procs in DB

  Hi guys how to find user who loaded procs in database ..and the date...
  is there anyway..
  i tried to look at all_objects..but it didnot workout..
  thanks

  That is correct. You will only have audit rows for item that you are auditing. I am suggesting you audit all DDL in a production database since production jobs should not perform DDL with the probable exception of truncate. This will provide this type of information going forward. It will not help you answer the question of who created the procedure last week?
  Auditing is explained in the Security manual and the full comand syntax is available in the SQL manual.
  You can easily write a purge the audit data to remove data once it is no longer of interest based on the date the audit row was created.
  HTH -- Mark D Powell --

• How to find users who are running IE with different credentials ?

  How to find users who are running IE with different credentials ? 
  Is there any tool or a solution in the market will help or a i can use GPO or even Power Shell ?
  thnx & Regards ,,

  Hi Salman,
  Based on your description, we can use Windows Credential Manager to check this. Windows Credential Manager stores credentials, such as user names and passwords  that we use to log on to websites or other computers on a network.
  Regarding Credential Manager, the following article can be referred to for more information.
  Credential Manager
  http://windows.microsoft.com/en-in/windows7/what-is-credential-manager
  Manage passwords in Internet Explorer using Credential Manager
  http://www.thewindowsclub.com/manage-passwords-internet-explorer-10
  Please Note: Since the above website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
  Best regards,
  Frank Shen

• Audit users who try to login on the db

  Hi Team,
  The oracle database version is 11g and the OS is solaris sparc 64 bit.
  I am trying to find the users who try to login into the db user "FEED" which are unsuccessful , what is happeing is, the user put a wrong password , the account gets locked. So we need to find the users who are trying to login.
  please suggest a method.
  regards
  KK

  Hi;
  1. If you are looking for core db login issue you can check this search . Similar issue mention here many times before
  2. If your issue is related wiht EBS than pelase see:
  Re: Audit users
  after set
  - Login to "System Administrator" Responsibility
  - Navigate to Profile > System
  - Query "Sign-On:Audit Level"
  - Set "Sign-On:Audit Level" to FORM
  - Click on Save
  - Logoff then Login back
  - Navigate to Security > User > Monitor
  - Ctrl + F11 ?---=refresh
  Also see:
  How do you audit an Oracle Applications' user? [ID 395849.1]
  Auditing: How Do I Audit Responsibilities and Data? [ID 436316.1]
  Monitor Users Screen Displays Many Users Still Logged into Oracle Applications Even After They Have Logged Out [ID 143435.1]
  Regard
  Helios

• How to get users, who can use special T-code?

  Hi.
  I want to know users, who has authorization for FBV0.
  How can I get this information?
  Thank you in advance..

  Hi
  Use SUIM and find the users have this authorization.
  Here the first tab user--list of users with critical authorization select that and u can find the users list.
  Regards
  Bhaskar
  Edited by: bhaskar1818 on Jul 22, 2008 2:32 PM

• How to Audit Users

  How I can audit users? Is there any way. I want to see users activities user has performed.
  -- Amer

  I'm not very sure about the syntax but this is the command
  AUDIT SELECT TABLE BY user_name.
  There can be three type of Audits
  1. Privilege Audit - Audit on a privilege as given in the example above
  AUDIT privilege_name[,privilege_name] BY user_name
  2. Schema Object Audit - Audit specific statement on a specific schema object
  3. Statement Audit - Audit any statement on a schema object.
  <BLOCKQUOTE><font size="1" face="Verdana, Arial, Helvetica">quote:</font><HR>Originally posted by Mirza Amer Baig ([email protected]):
  How I can audit users? Is there any way. I want to see users activities user has performed.
  -- Amer<HR></BLOCKQUOTE>
  For more info. refer to the documentation ;-)
  Naveen

• How to audit user activities

  hi,
  suppose a user login using Oracle ID and Password and can do insert, delete, drop, create, alter.
  from upper management, changing the grant permission is not an option.
  how do audit an user activites, on 10gR2 or 11gR2?
  thanks.

