The first question that comes to mind is: what is the purpose of the
audit? There are a large number of purposes, and the best approach to
auditing really depends on the scope and duration of the audit.
I encourage you to work through the Oracle provided docs, especially the
Oracle Security Guide. For 11gR2, use
http://docs.oracle.com/cd/E11882_01/network.112/e36292/auditing.htm#DBSEG006
I also encourage jumping on the Oracle Enterprise Manager Cloud Control
bandwagon and using the built-in Compliance tools, which are basically
an ongoing 'configuration and security' based on best practices. See
the 'Compliance Standards' document hidden in the Reference section of
the Enterprise Manager Cloud Control docs at http://docs.oracle.com
(Why they make this so complicated to find, I'll never understand!)
If your concern is Security, then consider reviewing the white papers at
http://petefinningan.com or http://red-database-security.com
And I have been pleasantly surprised by the 'Best Practice' PDF
presentations by various consultancies as found by Googling "Best
Practices Audit Oracle Database"
HTH/
Hans
The opinions expressed are my own and do not necessarily reflect the
opinions of Oracle Corp.
On 15/09/2015 10:44 AM, carlos castro wrote:
Hello List,
Can anyone point me in the right direction on how should i audit an
Oracle Database.
I will audit all the tiers and being the database one of those tiers i
am here looking for some help on the Db side
.
Is there a list of things i need to check?
Or is a security and performance troubleshooting enough?
Regards,
Arestas
--
//www.freelists.org/webpage/oracle-l
