User Auditing
Hi all
aix 6.1
Oracle 11.2.0.3
We have a very confidential application and database. The corporate auditor is requesting a daily report of who is logging (remote or local) in the database and which schema is used for the 24 hr range period. Is there a v$ view which capture the history of users logged in? like a machine-name or ip-address and the scheme connected.
There might be hackers remote or insiders that might be connecting to our sensitive system.
Thanks a lot,
zxy
yxes2013 wrote:
I thank you all,
So auditing is the only way to go? How about mining the listener.log? Do all connections in the database are being logged in
the listener.log? Even if I login locally using "sqlpus system/manager" or "sqlplus / as sysdba"?
Thanks a lot
if application is 3-tier, then ONLY application can provide end user IP#
>Even if I login locally using "sqlpus system/manager" or "sqlplus / as sysdba"?
above requires OS access to the DB Server.
ONLY the DBA should be able to log onto the DB Server system directly.
no end user should ever get close to access OS command line on the DB Server system
Similar Messages
-
Hi Expert,
I want to download SAP user audit report through USMM.
but whenever i run USMM and click on system measurement its goes on background job.
I need this report in PDF format. plz helpHi Kumar
1. Once you’re all system measurement are getting over collect those data in to one system.
Refer the PPT 's which provided the steps
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0CC8QFjAD&url=https%3A%2F%2Fsupport.s…
2 Transaction code LAW perform a consolidation of user records and then send the information to SAP direct or email
SAP Library - License Administration Workbench
BR
SS -
How to show User Auditing data in dashboard/reports in MS CRM 2013 online?
HI,
I am having requirement to show user auditing details like user last logged in date/ session spent time in MS CRM 2013 online.
I did not found any option to query user Auditing data.
I found the Audit summary View but don't know how to use it.
Could any one suggest me how to achieve this.
Thanks
Baji RahamanPlease try this
Public Function Decompress(ByVal arr As Byte()) As Byte()
Dim s As Byte()
Dim notCompressed As Boolean
notCompressed = False
Dim MS As System.IO.MemoryStream
MS = New System.IO.MemoryStream()
MS.Write(arr, 0, arr.Length)
MS.Position = 0
Dim stream As System.IO.Compression.GZipStream
stream = New System.IO.Compression.GZipStream(MS, System.IO.Compression.CompressionMode.Decompress)
Dim temp As System.IO.MemoryStream
temp = New System.IO.MemoryStream()
Dim buffer As Byte() = New Byte(4096) {}
While (True)
Try
Dim read As Integer
read = stream.Read(buffer, 0, buffer.Length)
If (read <= 0) Then
Exit While
Else
temp.Write(buffer, 0, buffer.Length)
End If
Catch ex As Exception
notCompressed = True
Exit While
End Try
End While
If (notCompressed = True) Then
stream.Close()
Return temp.ToArray()
Else
Return temp.ToArray()
End If
End Function
Thanks & Regards Manoj -
User Audit Trail for a custom table.
Hello all. I need to know the correct and accurate way to user audit for a custom table. To elaborate further, I have a table catering to sanctioned strength of employees in a particular Cost Center, the entries have been deleted all together by someone, and I need to know the way to recover the data and to identify the user in question. Note, I have used STAT and have foundno results, and standard user audit trail are turned off.
Any help or push in the right direction would be highly appreciated.
P.S: any additional technical details on the table structure can be provided for further analysis if needed.Try to add your custom table and table fields in the below views
V_T585A
V_T585B
V_T585C
After doing this your custom table changes gets stored in the pcl4 document . If the custom table is master data table then from the standard Audit trail report you can see the logged changes in custom table also by providing the custom infotype number.
if its is custom customizing table , need to explore -
User Audit Report not showing all details
Hello,
I've encoutered a strange problem with the users audit reports.
After I assign a user with a few new roles I expect to get the following information in Audit Event Details:
In the "Changes" area, there should be a table with the following columns: Attribute, Old Value, Attempted Value and New Value that indicates the changes I've made.
Instead, I get something like this:
"Changes Old Values=Role A, Role B, Role C. New Values = Role A, Role B, Role C, Role D..."
Since the desciprion is too long it usualy ends with "..." and does not show the complete information.
All Successes and All Failures are marked in the Audit Configuration.
What else am I missing? I am using IdM 8.1.
Regards,
RIt seems that there is a default limit of 4000 characters worth of Attribute changes logged. If the attribute changed string is longer than 4000 chars long it is truncated.
If you look at the create database tables script used when you set up he repository tables BEFORE installing IdM you will see that in the logs table definition there is a comment suggesting that if 4000 chars is not enough for attribute changes, you may use a CLOB to hold the data. (we use Oracle DB)
In my opinion this isnt really publicised well enough.
Furthermore, It also seems that you have to modifiy a setting maxLogAcctAttrChangesLength in the RepositoryConfiguration configuration object. Again not so well known.
To be honest, I have not been brave enough to change this AFTER we have installed IdM and have used it for a period. I have no idea what consequences there may or may not be if a database table definition is changed... instinct tells me its not good.
GF -
Slaris 10 u6 auditing - pam_unix_cred: cannot set user audit Bad address
When I switch on auditing (execute /etc/security/bsmconv command), after rebooting system I cannot login to the system. When I try to login I can see the followin message:
pam_unix_cred: cannot set user audit Bad address
I have not idea, what to doThanks for this. Parent chmod o+x fixed it.
-
'Created by' column in SM37 contains inactive users - audit issue?
Hi,
Most of the jobs in sm37 in our systems have been created by staff who had already left. So under the 'created by' column in SM37 we can see jobs running under users who have been locked/deleted. But it's only the 'created by' column. All the 'steps' run under a system user called 'BATCHUSER', that's why the jobs run fine.
Is it a problem to have inactive users under the 'created by' column in SM37? Is it an audit issue? I've thought that as long as the steps run as a system user then it shouldn't be an audit issue but having discussing about it in my team.
Any comments will be very welcome!
Thank you
MarciaYes,
This is purely depends on your org understandness, As in system there won't be any issue as long as the jobs run.
In SAP there is no such way to change the owner (Created by) of background job, we only can change the step owner.
If you feel that there will be an issue, my suggestion is to copy the jobs to BATCHUSER and delete all old jobs created by inactive users.
Regards,
Nick Loy -
User audit trail in a SOA scenario
Hi All,
In a SOA scenario when using a composite application calling many webservices who on their turn call asynchronous jms calls to backend applications. How can you audit the user trail? So can you tell of all the backend transactions touched by this SOA scenario who was responsible of changing the data.
To illustrate the issue:
The typical SOA scenario, we have a web application running in a portal, the logged on portal user is accessing this web application. The web application is calling web services using the logged on user credentials. The webservices call an asynchronous message in a message oriented middleware solution using a service user. This asynchronous message triggers a bapi in R/3 using this service user. In the logging of the bapi call in R/3 the bapi is called by the service user and not the portal user id.
Can somebody point me to articles regarding this topic or best practices?
regards,
RichardThanks Abhishek,
The first link was helpfull but actually underlines the problem that I have. The second link has no relevance to the problem.
But if we zoom in on de first link: http://help.sap.com/saphelp_erp2004/helpdata/en/cb/b0ceb823984a62bf017a42179af99a/frameset.htm
This is about the security on JMS service.
So the question remains how do you deal with an audit trail if the user calling webservices is different than the service user calling the bapi.
regards,
Richard -
Does anyone know how to get a report or sql code that will show all users responsibilities and access they have withing Oracle EBusiness suite
Ebusiness R12 on a 10G database
We have been asked by our Audit team for a full list of all users and there responsibilities and forms they have access to.
Also being new to Oracle as a company they would like definitions for example receipts = enter and find a receipt. This I can see is unreasonable but we must be able to supply the below.
They would like to see the ebusiness navigation front screen as you log in and click on a responsibility to show all forms and webpages in a report
An example would be for myself
Applications Diagnositics
Diagnose
View Reports
Configure
I can get the Applications Diagnostics through sql but can not get to the next level to show what is within the Applications Diagnostics for a user e.g.
Diagnose
View Reports
ConfigureHi;
Please check below thread which could helps you
- Monitor Application Users does not Display All Users Signed On [ID 1014948.6]
- Monitor User Form Does Not Retrieve Records [ID 144742.1]
- How do you audit an Oracle Applications' user? [ID 395849.1]
- Auditing: How Do I Audit Responsibilities and Data? [ID 436316.1]
Also see:
Audit uSers
Re: Audit users
Regard
Helios -
Step by step procedure for implementing User auditing in Solaris 10
we have no.of users who use either SSH terminals and Java Desktop Environment through Xbrowser through network.
We would like to know what are all the files being accessed by logged in users and what are all the changes being done, if any....
Earlier, we have enabled "script" command to get invoked automatically in ~/.bash_profile. At this stage, users are not able to get Java Desktop through xbrowser. Hence, dropped this option.
Please suggest to get rid of this script problem or some better solution through Audit logging.
Thanks in advance.In my experience, its very rare for people to write step-by-step lists here, this is a forum which is excellent for general questions and technical problems, but, since most people who answer posts here do it in their spare time, its rare with detailed instructions of things which is rather well documented in the manual..
Having said that, the things you asks for is actually documented, have a look at:
http://docs.sun.com/app/docs/doc/816-4557/audittm-1?l=en&q=audit&a=view
.7/M. -
BOXIR3.1- Users, Auditing DB statistics of Report Refresh,users login info
Hi All,
I need to create BOXI R 3.1 DeskI reports for the statistics related to the user login information,Scheduling Reports info,user properties and other statistics .
Any suggestion to resolve this issue , It helps me greatly.
Thanks in advance..
maheshHave you tried auditing?
That way you can get information about different kinds of information. You can install the example reports with some useful reports (average of users logged in, and so on)
For more information, read the BOE Administrator Guide 3.1 chapter 12.
In BOE 3.1 you have to configure the connection to your database (create a new repository from the
CMC), to install the auditing universe and you can install some example auditing reports.
You can get the universe (if depends on the database you are using) and the example reports (webi) in this folder from the server:
C:\Program Files\Business Objects\BusinessObjects Enterprise 12.0\Samples -
Hello Experts,
We are using an ECC 6.0 systems. My question is apart form SM19 is there any other t_code to trace the user action that is a more detail trace on user action.
As you know SM19 settings will offer us the basic action of user that is what t_code or reports are being used by user. But I want to know what are they doing there that is they are trying to access some infortype in t_code like PA30 or they made in table definition change in SE16 like that.
Please let me know about this.
Thanks in advance.
Regards,
ParthaHi Partha,
You can use the following TCodes also.
1. STAD
2. STAT
STAD and STAT can also be navigated from ST03N. If you want to log a particular TCode (for e.g. PA30), then please follow the below steps:
Go to ST03N -> Expert user mode -> Collector & Performance DB -> Workload collector -> Parameters.
Enter the transaction codes for the transactions to be analyzed in detail in the Create transaction detail profiles for group box. Save your changes. (please read the message carefully in this screen).
3. STATTRACE
4. SM21
If you are in SM21, then please select all the options in "Settings" radio button. After getting the display of Log screen, you can further analyze a message in more details by double clicking it.
Still SM20 is really a good choice to view user actions.
Please re-check (in SM19) that all the Audit Classes are selected for the current filter you are analyzing. Before reading the audit log make sure to include all Instances (telling this, just to be sure).
Mark all in "Events" and "Statistic" tabs. Now display the data selecting the particular user and tcode.
Hope this discussion may help you to some extent. Please let me know for any more query.
Regards,
Dipanjan -
User audit enabled - Only log off
Hai all,
10.2.0.5 on solaris 10
I enabled audit for a user as below
audit username by access;
When I query dba_audi_trail, I can see only actions (LOG_OFF) stored in the action_name column of dba_audit_trail.