  See the security guide:
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/auditing.htm#i1011984
  also the SQL reference:
  http://download.oracle.com/docs/cd/B19306_01/server.102/b14200/statements_4007.htm#i2059073
  You will probably arrive at something like
  AUDIT TABLE BY username; -- audits CREATE and DROP
  AUDIT ALTER TABLE BY username;
  AUDIT INSERT TABLE BY username;
  AUDIT UPDATE TABLE BY username;
  AUDIT DELETE TABLE BY username;
  etc.
  Read the material carefully, so you understand 'statement auditing' versus 'privilege auditing', etc. There are multiple, overlapping concepts here.
  Audit records such as these can be reviewed in SYS.DBA_AUDIT_TRAIL.

• How to find users who are inactive.

  Hi I want to find users who left the company. I ran program rsusr200 in se38 but not understanding which option will clearly give me the invalid users. Also i had a doubt. Does users with password deactivated that the user left the company.
  Thanks in Advance for your help

  The "password" field in this report will not necessarily show you users who have left the company. The password may be be "active" since this is a new user and they have not yet logged on. You would need to compare as well the field "Created On". I would use the last logon field as an indicator of who may have left - if someone has not logged on in 90 days, that could be an indicator.

• How to restrict users who can use a submit button.

  I have a submit button which I would like to limit the names of the users who can use it. Is there any way I can limit who can use it.
  Thanks

  Hi
  Use SUIM and find the users have this authorization.
  Here the first tab user--list of users with critical authorization select that and u can find the users list.
  Regards
  Bhaskar
  Edited by: bhaskar1818 on Jul 22, 2008 2:32 PM

• How to get users provisioned / enabled with all OIM Resources.

  Looking for help on java / sql query on how to get all the users in OIM (9102 BP 13) provisioned/enabled status only,
  with all OIM Resources available in System.
  Edited by: 907571 on Apr 18, 2012 4:12 AM

  select usr.usr_login, usr.usr_status, obj.obj_name, ost.ost_status, act.act_name
  from oiu, usr, ost, obj, usg, act
  where oiu.usr_key=usr.usr_key
  and oiu.ost_key=ost.ost_key
  and ost.obj_key=obj.obj_key
  and usr.act_key=act.act_key
  --and obj.obj_name in ('Resource Name')
  --and usr.usr_status = 'Active'
  and ost.ost_status in ('Enabled','Provisioned')
  -Kevin

• How to find user who released a PO

  Hi all,
  I need a table-field (if exists) to determine the user that has released a purchase order.
  I can find which release strategy and respective status, but not the users that has released it.
  Can any help?
  thanks in advance
  FT

  Hello
  OBJECTCLAS = 'EINKBELEG'

• How to Display applications that the user is enabled (java)

  Any idea?
  I read java api document but i can't find any soluction!
  Tanks for replay!

  I just see getApplication method but "Retrieves a list of all the deployed applications."
  My scenario is: I get user, end i want to discorver how application this user i enable to see.

• Deactivate users who are no longer exist in AD but were added into resource pool

  Hello forum members,
  does anyone know how to deactivate users who are no longer exist in AD , but were added into resource pool?
  I an trying to write some code that would update a custom value for each resource, but my code breaks whenever it encounters a resource that is not longer exists in AD. Any suggestions are appreciated.
    // Modify the resources, code was taken from http://msdn.microsoft.com/en-us/library/websvcresource.resource.updateresources(v=office.12).ASPX
                  foreach (SvcResource.ResourceDataSet.ResourcesRow resourceRow in resourceDs.Resources)
                      Console.WriteLine("Check out " + resourceRow.RES_NAME);
                      if (resourceRow.IsRES_CHECKOUTBYNull())
                          resourceSvc.CheckOutResources(new Guid[] { resourceRow.RES_UID });
                          checkedOut = true;
                      else
                          if (resourceRow.RES_CHECKOUTBY == me)
                              checkedOut = true;
                          else
                              checkedOut = false;
                              Console.WriteLine("\tCan't check out this resource, skip updating this one.");
                      if (checkedOut)
                          SvcResource.ResourceDataSet updateDs = resourceSvc.ReadResource(resourceRow.RES_UID);
                              if (resourceRow.RES_TYPE <= (int)PSLibrary.Resource.Type.INACTIVATED_OFFSET)
                                  updateDs.Resources[0].RES_CODE = "A" + rand.Next(1000, 9999);
                                  Console.WriteLine("Update RES_CODE to " + updateDs.Resources[0].RES_CODE);
                                  resourceSvc.UpdateResources(updateDs, false, false);
                                  Console.WriteLine("Check in " + resourceRow.RES_NAME);
                                  resourceSvc.CheckInResources(new Guid[] { resourceRow.RES_UID }, false);
                      Console.ForegroundColor = ConsoleColor.Yellow;
                      Console.WriteLine("".PadRight(30, '-'));
                      Console.ResetColor();
  tatiana

  This is the logic I used:
  1) Try to inactivate the user
  2) If it fails with "AdminNTAccountNotFound" then delete
  try {
  using( OperationContextScope ocs = new OperationContextScope( resourceClient.InnerChannel ) ) {
  resourceClient.CheckOutResources( new Guid[] { resourceUID } );
  // Perform the update
  rsDS = ( SvcResource.ResourceDataSet ) rsDS.GetChanges();
  resourceClient.UpdateResources( rsDS, false, true );
  catch( Exception ex ) {
  if( ex.Message.Contains( "AdminNTAccountNotFound" ) ) {
  try {
  resourceClient.CheckInResources( new Guid[] { resourceUID }, true );
  catch {
  //The resource does not have a valid account, deleting...
  using( OperationContextScope ocs = new OperationContextScope( resourceClient.InnerChannel ) ) {
  resourceClient.CheckOutResources( new Guid[] { resourceUID } );
  resourceClient.DeleteResources( new Guid[] { resourceUID }, "No longer in RBS structure and/or AD" );
  120811049008

• How do I enable "Audit user account logons" using PowerShell, to improve security?

  With successful hacking attacks more often employing valid Active Directory user credentials, it is quite helpful when administrators can
  easily poll user logon events. Rather than query
  every domain computer for its logon events, one can alter the Default Domain Controller Policy GPO to enable "Audit user account logons" (Success and Failure) then merely poll
  only the domain controller -- quite efficient. PowerShell helpfully has its Group Policy Module, including the following two cmdlets.
  1) Get-GPO "Default Domain Controllers Policy" will retrieve the top-level GPO object, but how do I enable that specific setting?
  2) Set-GPRegistryValue might be the right tool, but I cannot find any documentation on the values I need to supply to its parameters (-Name -Key -ValueName -Type -Value) to enable "Audit user account logons" -- both Successes and Failures.
  One can manually modify this setting using the Group Policy Management console GUI on the domain controller, but I am trying to upgrade my professional work habits to use stored scripts, rather than unrecorded point & clicks, so that my actions are repeatable
  and documented.
  Any pointers to documentation or an example would be welcome. I originally posted this question in the TechNet PowerShell Forum this afternoon, but someone recommended I copy it to the TechNet Group Policy Forum.
  Jeffrey - New Orleans MCITP Enterprise Administrator, Virtualization Administrator

  Hi Jeffrey,
  >>One can manually modify this setting using the Group Policy Management console GUI on the domain controller, but I am trying to upgrade my professional work habits to use stored scripts, rather than unrecorded point & clicks, so that my actions
  are repeatable and documented.
  Before going further, although you have expressed that you don't want to use GPMC GUI to configure the audit setting, in fact, it's an easy and comparatively handy method to set the setting. Besides, based on the description, you
  want to use PowerShell to do this. However, as far as I know, PowerShell can configure registry-based policy settings and Group Policy Preferences Registry settings, but audit policy security settings are not registry keys.
  Nonetheless, if we really don't want to use GPMC console to do this, we can use Auditpol.exe to set the audit setting.
  Regarding this point, the following article can be referred to for more information.
  Auditpol
  https://technet.microsoft.com/en-in/library/cc731451.aspx
  Auditpol set
  https://technet.microsoft.com/en-in/library/cc755264.aspx
  In addition, regarding Group Policy Cmdlets in Windows PowerShell, the following article can be referred to for more information.
  Group Policy Cmdlets in Windows PowerShell
  https://technet.microsoft.com/en-us/library/ee461027.aspx
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen