User Auditing

Hi all
aix 6.1
Oracle 11.2.0.3
We have a very confidential application and database. The corporate auditor is requesting a daily report of who is logging  (remote or local) in the database and which schema is used for the 24 hr range period. Is there a v$ view which capture the history of users logged in? like a machine-name or ip-address and the scheme connected.
There might be hackers remote or insiders that might be connecting to our sensitive system.
Thanks a lot,
zxy

yxes2013 wrote:
I thank you all,
So auditing is the only way to go? How about mining the listener.log? Do all connections in the database are being logged in
the listener.log? Even if I login locally using "sqlpus system/manager" or "sqlplus / as sysdba"?
Thanks a lot
if application is 3-tier, then ONLY application can provide end user IP#
>Even if I login locally using "sqlpus system/manager" or "sqlplus / as sysdba"?
above requires OS access to the DB Server.
ONLY the DBA  should be able to log onto the DB Server system directly.
no end user should ever get close to access OS command line on the DB Server system

Similar Messages

  • SAP User Audit Report

    Hi Expert,
    I want to download SAP user audit report through USMM.
    but whenever i run USMM and click on system measurement its goes on background job.
    I need this report in PDF format. plz help 

    Hi Kumar
    1.  Once you’re all system measurement are getting over collect those data in to one system.
           Refer the PPT 's which provided the steps
    https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0CC8QFjAD&url=https%3A%2F%2Fsupport.s…
    2 Transaction code  LAW perform a consolidation of user records and then send the information to SAP direct or email
    SAP Library - License Administration Workbench
    BR
    SS

  • How to show User Auditing data in dashboard/reports in MS CRM 2013 online?

    HI,
    I am having requirement to show user auditing details like user last logged in date/ session spent time in MS CRM 2013 online.
    I did not found any option to query user Auditing data.
    I found the Audit summary View but don't know how to use it.
    Could any one suggest me how to achieve this.
    Thanks
    Baji Rahaman

    Please try this 
    Public Function Decompress(ByVal arr As Byte()) As Byte()
            Dim s As Byte()
            Dim notCompressed As Boolean
            notCompressed = False
            Dim MS As System.IO.MemoryStream
            MS = New System.IO.MemoryStream()
            MS.Write(arr, 0, arr.Length)
            MS.Position = 0
            Dim stream As System.IO.Compression.GZipStream
            stream = New System.IO.Compression.GZipStream(MS, System.IO.Compression.CompressionMode.Decompress)
            Dim temp As System.IO.MemoryStream
            temp = New System.IO.MemoryStream()
            Dim buffer As Byte() = New Byte(4096) {}
            While (True)
                Try
                    Dim read As Integer
                    read = stream.Read(buffer, 0, buffer.Length)
                    If (read <= 0) Then
                        Exit While
                    Else
                        temp.Write(buffer, 0, buffer.Length)
                    End If
                Catch ex As Exception
                    notCompressed = True
                    Exit While
                End Try
            End While
            If (notCompressed = True) Then
                stream.Close()
                Return temp.ToArray()
            Else
                Return temp.ToArray()
            End If
        End Function
    Thanks & Regards Manoj

  • User Audit Trail for a custom table.

    Hello all. I need to know the correct and accurate way to user audit for a custom table. To elaborate further, I have a table catering to sanctioned strength of employees in a particular Cost Center, the entries have been deleted all together by someone, and I need to know the way to recover the data and to identify the user in question. Note, I have used STAT and have foundno results, and standard user audit trail are turned off.
    Any help or push in the right direction would be highly appreciated.
    P.S: any additional technical details on the table structure can be provided for further analysis if needed.

    Try to add your custom table and table fields in the below views
    V_T585A
    V_T585B
    V_T585C
    After doing this your custom table changes gets stored in the pcl4 document . If the custom table  is master data table  then from the standard Audit trail report you can see the logged changes in custom table also by providing the custom infotype number.
    if its is custom customizing table , need to explore

  • User Audit Report not showing all details

    Hello,
    I've encoutered a strange problem with the users audit reports.
    After I assign a user with a few new roles I expect to get the following information in Audit Event Details:
    In the "Changes" area, there should be a table with the following columns: Attribute, Old Value, Attempted Value and New Value that indicates the changes I've made.
    Instead, I get something like this:
    "Changes Old Values=Role A, Role B, Role C. New Values = Role A, Role B, Role C, Role D..."
    Since the desciprion is too long it usualy ends with "..." and does not show the complete information.
    All Successes and All Failures are marked in the Audit Configuration.
    What else am I missing? I am using IdM 8.1.
    Regards,
    R

    It seems that there is a default limit of 4000 characters worth of Attribute changes logged. If the attribute changed string is longer than 4000 chars long it is truncated.
    If you look at the create database tables script used when you set up he repository tables BEFORE installing IdM you will see that in the logs table definition there is a comment suggesting that if 4000 chars is not enough for attribute changes, you may use a CLOB to hold the data. (we use Oracle DB)
    In my opinion this isnt really publicised well enough.
    Furthermore, It also seems that you have to modifiy a setting maxLogAcctAttrChangesLength in the RepositoryConfiguration configuration object. Again not so well known.
    To be honest, I have not been brave enough to change this AFTER we have installed IdM and have used it for a period. I have no idea what consequences there may or may not be if a database table definition is changed... instinct tells me its not good.
    GF

  • Slaris 10 u6 auditing - pam_unix_cred: cannot set user audit Bad address

    When I switch on auditing (execute /etc/security/bsmconv command), after rebooting system I cannot login to the system. When I try to login I can see the followin message:
    pam_unix_cred: cannot set user audit Bad address
    I have not idea, what to do

    Thanks for this. Parent chmod o+x fixed it.

  • 'Created by' column in SM37 contains inactive users - audit issue?

    Hi,
    Most of the jobs in sm37 in our systems have been created by staff who had already left. So under the 'created by' column in SM37 we can see jobs running under users who have been locked/deleted. But it's only the 'created by' column. All the 'steps' run under a system user called 'BATCHUSER', that's why the jobs run fine.
    Is it a problem to have inactive users under the 'created by' column in SM37? Is it an audit issue? I've thought that as long as the steps run as a system user then it shouldn't be an audit issue but having discussing about it in my team.
    Any comments will be very welcome!
    Thank you
    Marcia

    Yes,
    This is purely depends on your org understandness, As in system there won't be any issue as long as the jobs run.
    In SAP there is no such way to change the owner (Created by) of background job, we only can change the step owner.
    If you feel that there will be an issue, my suggestion is to copy the jobs to BATCHUSER and delete all old jobs created by inactive users.
    Regards,
    Nick Loy

  • User audit trail in a SOA scenario

    Hi All,
    In a SOA scenario when using a composite application calling many webservices who on their turn call asynchronous jms calls to backend applications. How can you audit the user trail? So can you tell of all the backend transactions touched by this SOA scenario who was responsible of changing the data.
    To illustrate the issue:
    The typical SOA scenario, we have a web application running in a portal, the logged on portal user is accessing this web application. The web application is calling web services using the logged on user credentials. The webservices call an asynchronous message in a message oriented middleware solution using a service user. This asynchronous message triggers a bapi in R/3 using this service user. In the logging of the bapi call in R/3 the bapi is called by the service user and not the portal user id.
    Can somebody point me to articles regarding this topic or best practices?
    regards,
    Richard

    Thanks Abhishek,
    The first link was helpfull but actually underlines the problem that I have. The second link has no relevance to the problem.
    But if we zoom in on de first link: http://help.sap.com/saphelp_erp2004/helpdata/en/cb/b0ceb823984a62bf017a42179af99a/frameset.htm
    This is about the security on JMS service.
    So the question remains how do you deal with an audit trail if the user calling webservices is different than the service user calling the bapi.
    regards,
    Richard

  • Oracle User Audit Report

    Does anyone know how to get a report or sql code that will show all users responsibilities and access they have withing Oracle EBusiness suite
    Ebusiness R12 on a 10G database
    We have been asked by our Audit team for a full list of all users and there responsibilities and forms they have access to.
    Also being new to Oracle as a company they would like definitions for example receipts = enter and find a receipt. This I can see is unreasonable but we must be able to supply the below.
    They would like to see the ebusiness navigation front screen as you log in and click on a responsibility to show all forms and webpages in a report
    An example would be for myself
    Applications Diagnositics
    Diagnose
    View Reports
    Configure
    I can get the Applications Diagnostics through sql but can not get to the next level to show what is within the Applications Diagnostics for a user e.g.
    Diagnose
    View Reports
    Configure

    Hi;
    Please check below thread which could helps you
    - Monitor Application Users does not Display All Users Signed On [ID 1014948.6]
    - Monitor User Form Does Not Retrieve Records [ID 144742.1]
    - How do you audit an Oracle Applications' user? [ID 395849.1]
    - Auditing: How Do I Audit Responsibilities and Data? [ID 436316.1]
    Also see:
    Audit uSers
    Re: Audit users
    Regard
    Helios

  • Step by step procedure for implementing User auditing in Solaris 10

    we have no.of users who use either SSH terminals and Java Desktop Environment through Xbrowser through network.
    We would like to know what are all the files being accessed by logged in users and what are all the changes being done, if any....
    Earlier, we have enabled "script" command to get invoked automatically in ~/.bash_profile. At this stage, users are not able to get Java Desktop through xbrowser. Hence, dropped this option.
    Please suggest to get rid of this script problem or some better solution through Audit logging.
    Thanks in advance.

    In my experience, its very rare for people to write step-by-step lists here, this is a forum which is excellent for general questions and technical problems, but, since most people who answer posts here do it in their spare time, its rare with detailed instructions of things which is rather well documented in the manual..
    Having said that, the things you asks for is actually documented, have a look at:
    http://docs.sun.com/app/docs/doc/816-4557/audittm-1?l=en&q=audit&a=view
    .7/M.

  • BOXIR3.1- Users, Auditing DB statistics of Report Refresh,users login info

    Hi All,
    I need to create BOXI R 3.1 DeskI reports for the statistics related to the user login information,Scheduling Reports info,user properties and other statistics .
    Any suggestion to resolve this issue , It helps me greatly.
    Thanks in advance..
    mahesh

    Have you tried auditing?
    That way you can get information about different kinds of information. You can install the example reports with some useful reports (average of users logged in, and so on)
    For more information, read the BOE Administrator Guide 3.1 chapter 12.
    In BOE 3.1 you have to configure the connection to your database (create a new repository from the
    CMC), to install the auditing universe and you can install some example auditing reports.
    You can get the universe (if depends on the database you are using) and the example reports (webi) in this folder from the server:
    C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\Samples

  • User Audit and Security log

    Hello Experts,
    We are using an ECC 6.0 systems. My question is apart form SM19 is there any other t_code to trace the user action that is a more detail trace on user action.
    As you know SM19 settings will offer us the basic action of user that is what t_code or reports are being used by user. But I want to know what are they doing there that is they are trying to access some infortype in t_code like PA30 or they made in table definition change in SE16 like that.
    Please let me know about this.
    Thanks in advance.
    Regards,
    Partha

    Hi Partha,
    You can use the following TCodes also.
    1. STAD
    2. STAT
    STAD and STAT can also be navigated from ST03N. If you want to log a particular TCode (for e.g. PA30), then please follow the below steps:
    Go to ST03N -> Expert user mode -> Collector & Performance DB -> Workload collector -> Parameters.
    Enter the transaction codes for the transactions to be analyzed in detail in the Create transaction detail profiles for group box. Save your changes. (please read the message carefully in this screen).
    3. STATTRACE
    4. SM21
    If you are in SM21, then please select all the options in "Settings" radio button. After getting the display of Log screen, you can further analyze a message in more details by double clicking it.
    Still SM20 is really a good choice to view user actions.
    Please re-check (in SM19) that all the Audit Classes are selected for the current filter you are analyzing. Before reading the audit log make sure to include all Instances (telling this, just to be sure).
    Mark all in "Events" and "Statistic" tabs. Now display the data selecting the particular user and tcode.
    Hope this discussion may help you to some extent. Please let me know for any more query.
    Regards,
    Dipanjan

  • User audit enabled - Only log off

    Hai all,
    10.2.0.5 on solaris 10
    I enabled audit for a user as below
    audit username by access;
    When I query dba_audi_trail, I can see only actions (LOG_OFF) stored in the action_name column of dba_audit_trail.
    Any idea

    Are you talking about " audit session by username by access" ?? the statement you mentioned doesnt exist, and if you mean what i mentioned, try logging in with the username after you logout , you should see logon value in action_name column and action value should be 100, assuming its was also in 10g because i work on 11g. Also you should see logoff_time when you logout but null value when you login.
    Regards
    Karan

  • AD user Auditing

    We have been auditing what systems users have been logging into via SIEM reports on AD activity. These reports were working fine until we enabled more AD auditing with the below setting changes and from the link listed. The changes from the directions
    below and in the web site link gave us exactly what we wanted, almost. For some reason the user account auditing alerts have stopped. In the Default Domain Policy the settings for the Audit are set (see image below). But I do not see any Events in Event Viewer
    under Security for Account logon success or failure on the domain controllers. When I look at the Default Domain Controller Policy I see just the opposite (see 2nd image below). It seems to me that by enabling these other settings that these changes disabled
    the User Account Logon Auditing settings. Possible?
    My question is, should I enable the settings for Account Auditing under the Default Domain Controller Policy or is there something else that needs to be enabled or setting changes made?
    http://blogs.technet.com/b/askpfeplat/archive/2012/04/22/who-moved-the-ad-cheese.aspx
    Run GPMC.msc (url2open.com/gpmc) → Right-click “Default Domain Policy” and chose “Edit” → Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy:
    2.
    Return to the Security Settings level → Event Log:
    3.
    Run “gpupdate /force” command.
    4.
    Open ADSI Edit (url2open.com/adsi) → Right-click ADSI Edit → Connect to Default naming context → Right-click DomainDNS object with the name of your domain → Properties → Security (Tab) → Advanced (Button) → Auditing (Tab) → Add Principal “Everyone” → Type
    “Success” → Applies to “This object and Descendant objects” → Permissions → Select all check boxes by clicking on “Full Control”, except the following: Full Control, List Contents, Read all properties, Read permissions → Click “OK”.
    5.
    Open Event viewer and filter Security log to find event id’s (Windows Server 2003/2008-2012):
    Default Domain Policy
    Default Domain Controller Policy
    Leonard Hoffman

    It seems to me that by enabling these other settings that these changes disabled the User Account Logon Auditing settings. Possible?
    When you enable Advanced Audit policy, all existing Audit Policy settings are disabled. This is because Advanced Audit Policy is considered to replace the much older Audit Policy feature. Both types of Audit policy, are incompatible with each other and can
    cause problems.
    https://technet.microsoft.com/en-us/library/ff182311(WS.10).aspx#BKMK_3
    Don
    (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
    This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

  • Dbms_fga.add_policy with multiple user audit conditions

    how to add multiple user in audit_condition for dbms_fga.add_policy
    AUDIT_CONDITION => 'USER = ''test1, test2,test3 '' d'ont work

    Try something like : 'sys_context(''userenv'',''session_user'') in (''TEST1'',''TEST2'')'

Maybe you are looking for

  • PS CS5 The operation could not be completed. A file system I/O error has occurred

    Howdy... I'm using Photoshop CS5 and when I go to use a handful of filters such as Liquify or Lens Correction I am suddenly getting an error message saying: "The operation could not be completed. A file system I/O error has occurred" Doesn't matter i

  • Where is the ADHocWorkflowConnector at CE 7.11

    My System: Composition Environment 7.11 Hi, i try to send a notification based on this tutorial [Accessing UWL Notifications from Web Dynpro Using UWL API|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/802bfda2-8a85-2b10-9290-d67d

  • Dreamweaver two column left nav

    I am starting a new site. I am pretty familiar with web site construction and many css features. I have created a few pages using the sample css html pages supplied with dreamweaver. I selected a site named "two columns left nav". I checked it out pr

  • Datasources . problem with the new Source System

    Hi friends! The ECC client were copy and now I have a new source system for this. If I select source system / verify, the msg is: ok In can read some data from the new ECC (ie: exchange rates updated), but I can not read any records using the datasou

  • Stopping a Thread (no control on run method)

    Hi, How can we stop a Thread like in the following scenario. If we are in the aMethod() and the stopped variable is set to true by some other thread now how can we return from this run method and stop executing the aMethod(). Any tips are helpful. pu