Any ideaAre you talking about " audit session by username by access" ?? the statement you mentioned doesnt exist, and if you mean what i mentioned, try logging in with the username after you logout , you should see logon value in action_name column and action value should be 100, assuming its was also in 10g because i work on 11g. Also you should see logoff_time when you logout but null value when you login.
Regards
Karan -
We have been auditing what systems users have been logging into via SIEM reports on AD activity. These reports were working fine until we enabled more AD auditing with the below setting changes and from the link listed. The changes from the directions
below and in the web site link gave us exactly what we wanted, almost. For some reason the user account auditing alerts have stopped. In the Default Domain Policy the settings for the Audit are set (see image below). But I do not see any Events in Event Viewer
under Security for Account logon success or failure on the domain controllers. When I look at the Default Domain Controller Policy I see just the opposite (see 2nd image below). It seems to me that by enabling these other settings that these changes disabled
the User Account Logon Auditing settings. Possible?
My question is, should I enable the settings for Account Auditing under the Default Domain Controller Policy or is there something else that needs to be enabled or setting changes made?
http://blogs.technet.com/b/askpfeplat/archive/2012/04/22/who-moved-the-ad-cheese.aspx
Run GPMC.msc (url2open.com/gpmc) → Right-click “Default Domain Policy” and chose “Edit” → Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy:
2.
Return to the Security Settings level → Event Log:
3.
Run “gpupdate /force” command.
4.
Open ADSI Edit (url2open.com/adsi) → Right-click ADSI Edit → Connect to Default naming context → Right-click DomainDNS object with the name of your domain → Properties → Security (Tab) → Advanced (Button) → Auditing (Tab) → Add Principal “Everyone” → Type
“Success” → Applies to “This object and Descendant objects” → Permissions → Select all check boxes by clicking on “Full Control”, except the following: Full Control, List Contents, Read all properties, Read permissions → Click “OK”.
5.
Open Event viewer and filter Security log to find event id’s (Windows Server 2003/2008-2012):
Default Domain Policy
Default Domain Controller Policy
Leonard HoffmanIt seems to me that by enabling these other settings that these changes disabled the User Account Logon Auditing settings. Possible?
When you enable Advanced Audit policy, all existing Audit Policy settings are disabled. This is because Advanced Audit Policy is considered to replace the much older Audit Policy feature. Both types of Audit policy, are incompatible with each other and can
cause problems.
https://technet.microsoft.com/en-us/library/ff182311(WS.10).aspx#BKMK_3
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Dbms_fga.add_policy with multiple user audit conditions
how to add multiple user in audit_condition for dbms_fga.add_policy
AUDIT_CONDITION => 'USER = ''test1, test2,test3 '' d'ont workTry something like : 'sys_context(''userenv'',''session_user'') in (''TEST1'',''TEST2'')'
Maybe you are looking for
-
PS CS5 The operation could not be completed. A file system I/O error has occurred
Howdy... I'm using Photoshop CS5 and when I go to use a handful of filters such as Liquify or Lens Correction I am suddenly getting an error message saying: "The operation could not be completed. A file system I/O error has occurred" Doesn't matter i
-
Where is the ADHocWorkflowConnector at CE 7.11
My System: Composition Environment 7.11 Hi, i try to send a notification based on this tutorial [Accessing UWL Notifications from Web Dynpro Using UWL API|http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/802bfda2-8a85-2b10-9290-d67d
-
Dreamweaver two column left nav
I am starting a new site. I am pretty familiar with web site construction and many css features. I have created a few pages using the sample css html pages supplied with dreamweaver. I selected a site named "two columns left nav". I checked it out pr
-
Datasources . problem with the new Source System
Hi friends! The ECC client were copy and now I have a new source system for this. If I select source system / verify, the msg is: ok In can read some data from the new ECC (ie: exchange rates updated), but I can not read any records using the datasou
-
Stopping a Thread (no control on run method)
Hi, How can we stop a Thread like in the following scenario. If we are in the aMethod() and the stopped variable is set to true by some other thread now how can we return from this run method and stop executing the aMethod(). Any tips are helpful. pu