RE: Oracle Audit aud$ vs Database Logon Trigger

• From: Don Granaman <DonGranaman@xxxxxxxxxxxxxxx>
• To: "smishra_97@xxxxxxxxx" <smishra_97@xxxxxxxxx>, oracle-l <oracle-l@xxxxxxxxxxxxx>
• Date: Fri, 19 Oct 2012 10:29:15 -0500

For a comparison of the performance impact and overhead of auditing to 
different AUDIT_TRAIL values and such see:
http://www.oracle.com/technetwork/database/audit-vault/learnmore/twp-security-auditperformance-166655.pdf
Unfortunately, AUDIT_SYSLOG_LEVEL is not covered.

For example, AUDIT_TRAIL=DB,EXTENDED is about 10x as expensive as 
AUDIT_TRAIL=OS and roughly twice as expensive as AUDIT_TRAIL=DB.  XML overhead 
is between DB and OS, but there are a number of notable bugs in XML auditing, 
primarily related to using V$XML_AUDIT_TRAIL or DBA_COMMON_AUDIT_TRAIL - in 10g 
and even the latest 11.2.0.3.4.  It is highly unlikely that logon triggers are 
as efficient as Oracle's internal auditing, but the idea proposed of using an 
"upsert" trigger to update the latest logon time for a user - or create a new 
record for the user if none exists - might prove the least offensive.

We DBAs tend to prefer auditing to the database since we are comfortable with 
SQL, but there is a cost.  XML could provide the best of both worlds - 
relatively low overhead and access to the audit trail via SQL*Plus, but be 
aware of the potential issues, particularly in 10g (for a "biggie", see DocID: 
755149.1.  It was an XML show-stopper for us.).  However, depending on version, 
XML might be more trouble than it is worth (periodically purging the audit 
files, rebuilding the 10g [only] index file, etc.).

However, if your auditing is limited to sessions - at a few hundred or a few 
thousand a day - then performance is likely not a determining factor.

Don Granaman | Phone: 402-361-3073 | Cell: 402-960-6955 | Fax: 402-361-3173 | 
Solutionary | Relevant . Intelligent . Security

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Sanjay Mishra
Sent: Wednesday, October 17, 2012 9:32 PM
To: oracle-l
Subject: Oracle Audit aud$ vs Database Logon Trigger

Hi

Can someone help as what is best approach in term system performance and best 
practices for auditing. Requirements is only to check what user has not logon 
to the database in x number of days and create a report on daily basis. 
Requirement is to report user who has not logon to the database in last 180 
days. So what is best practices like to use Audit command or Database Logon 
Trigger. Any help in providing any fact is highly appreciable

TIA
Sanjay


--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l

• References:
  • Oracle Audit aud$ vs Database Logon Trigger
    • From: Sanjay Mishra

Other related posts:

• » Oracle Audit aud$ vs Database Logon Trigger- Sanjay Mishra
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Michael Dinh
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Sanjay Mishra
• » RE: Oracle Audit aud$ vs Database Logon Trigger- Lange, Kevin G
• » RE: Oracle Audit aud$ vs Database Logon Trigger- Christopher.Taylor2
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Sanjay Mishra
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Sanjay Mishra
• » RE: Oracle Audit aud$ vs Database Logon Trigger- Walker, Jed S
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Michael Dinh
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Saibabu Devabhaktuni
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Sanjay Mishra
• » Re: Oracle Audit aud$ vs Database Logon Trigger- Sanjay Mishra
• » RE: Oracle Audit aud$ vs Database Logon Trigger - Don Granaman

1. Home
2. oracle-l
3. Archive
4. 10-2012

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---