Oracle Auditing question.

Similar Messages

• Oracle Auditing Capability

  In one of our project we need to define audit trail for all transaction tables As per the requirements, we need to log in some audit trail table the following information
  - Old and New value of the column
  - userid who executed the SQL
  - Transaction type – INSERT, UPDATE or DELETE
  - Current Timestamp
  In past, we used to create database trigger attached to each table that gets fired once a column is touched in case of SQL INSERT, UPDATE or DELETE statement. This solution as you understand is home grown one that come up with its own limitations like defining trigger in each table and maintaining trigger code each time a column is dropped or added .
  The question is does Oracle Release 10.g come with any such out of the box audit trail capabilities that can be enabled by SYS ADMIN to record any row data change that we could achieve without writing any trigger code.
  Could you please advice on 10G Oracle Audit capabilities ?
  Thanks in advance

  Assuming that the USERID you're interested in is the Oracle user that is logged in (rather than, say, an application ID that has been defined on the middle tier), there are a number of options.
  One option that I tend to push particularly in 10g (but that was available in 9i as well) is Workspace Manager. You can use Workspace Manager to version-enable a table, and Oracle will automatically generate triggers that store off the old and new versions of each row in historical tables. Workspace Manager also provides some rather cool additional functionality, like the ability to run an arbitrary query as of an arbitrary point in time in the past (assuming all the tables involved are version-enabled and assuming you haven't purged the history for some reason), which can be invaluable for debugging purposes.
  The Workspace Manager Application Developer's Guide has more information...
  Of course, you can also use other tools like Oracle's built-in auditing or something like Audit Vault depending on your precise business needs.
  Justin

• Oracle Audit Vault installation fails on DVCA assistant + libpthread.so.0

  Hello experts, I did this post at general forums but nobody noticed anything, I need your help
  I am able to install the Oracle Audit Vault Server on the following features:
  OS: Suse Linux 10 SP 2
  Clusterware version: 11.1.0 6
  The Oracle Audit Vault server installation procces creates the database an starts the instances on each node and notice me the url for the Enterprise Manager but after that it fails at DVCA assistante because is not able to load the shared library libpthread.so.0.
  I found in internet that some time there are files like srvctl, vipca, etc tha export LD_ASSUME_KERNEL ant we have to comment that line, but I do not found the line in those files. I just found in the crsctl file this line like
  LD_ASSUME_KERNEL=
  export LD_ASSUME_KERNEL
  PD: The libpthread.so.0 library already exist
  Should I comment this line at crsctl file?
  Thank you in advance.

  Here you are the error messages:
  Is the Oracle Audit Vault server 10.2.3
  Command = /opt/oracle/product/av/bin/dvca -action option -oh
  /opt/oracle/product/av -s_path /opt/oracle/oradata/ -logfile
  /opt/oracle/product/av/cfgtoollogs/dvca_install.log -owner_account vault
  -owner_passwd ${s_ownerEncryptPwd} -acctmgr_account vault1 ${s_dvMgrPwdArg}
  -jdbc_str jdbc:oracle:oci:@av1 ${s_sysPasswdArg} -languages {"en"} -racnode
  seguridad1.min2.dtc -lockout
  MANAGE_LISTENER start listener
  MANAGE_LISTENER start listener
  result=/opt/oracle/product/av/bin/dvca_start_listener.sh,127,/opt/oracle/product/av/jdk/jre/bin/java:
  error while loading shared libraries: libpthread.so.0: cannot open shared
  object file: No such file or directory
  MANAGE_LISTENER start listener log=
  MANAGE_INSTANCE start RDBMS
  MANAGE_INSTANCE start RDBMS
  result=/opt/oracle/product/av/bin/dvca_start_rdbms.sh,127,/opt/oracle/product/av/jdk/jre/bin/java:
  error while loading shared libraries: libpthread.so.0: cannot open shared
  object file: No such file or directory
  MANAGE_INSTANCE start RDBMS log=
  Executing task SQLPLUS_CATOLS
  Executing task RESTART_SERVICES_OLS
  MANAGE_INSTANCE stop isqlplus
  MANAGE_INSTANCE stop OC4J
  MANAGE_LISTENER start listener
  MANAGE_LISTENER start listener
  result=/opt/oracle/product/av/bin/dvca_start_listener.sh,127,/opt/oracle/product/av/jdk/jre/bin/java:
  error while loading shared libraries: libpthread.so.0: cannot open shared
  object file: No such file or directory
  MANAGE_LISTENER start listener log=
  MANAGE_INSTANCE start RDBMS
  MANAGE_INSTANCE start RDBMS
  result=/opt/oracle/product/av/bin/dvca_start_rdbms.sh,127,/opt/oracle/product/av/jdk/jre/bin/java:
  error while loading shared libraries: libpthread.so.0: cannot open shared
  object file: No such file or directory
  MANAGE_INSTANCE start RDBMS log=
  Executing task SQLPLUS_CATMAC
  connect SYS:java.sql.SQLException: ORA-01034: ORACLE not available
  Questions:
  Is the Audit Vault Server Installation compatible with CRS version 11.1.0.6

• Oracle Audit Vault and Database Firewall implementaion

  Dear All,
  we are planning to implement Oracle Audit Vault and Database Firewall on 2 node 11g RAC/solaris10, please advise me to ahead in details
  Thanks

  Recently purchased Audit Vault and Database Firewall
  My question is with Audit Vault.
  All of the documentation says that i need Oracle Linux 5.8 as part of the installation. We do not have any servers now that support 5.8 currently. When I check the HCL for Oracle Linux 5.8 i see only 4 Oracle servers that support this version
  Sun Server X2-4
  Sun Server X2-8
  Sunfire X2270 M2
  Sunfire X4470
  The only two servers that are currently offer for purchase by Oracle are the X2-4 and X2-8 which are way overkill both in power and price for this application.
  The X2270 M2 would fit nicely, but is no longer offered for sale. In it place is the X3-2 which would fit nicely, but it listed as supporting Oracle Linux 5.8. Oracle Linux 5.9 is supported on the X3-2.
  My question is will Oracle Linux 5.9 or newer install to support Audit Vault? The documentation specifies Linux 5.8. Is this flexible or not?
  Thanks,

• Problem: Oracle auditing and Coldfusion pages.

  Oracle 10g has robust auditing functionality.  If you want to see who is inserting records into account.staff, you issue this command.
  audit insert on account.staff by access;
  It's done.   All inserts into the table are tracked by Oracle automatically.
  The good news is this works perfectly with asp pages.  With coldfusion-based webpages, the CF application server interposes itself between oracle and the user.  The result?  Key bits of auditing information (i.e., user id, pc IP address) are replaced with the Cold Fusion server values.
  For example, instead of seeing the user’s ID, or name the audit trail has SYSTEM.  Instead of the user’s pc hostname we see the CF server name and IP address.
  ·         Building table specific triggers using USERENV('sessionid')in Oracle does not help
  ·         Using cgi variables in the CF pages like REMOTE_ADDR  (IP address of the remote host making the request) or REMOTE_USER  or AUTH_USER  also does not offer reliable information either.
  What is the fix?
  Our setup.  We are using:
  Oracle 10g with auditing enabled
  Coldfusion server version 8.0.0.176276
  Windows 2003 server
  Internet Information Server version 6.0
  Windows integrated authentication
  All web auditing via IIS 6.0 works fine.  It is just Oracle auditing that is a problem.
  Thank you.

  I'm not familiar with Oracle; but I'll take a guess as to why the behavior is different between ASP and CF.  I suspect that the ASP pages access the database using Windows integrated authentication and impersonation of users.  If user [email protected] logs into the ASP site the [email protected] credentials are used for database access, and this is reflected in Oracle's auditing.  ColdFusion does not use integrated authentication so all data access is handled as the user credentials setup in the CF data source and using the IP of the CF server.  I don't think that this can be changed.  As far as I know CF does not support impersonation of Windows accounts.  However, I'm not an Oracle expect so if any of this is wrong please correct me.

• Oracle Audit Vault and Database Firewall X SAP

  Hello,
  Someone has or had any experience on implementing "Oracle Audit Vault and Database Firewall" in a SAP environment?
  I would like to know the impacts of this implementation for SAP System.
  Is there anything we have to concern about it from SAP side?
  Regards,
  Richard Brehmer

  Well,
  In case of someone needs it.
  I found something in Note: 105047
  https://websmp230.sap-ag.de/sap(bD1wdCZjPTAwMQ==)/bc/bsp/sno/ui_entry/entry.htm?param=69765F6D6F64653D3030312669765F7361…

• Oracle Audit Vault and Database Firewall 12c Available for Download

  Oracle Audit Vault and Database Firewall 12c software is now available for download at http://edelivery.oracle.com

  Dear Zoran Pavlovic,
  Yes is it, but I can't download because of my country.
  So do you have other link?
  ERROR:
  Thank you for accessing the Oracle Software Delivery Cloud. Due to your country location, we are unable to process your request. If you have an active support contract, you may request physical media by either submitting a Service Request or calling Customer Support. If you wish to purchase or evaluate our products on a 30-day trial please contact the appropriate Sales Representative for your country.
  Best Regards,
  Kosal

• Oracle Audit Vault Server & Agent Installation Error.

  Hi,
  I am new to Audit vault. When I install Audit Vault on Windows 2008 R2 it throws an error after installing 99%. Kindly help me to resolve.
  OS Version : Windows 2008 R2
  Oracle Audit Vault Version: 10.2.3.2
  Error:
  Audit Vault Server:
  INFO: Configuration assistant "Oracle Audit Vault Configuration Assistant" failed
  *** Starting OUICA ***
  Oracle Home set to C:\oracle\product\10.2.3\av_1
  Configuration directory is set to C:\oracle\product\10.2.3\av_1\cfgtoollogs. All xml files under the directory will be processed
  INFO: The "C:\oracle\product\10.2.3\av_1\cfgtoollogs\configToolFailedCommands" script contains all commands that failed, were skipped or were cancelled. This file may be used to run these configuration assistants outside of OUI. Note that you may have to update this script with passwords (if any) before executing the same.
  INFO: Created a new file C:\oracle\product\10.2.3\av_1\cfgtoollogs\configToolFailedCommands
  INFO: Since the option is to overwrite the existing C:\oracle\product\10.2.3\av_1\cfgtoollogs\configToolFailedCommands file, backing it up
  INFO: The backed up file name is C:\oracle\product\10.2.3\av_1\cfgtoollogs\configToolFailedCommands.bak
  SEVERE: OUI-25031:Some of the configuration assistants failed. It is strongly recommended that you retry the configuration assistants at this time. Not successfully running any "Recommended" assistants means your system will not be correctly configured.
  1. Check the Details panel on the Configuration Assistant Screen to see the errors resulting in the failures.
  2. Fix the errors causing these failures.
  3. Select the failed assistants and click the 'Retry' button to retry them.
  xception: VariableNotFoundException
  Query Exception Class: class oracle.sysman.oii.oiil.OiilQu
  Also while installing Collection agent, it throws the error while executing runInstaller.
  OS Version : AIX 6.1
  Oracle Audit Vault Agent Version: 10.2.3.2
  Audit Agent:
  bash-3.2$ ./runInstaller
  Starting Oracle Universal Installer...
  Checking installer requirements...
  Checking operating system version: must be 5200 or 5300
  Failed <<<<
  Exiting Oracle Universal Installer, log for this session can be found at /tmp/OraInstall2011-05-12_05-11-03PM/installActions2011-05-12_05-11-03PM.log
  */tmp/OraInstall2011-05-12_05-15-39PM>*cat installActions2011-05-12_05-15-39PM.log
  Using paramFile: /finacle/avagent/aix_5l64/install/oraparam.ini
  Checking installer requirements...
  Checking operating system version: must be 5200 or 5300
  Failed <<<<
  Exiting Oracle Universal Installer, log for this session can be found at /tmp/OraInstall2011-05-12_05-15-39PM/installActions2011-05-12_05-15-39PM.log
  Thanks & Regards,
  Mithra.
  Edited by: 864048 on Jun 7, 2011 2:57 AM

  Hi ,
  Please try the following:
  Execute the setup in cmd with -ignoreSysPrereqs option.
  Thank you.

• Oracle audit vault collection

  Hi All,
  I have installed Oracle Audit vault server 10.3.0 on a linux 64 bit machine. I have installed the collection agent on my aix server. Registered the db with audit vault. Enabled the collectors.
  avctl show_collector_status -collname DBAUD_Collector -srcname DBA
  Getting collector metrics...
  Collector is running
  Records per second = 0.13
  Bytes per second = 20.91
  [oracle@hostnameconfig]$ avctl show_av_status
  Oracle Audit Vault 10g Database Control Release 10.3.0.0.0
  Copyright (c) 2006, 2011 Oracle Corporation. All rights reserved.
  https://hostname:1158/av
  Oracle Audit Vault 10g is running.
  Logs are generated in directory /wbbin/app/oracle/product/10.3.0/av_1/av/log
  [oracle@hostnameconfig]$
  oracle@agentHost[oracle/app/avagent/bin]# avctl show_oc4j_status
  Agent is running
  But when I am trying to view the reports by loading the warehouse, I am getting the below error:
  OAV-46621: invalid start date 03-OCT-2012 for data warehouse operation; must be less than 03-OCT-2011 ORA-06512: at "AVSYS.DBMS_AUDIT_VAULT", line 6 ORA-06512: at "AVSYS.AV$DW", line 1040 ORA-06512: at "AVSYS.DBMS_AUDIT_VAULT", line 727 ORA-06512: at line 3
  Why it is referring to 03-OCT-2011 ? how do i view the reports.
  Am I missing something!!
  regards,
  Orackzy

  Hi,
  The error is that this agent already exists. If you added it before inadvertently, you will have to provide a new agent name.
  avca add_agent -agentname agent1 -agenthost salesdb.us.example.com
  AVCA started
  Adding agent...
  Enter agent user name: agentusername
  Enter agent user password: agent user pwd
  Re-enter agent user password: agent user pwd
  Agent added successfully.
  Thanks.
  Edited by: tbednar on Sep 29, 2011 7:50 AM

• "Oracle Audit Vault Configuration Assistant" failed

  Hello everyone, I can across this issue while installing AV agent and wanted to know if any one can help with a quick solution. OS= Linux 5, agent_software= 10.2.3 and here is the error messages:
  ++**INFO: Configuration assistant "Oracle Audit Vault Agent One-Off Patches" succeeded**++
  ++**INFO: Command = oracle.av.common.AvcaCfgPlugIn /app/oracle/product/10.2.0/agent_home/bin/avca -s initialize_agent -agentname agentdevmdb1 -agentusr ${s_agentusr} -agentport 7016 -av AHS-SOASOV1-DEVM.ahs.state.vt.us:1521:av.ahs.state.vt.us -rmiport 3121 -jmsport 3300**++
  ++**Command = oracle.av.common.AvcaCfgPlugIn has failed**++
  ++**INFO: Configuration assistant "Oracle Audit Vault Configuration Assistant" failed**++
  ++**-----------------------------------------------------------------------------**++
  ++***** Starting OUICA *****++
  ++**Oracle Home set to /app/oracle/product/10.2.0/agent_home**++
  ++**Configuration directory is set to /app/oracle/product/10.2.0/agent_home/cfgtoollogs. All xml files under the directory will be processed**++
  ++**INFO: The "/app/oracle/product/10.2.0/agent_home/cfgtoollogs/configToolFailedCommands" script contains all commands that failed, were skipped or were cancelled. This file may be used to run these configuration assistants outside of OUI. Note that you may have to update this script with passwords (if any) before executing the same.**++
  ++**-----------------------------------------------------------------------------**++
  ++**INFO: Created a new file /app/oracle/product/10.2.0/agent_home/cfgtoollogs/configToolFailedCommands**++
  ++**INFO: Since the option is to overwrite the existing /app/oracle/product/10.2.0/agent_home/cfgtoollogs/configToolFailedCommands file, backing it up**++
  ++**INFO: The backed up file name is /app/oracle/product/10.2.0/agent_home/cfgtoollogs/configToolFailedCommands.bak**++
  ++**SEVERE: OUI-25031:Some of the configuration assistants failed. It is strongly recommended that you retry the configuration assistants at this time. Not successfully running any "Recommended" assistants means your system will not be correctly configured.**++
  ++**1. Check the Details panel on the Configuration Assistant Screen to see the errors resulting in the failures.**++
  ++**2. Fix the errors causing these failures.**++
  ++**3. Select the failed assistants and click the 'Retry' button to retry them.**++
  ++**INFO: User Selected: Yes/OK**++

  Hi:
  A log of everything the avca command is trying to do is kept in $ORACLE_HOME/av/log/avca.log. Please review that to see what could have caused the issue.

• Java DB like logging via oracle auditing?

  Please help me, i'm new to oracle and don't know how to achive my goal.
  In derby my log files presents me all the information i need for researching purposes.
  The same can be achived via auditing in oracle i guess.
  So my starting point is:
  I activated an audit as follows:
  AUDIT UPDATE,LOCK,SELECT on app.accouts by access;
  Here is a log of my audit session:
  I can't see the SQL_BIND information for example, can i activate it?
  SQL> select action_name,extended_timestamp,returncode from dba_audit_trail order by extended_timestamp;
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  SELECT
  23.05.08 08:44:10,734000 -07:00
  0
  SELECT
  23.05.08 08:58:27,453000 -07:00
  0
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  UPDATE
  23.05.08 08:58:28,562000 -07:00
  0
  SELECT
  23.05.08 08:58:28,968000 -07:00
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  0
  UPDATE
  23.05.08 08:58:29,140000 -07:00
  0
  UPDATE
  ACTION_NAME
  EXTENDED_TIMESTAMP
  RETURNCODE
  23.05.08 08:58:29,234000 -07:00
  0
  6 Zeilen ausgewählt.
  SQL> spool off
  Here is the compareable derby log:
  4397482349590219485{1}), Executing prepared statement: UPDATE ACCOUNTS SET MONEY = ? WHERE (ID = ?) :End prepared statement with 2 parameters begin parameter #1: 2500 :end parameter begin parameter #2: 1 :end parameter
  2008-05-23 16:32:51.953 GMT Thread[DRDAConnThread_2,5,main] (XID = 3865), (SESSIONID = 0), (DATABASE = testDB), (DRDAID = NF000001.G4B9-4397482349590219485{1}), Committing
  What i'm missing in my oracle audit is, what SQL statement is actually used and what parameters are binded to them.
  Also i need to know if the SQL statement was successfull or failed and if the statement failed, why has it failed?
  Please help me :-)
  Kind regards
  Basti

  For Oracle database auditing, you need to set the audit_trail parameter to either db, extended to write the audit trail to aud$ table in the database or xml, extended to write your audit trail to an OS file in XML format.
  the 'extended' tells Oracle to collect the sql_text and bind variables in the standard audit trail.
  If you use FGA (fine grained auditing), the sql text is automatically included in the audit trail.
  Thanks.

• Links to learn and use Oracle Auditing

  Hi All,
  I wanna featured links to learn and use Oracle DB Auditing
  I knew recently that auditing has two types: Manual and By Oracle right? I want that one by Oracle
  Is this the right forum for this thread?
  Thank u
  Note: I'm using Oracle DB 10g R2

  Dev. Musbah wrote:
  Hi All,
  I wanna featured links to learn and use Oracle DB Auditing
  I knew recently that auditing has two types: Manual and By Oracle right? I want that one by Oracle
  Is this the right forum for this thread?
  Thank u
  Note: I'm using Oracle DB 10g R2Find this link to use Oracle Auditing:
  http://download.oracle.com/docs/cd/B19306_01/network.102/b14266/cfgaudit.htm

• Documention on Oracle Auditing Capabilities

  I am trying to find extensive documentation to explain all Oracle auditing features.
  I need to understand where things are audited and be able to query/find things and
  store these audit trails for up to a year.
  I am looking at V$session and V$AUD and V_$OPEN_CURSOR but do not have
  documentation to define all of this. Where is the best source? Any source?
  Auditing of general database actions and each successful or unsuccessful attempt:
  - Password changed when/what/who
  - Grants when/to whom/by whom/what
  - Create/Drop/Alter Users/Objects
  - Databsae Startup/shutdown when/who
  - Terminal ID/Host IP of incoming users
  - Database System alters
  In other words, (Actions to database, users, etc other than application
  Data updates.
  Thanks
  Kim

  Thanks. I actually found it even though it basically logs it an an UNKOWN
  command and no username in Oracle since I used sqlplus '/as sysdba'
  SELECT substr(command,1,10) COMMAND, substr(ACTION,1,10) ACTION,
  substr(OSUSER,1,10) OSUSER,
  substr(machine,1,10) MACHINE, server, Process,
  to_char(logon_time,'DD-MON-YYYY hh24:mi:ss'), PDDL_Status
  FROM V$SESSION
  WHERE username is null
  ORDER BY logon_time;
  I have been slowly finding things. I know thousands of people before me have done
  this. I hate to reinvent the wheel everytime I need to find something.
  Thanks
  Kim

• EHS- Audit question and findings table?

  Hi Gurus
  I wanted to know what is the table for Audit questions and findings and also wanted to know where do these corresponding texts are getting stored in SAP.
  Thanks
  Murali

  Hello Murali,
  please check the following tables
  PLMM_AUDIT - for Audit results
  For questions:
  PLMM_QUEST_H
  PLMM_QUEST_I
  PLMM_QUEST_RES
  for text
  CGPL_TEXT
  CGPL _ PROJECT
  Regards
  gajesh

• UPLOAD AUDIT QUESTIONS

  kindly  guide me  how to upload  audit questions  in sap system my query is sap also provide one temple in that templet what is contents to be  filled i cont understood any body work that temple  kindly  guide me in that  templet  we have filed like that external id description ext position   hierarchy level  task level assessm entsug desc

  Please check the sap note: 597982. You can find the SAP supplied XL template as a zip atatchment in the note and step by step guidance on how to upload audit questions using import/export functionality of audit management.
  Thanks,
  Ram