Re: Oracle Auditing with SYSLOG
- From: Henry Poras <hrp@xxxxxxxxxx>
- To: andy@xxxxxxxxxxxxxxx
- Date: Wed, 6 Nov 2013 12:18:45 -0500
Also, I tend to use AUD$ SQL queries for purposes other than security. I
can get an idea of session connection times (between logon and logoff) for
different apps. Sometimes there is a code or network issue where sessions
logon and crash (no logoff). I can query for that. So the power of SQL is
missed when I lose DB auditing. Doubling up on syslog and db would be great.
Henry
On Wed, Nov 6, 2013 at 12:14 PM, Andy Klock <andy@xxxxxxxxxxxxxxx> wrote:
> On Wed, Nov 6, 2013 at 10:54 AM, David Robillard
> <david.robillard@xxxxxxxxx> wrote:
>
> > Maybe a word of advice : IMHO I don't like using OS as the audit
> > destination. I prefer to keep either DB or SYSLOG. If you use OS, you
> will
> > quickly fill up your file system with audit log files. Lots and lots of
> them
> > are generated rather fast. You then need OS level access to
> > compress/backup/delete them. And as you probably know, a file system is a
> > poor solution to handle lots of small files in the same directory. With
> DB,
> > you can stay within Oracle and manage them (i.e. purge the tables). But
> with
> > SYSLOG, you can then configure your syslog system to send them all to a
> > central syslog machine where you manage all your logs. Ideally not only
> your
> > Oracle audit logs, but every logs in your organization (i.e. networking
> > gear, storage systems, OS logs and application logs). Once on that
> central
> > syslog machine, you can beef up the disk space and have a dedicated log
> > management team and software solutions. One central place to rule them
> all
> > :)
>
>
> All great points. Thanks David.
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
Other related posts:
