Since you brought it up, I have considered trying to use some external software to track the sysdba audit logs. This could be done with standard object auditing as well, just set audit_trail=db. No one has ever asked me to do this, so I have not attempted this. Anyone here done auditing this way? On Thu, Jun 26, 2008 at 4:40 PM, Lyndon Tiu <ltiu@xxxxxxxxxxxxx> wrote: > In the OS world, you would log to a syslog running on a different machine. > This separate machine is supposedly harder to break into and alter the logs. > > In the network world, you would monitor network traffic using a sniffer, a > machine connected to the network hub (not a switch) without an ip address. > The hub would relay all network traffic to this one sniffer box. But since > the sniffer box does not have an ip address, it is harder (not impossible) > to find and get to. > > I wonder if there are such features in the DB world? > > One way would be to store redo logs on a separate hardened machine. This > way, all transactions are kept and auditable. > > Also, have Oracle log to it's *.log and *.trc files on a separate machine. > > Any other suggestions? > > > -- > Lyndon Tiu > -- > //www.freelists.org/webpage/oracle-l > > > -- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist