Setting up audit in 9.2.0.8

Similar Messages

• Slaris 10 u6 auditing - pam_unix_cred: cannot set user audit Bad address

  When I switch on auditing (execute /etc/security/bsmconv command), after rebooting system I cannot login to the system. When I try to login I can see the followin message:
  pam_unix_cred: cannot set user audit Bad address
  I have not idea, what to do

  Thanks for this. Parent chmod o+x fixed it.

• Bittorrent blocked by bittorrent signatures set to audit???

  I'm am using a modigied 128MB.sdf signature file on an 1841 router running the latest release branch IOS. I've noticed that Bittorrent traffic gets blocked by the Bittorrent / P2P signature, even though they are only set to audit the traffic, not drop or reset. Why is this???
  If I disable these signature traffic flows normally. The IPS rule is set on the WAN port inbound only..
  thanks,
  Simon

  Well, the fact that it blacklists your very own AP does look strange. Do you have similar behaviour e.g. with ndiswrapper and a Windows driver? Torrent connections have been known to bring down even wired routers before, let alone wireless ones.

• Setting the Audit Level to off

  Hi,
  I had configured the Audit level for a bpel composite to Off with the help of below property in composite.xml and deployed the same.
  <property name="bpel.config.auditLevel">Off</property>
  The Property also reflects in the SystemMBeanBrowser for the composite but the problem is though the Composite payload is not persisted anymore but the composite tracking instances are still persisted.
  As per the Oracle documentation : "Off": No logging is performed. Composite instance tracking and payload details are not collected.
  Can someone help or provide pointers why the logging is not off for composite tracking instances ?
  Do i need to add something else also in the composite.xml apart from this property ?

  Hi,
  <property name="bpel.config.inMemoryOptimization">true</property>
  <property name="bpel.config.completionPersistPolicy">faulted</property>
  are already set but it was not working though.
  However, i have found the problem finally :)
  The issue was that to prevent the persistence of composite tracking, the audite level has to be set at the composite level and not at the component level
  because setting it on component level will only prevent the dehydration of the component and not the references and the services.
  Regards,
  Anugoonj

• Setting up auditing for tables

  Hi Gurus,
  Could some one help me in setting up an auditing process for few tables on one of the schema say scott.
  auditing on insert,update,select and delete .
  I have 4 tables say for example
  emp, dept,org,ssn

  790072 wrote:
  Hi Gurus,
  Could some one help me in setting up an auditing process for few tables on one of the schema say scott.
  auditing on insert,update,select and delete .
  I have 4 tables say for example
  emp, dept,org,ssnwhen all else fails Read The Fine Manual
  http://download.oracle.com/docs/cd/E11882_01/server.112/e17118/statements_4007.htm#i2059073
  why do you prefer to read answer here rather than from original source as URL above?

• Unable to get the composite instance for the invocation. This could be because instance has not yet been created or because the audit level for the SOA infra has been set to Off

  I am on Oracle 11.1.1.7 BPM suite on W8 64 bit. I can't launch the flow trace and get the error "Unable to get the composite instance for the invocation. This could be because instance has not yet been created or because the audit level for the SOA infra has been set to Off".  I have set the audit level to development at the soa-infra>SOA Administration> Common Properties > Audit level set to development and Capture Composite Instance State is Checked.
  Can somebody advice.
  Thanks

  Can you please confirm me the following steps...
  Log in to the EM console, Expand soa-infra (soa_server1) , go to the partition where your composite is been deployed, Click on your composite, On the right, click on the dropdown Settings and choose Composite Audit Level. you can choose to set the Audit Level for this composite. If you choose Inherit, it will take the settings to what the server is being set to. Otherwise, we can override it by choosing Off, Production, or Development.
  Make sure your setting for that composite is not Off, keep inherit or production or development.
  Thanks,
  N

• Audition 3 - Paste in Multitrack, slow stop, and clicking

  Hi,   Long-time Cool Edit Pro 2.0 user being forced to upgrade due to Windows 7. I'm testing AA 3 and 'm having some problems.
  First, I'm thrilled it's now possible to copy/paste in multritrack view. However, is it possible to paste clips from multiple tracks so that the copied clips paste into the existing tracks rather than new ones? As it is, when I copy and paste clips from mulutple tracks the top track pastes into the original track but the rest paste into new tracks, then I have to manutally move the pasted clips to the correct tracks and delete the new ones. I know you can highlight clips and crtl-right click/drag to copy and keep them on the original tracks, but it would be nice so be able to do the same with standard copy/paste.
  Second,  I'm using an external USB audio device (Lexicon Alpha). When I press stop during playback (either in multitrack or edit view), the system stalls (with the swirling mouse  "wait" symbol) for a short time (maybe half a second) before I can do  anything. This doesn't happen when I use the onboard sound card (no lag at all when stopping or starting). I assumed the lag was due to the USB cord or something, but there's no pause at all in any other programs I've tried (such as Cubase). Is there a setting in Audition that might affect the lag time?
  Lastly, a "click" sound is produced every time I press play (either in multitrack or edit view). This happens whether using onboard sound or the USB device. Again, it doesn't happen in any other progams. It's making it very difficult to preview changes to the beginnings of audio files, since I have to place the cursor near the end of the track and loop-play so it loops back to the beginning after the click has happened.
  Thanks in advance for any advice anyone can give me!

  I'm not bringing in new audio, I'm copying existing clips and trying to paste them into the tracks they originally came from, rather than into new ones. The uppermost clip of a copied group pastes into its original track, but the clips on the tracks below it all paste into new tracks rather than into the tracks they originally came from.
  BTW I realized ctrl/right-click and drag creates a new copy of a sound file rather than just duplicating it so that doesn't work either.

• Auditing file server setup issues - nfs permissions

  I have half-dozen Solaris 10 workstations requiring Solaris Auditing enabled and audit files saved. I used a spare Solaris 10 system with 2-72GB disks and formatted 2nd disk for entired 72GB. I shared out the 72GB partition on this system and modified /etc/security/audit_control on a test Solaris 10 W/S to use the shared-out partition on Audit file server as primary audit directory. Following directions in Solaris 10 Admin Gde I chmod -R 750 the mount pt using the 72GB partition before sharing out the partition. However, all client W/S's that I enable Auditing would not use the 72GB partition on file server until I went back and chmod 777 the partition and rebooting file server. Also, on any client that I have enabled Auditng to use nfs-mounted 72GB partion on file server I cannot as a non-root user issue a "df -k" command without getting error:
  df: cannot statvfs /var/audit/fmaud.1/files: Permission denied
  Is this normal or did I miss a chmod step or two in setting up Audit clients and/or Audit file server?

  The roundcube db schema needs to setup manually. See /usr/share/webapps/roundcube/INSTALL
  Also, from your /etc/webapps/postfixadmin/config.inc.php:
  $CONF['domain_path'] = 'NO';
  $CONF['domain_in_mailbox'] = 'YES';
  $CONF['maildir_name_hook'] = 'NO';
  ..which results in /var/mail/vmail/[email protected]
  From your dovecot.conf
  mail_home = /var/mail/vmail/%d/%u
  ...which results in /var/mail/vmail/domain.com/user
  That doesn't fit together.

• Weird behavior in assigning requirement pattern (audit graduation)

  Hello,
  I have the following setup:
  On the SC i have filled infotype "Requirement Catalogs (1778)" with a Requirement Catalogs and Requirement Catalogs for audit type 1000. I've also marked it as a "Main catalog".
  Requirement Catalogs: VAHO
  Version: 2.0
  Now in the IMG i have the following setting:
  Student Lifecycle Management -> Processes in Student Lifecycle Management -> Audits -> Requirement Catalogs -> Define Structure of Version Sets
  Set          Version       Default version
  Audit       1.0              X
  Audit       2.0
  When i exicute the Audit via PIQAUD_MP_CP it is giving me an error:
  No requirement pattern is assigned to requirement catalog VAHO, version 1.0, and audit type 1000.
  When I change the default version to 2.0 it is working correctly.
  This seems stange to me because on the SC I have said that the version 2.0 must be used.
  Am I missing something, did i missunderstood something or is it just a little bug in SLcM?
  Please help.
  Thanks a lot

  Hello Molenaar,
  You are Specifying that the requirements defined in version u2018audit 1u2019 as your current requirements of your university by setting u2018 audit 1u2019 as the default version, where as you are trying to evaluate the requirements in u2018audit 2u2019 which are not your current requirements though you have specified them in your program of study. If your current requirements are in version u2018audit 2u2019, then set u2018audit 2 u2018as the default version.
  Remember default version is always the basis for evaluating the requirements.
  Regards,
  Sravan
  Edited by: Sravan on Mar 10, 2009 7:24 AM
  Edited by: Sravan on Mar 10, 2009 7:26 AM

• Auditing failed access to files and folders in Windows Storage Server 2008 R2

  Hello,
  I've been trying to figure out why I cannot audit the failed access to files and folders on my server.  I'm trying to replace a unix-based NAS with a Windows Storage Server 2008 R2 solution so I can use my current audit tools (the 'nix NAS
  has basically none).  I'm looking for a solution for a small remote office with 5-10 users and am looking at Windows Storage Server 2008 R2 (no props yet, but on a Buffalo appliance).  I specifically need to audit the failure of a user to access
  folders and files they are not supposed to view, but on this appliance it never shows.  I have:
  Enabled audit Object access for File system, File share and Detailed file share
  Set the security of the top-level share to everyone full control
  Used NTFS file permissions to set who can/cannot see particular folders
  On those folders (and letting those permissions flow down) I've set the auditing tab to "Fail - Everyone - Full Control - This folder, subfolders and files"
  On the audit log I only see "Audit Success" messages for items like "A network share object was checked to see whether client can be granted desired access (Event 5145) - but never a failure audit (because this user was not allowed access by NTFS permissions).
  I've done this successfully with Windows Server 2008 R2 x64 w/SP1 and am wondering if anybody has tried this with the Windows Storage Server version (with success of course).  My customer wants an inexpensive "appliance" and I thought this new
  variant of 2008 was the ticket, but I can't if it won't provide this audit.
  Any thoughts? Any of you have luck with this?  I am (due to the fact I bought this appliance out of my own pocket) using the WSS "Workgroup" flavor and am wondering if this feature has been stripped from the workgroup edition of WSS.
  TIA,
  --Jeffrey

  Hi Jeffrey,
  The steps to setup Audit on a WSS system should be the same as a standard version of Windows Server. So please redo the steps listed below to see if issue still exists:
  Enabling file auditing is a 2-step process.
  [1] Configure "audit object access" in AD Group Policy or on the server's local GPO. This setting is located under Computer Configuration-->Windows Settings-->Security Settings-->Local Policies-->Audit Policies. Enable success/failure auditing
  for "Audit object access."
  [2] Configure an audit entry on the specific folder(s) that you wish to audit. Right-click on the folder-->Properties-->Advanced. From the Auditing tab, click Add, then enter the users/groups whom you wish to audit and what actions you wish to audit
  - auditing Full Control will create an audit entry every time anyone opens/changes/closes/deletes a file, or you can just audit for Delete operations.
  A similar thread:
  http://social.technet.microsoft.com/Forums/en-US/winserverfiles/thread/da689e43-d51d-4005-bc48-26d3c387e859
  TechNet Subscriber Support in forum |If you have any feedback on our support, please contact [email protected]

• C2 audit mode Option in SQL server 2000

  Hi,
  How to set c2 audit mode Option for only customized tables not for entire database SQL server 2000

  Don't do that on the database level but on the application level:
  Note 1916 - Logging table changes in R/3
  Markus

• Stock Audit Report vs Balance Sheet

  I am having problems matching the balance sheet to our stock. I presume that the stock audit report is the best report for evaluating our stock but this does not match our balance sheet.
  The balance sheet stock looks at 3 accounts, Finished Product, Work in Progress and Raw Materials. I set the audit report to only look at these accounts and to read all groups. I also ticked 'display OB for items/accounts with no transactions'.
  This still does not match. The only thing I can surmise is that something has gone wrong or someone has posted something in these accounts to throw it out of balance but if so then I do not know how to find the problem as this could be going back years.
  Is there a better stock report / query to use or is there some sort of query that can flag up any obvious errors?
  Thanks for your help in anticipation.

  Hi,
  You can refer SAP Note :
  1009070 - How can you identify manual journal entries posted to the inventory G/L account?
  Hope this helps,
  TVSon

• Audit log capacity

  As auditing can be enabled and it keeps the audit logs. Is there a setting for audit retention configuration as well as size configuration. Also how uch space it occupied with average audit capabilities and how much is the growth.
  This topic not much covered in docs. So I want to know from you guys as you must be having enough experience. Is there a criteria which can be used to plan database. Does it go to a seperate database table?
  Any pointers can also be helpful.

  The job 'Trims audit trail entries from site collections.'
  It runs by defualt every month, which means you need to adjust the schedule so that it runs weekly so that it'll pick up your accelerated audit rules.
  This is the job that exports the data to Excel and cleans up the entries from the database.

• Audit Log Not Being Created

  Hi,
  I'm using the workflow application "Audit" as an activity in my custom workflow and I'm passing the required arguments.
  In the workflow trace file, I can see that the Audit application is run using the passed parameters but no record is being created matching that information in the "log" table.
  Any ideas/suggestions?
  Thanks
  Here is the trace for your information:
  Resolved reference requesterWSUser = object
  Assigning requesterFullName = Test1 Manager1
  Action Set Audit Resources List
  Result title set to 'Set Audit Resources List'
  Evaluating XPRESS
  Resolved reference approved = false
  Resolved reference auditApps = [AD_Simulated]
  Resolved reference auditApps = [AD_Simulated]
  Assigning depApps = [AD_Simulated]
  Action Audit
  Result title set to 'Audit'
  Iterating over depApps = [AD_Simulated]
  Iteration 0
  app = AD_Simulated
  Argument op = audit
  Argument type = User
  Argument status = success
  Argument action = View
  Argument reason = User Access Recertification
  Argument subject = TestManager1
  Resolved reference user.waveset.organization = null
  Resolved reference app = AD_Simulated
  Resolved reference app = AD_Simulated
  Argument resource = AD_Simulated
  Resolved reference enduserId = testuser4
  Argument accountId = testuser4
  Resolved reference enduserView.accounts[Lighthouse].firstname = Test4
  Resolved reference enduserView.accounts[Lighthouse].lastname = User4
  Resolved reference enduserId = testuser4
  Resolved reference requesterFullName = Test1 Manager1
  Argument error = The access of the user Test4 User4(testuser4) has been recertified by Test1 Manager1
  Calling application 'com.waveset.session.WorkflowServices'
  Application requested argument op
  Application requested argument logResultErrors
  Application requested argument action
  Application requested argument status
  Application requested argument type
  Application requested argument subject
  Application requested argument name
  Application requested argument resource
  Application requested argument accountId
  Application requested argument error
  Application requested argument parameters
  Application requested argument attributes
  Application requested argument originalAttributes
  Application requested argument overflowAttributes
  Application requested argument auditableAttributesList
  Application requested argument organizations
  Step complete 'Audit'
  Step inactive 'Display Message'
  -------------------------------------------------------------------------

  I agree with the anokun7. Check to make sure the action your are giving it is a valid one. ( See IDM Workflow Forms and Views pdf and search for Action Names, it will give you a list of all the valid actions) Also you can add your own attributes to the Audit object as well using the attributes variable. ( It expects a map: <map>
  <s>Key</s>
  <ref>value</ref>
  <map>
  Value can be a reference, or string, or however complex you want to make it. Just be aware of what view (if any) is available at the time you call the audit. Hope this helps
  Message was edited by:
  dmac28
  Oh yeah..The attributes will appear on the audit log reports, Based on what action and type you audited it will show up on that record. i.e Delete action, on Type User...that audit record will have a changes value which will have whatever attributes you passed to the audit object.

• Folder audit properties

  I have multiple Windows 7 computers that I have set the auditing on C:\ to Fail everyone and I selected Replace all existing inheritable auditing entries on all descendants with inheritable auditing entries from this object. All these computers are on
  a Domain. I have been able to create a security template that will allow me to remove this setting on c:\ but it won't remove it on all subfolders. Is there a way to do this in either a Domain policy or Local policy?

  Hi,
  Did we set the following setting to
  Not Configured or No auditing:
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit object access
  Besides, if we use Advanced Audit Policy Configuration, set the following policy setting to
  Not Configured or No Auditing:
  Computer Configuration\Windows Settings\Security Settings\
  Advanced Audit Policy Configuration\Audit Policy\Object Access\Audit File System
  Best regards,          
  Frank Shen