Re: Auditing statements
- From: Morten Egan <oracle@xxxxxxxxxx>
- To: pdba1966@xxxxxxxxxxx
- Date: Thu, 4 Aug 2011 09:57:58 +0200
Logging of create, drop, grant statements can de done using ddl triggers.
For a lot of good examples look here:
http://psoug.org/reference/ddl_trigger.html
For start and stop of the database and logging of errors use a system event
triggers: http://psoug.org/reference/system_trigger.html
Then all you need is a procedure that will write the information either to a
table (maybe use fine grained auditing on that table) or to a file in a
secure location. Lots of examples on the great wide internet on how to do
that, but write me, if you get stuck.
2011/8/3 P D <pdba1966@xxxxxxxxxxx>
> We have been asked by our security division to run these specific
> statements on a database for auditing purposes. They don’t work. These
> are 11.1.0.7 databases on Standard Edition. Are there some other
> broad-based generic commands that can be run that will capture the purpose
> of what is listed here? If they want it to capture information from
> every user in the database, wouldn’t we have to also explicitly state each
> user name, otherwise all we are really auditing is actions by the sys user
> since that is where the command is being run from?
>
>
>
> Audit drop unused schemas
>
> Audit trap autonomous transactions
>
> Audit any create statement
>
> Audit any drop statement
>
> Audit insert failures
>
> Audit grant any object
>
> Audit database start or stop
>
> **** **
>
> ** **
>
>
--
Regards,
Morten Egan
http://www.dbping.com
Other related posts:
