Re: Track Audit Parameter Changes
- From: Barbara Baker <barb.baker@xxxxxxxxx>
- To: rlsmith@xxxxxxx
- Date: Fri, 17 Jun 2005 14:45:04 -0600
Well, I'm answering my own question.
(golly you guys are boring on a Friday afternoon)
You must add
audit system audit by access whenever successful;
So, Ron, hopefully your original question is now answered.
Barb
On 6/17/05, Barbara Baker <barb.baker@xxxxxxxxx> wrote:
> Version?
> Starting in version 9, setting audit_sys_operations to true will
> output the info to the audit_dest directory for SYS. (Hopefully user
> SYS is not being used unless critical. The SYS user does not seem to
> show up in the audit trail at all, so audit_sys_operations is the only
> way I know to capture this.)
>
> For users other than sys . . .
>
> Pete Finnigan's "Oracle Security Step-by-Step" says
> protect the audit trail with AUDIT ALL ON SYS$AUD$ BY ACCESS;
>
> I issued this AUDIT ALL audit command in my 9.2.0.4 database, and as
> user BARB (who was granted dba role) I tried
> selecting from the audit trail
> changing an audit parameter
>
> The select from this user shows up in the audit trail. The change
> does not. I find this very odd. I tried "audit trigger", and "audit
> delete on schema.table" as user BARB. I would assume that changing
> the audit parameter would be an update to the AUD$ table. But the
> audit trail does not show this update.
>
> > We have Oracle auditing turned on, but I am wondering how to track
> > changes made to the Audit Parameters. We want to know if someone makes
> > a change to the parameters.
> > Thanks!
> > Ron
> >
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
