Re: Trap SQL statements in network traffic instead of database

  • From: Tim Gorman <tim.evdbt@xxxxxxxxx>
  • To: sbecker6925@xxxxxxxxx, Martin Berger <martin.a.berger@xxxxxxxxx>, oracle-l <oracle-l@xxxxxxxxxxxxx>
  • Date: Fri, 11 Aug 2017 15:41:43 -0600

Build vs buy.

a.k.a.

"Spend money surreptitiously" vs "spend money openly".



On 8/11/17 15:15, Sandra Becker wrote:

I left out the part where he doesn't want to spend any money. I'll take a look at the product anyway. We may be able to leverage it for some other troubleshooting activities.

Thanks,

Sandy

On Fri, Aug 11, 2017 at 2:54 PM, Martin Berger <martin.a.berger@xxxxxxxxx <mailto:martin.a.berger@xxxxxxxxx>> wrote:

    Oracle has a Product called
    Oracle Database Firewall.
    I never tested it, but it promises all your manager asks for.
    
https://www.oracle.com/database/security/audit-vault-database-firewall/index.html
    
<https://www.oracle.com/database/security/audit-vault-database-firewall/index.html>
    As always, if it sounds promising, make your lawyer talk to oracle
    sales ....

    ^∆x

    On 11 Aug 2017 22:44, "Sandra Becker" <sbecker6925@xxxxxxxxx
    <mailto:sbecker6925@xxxxxxxxx>> wrote:

        We need to produce a "log" of sql statements--along with the
        user, IP (or host) they are coming from, and the sql
        statement--for another team to analyze. My manager does not
        want to user auditing because of the uncertainty of the load
        on this critical database.  He suggested doing a SPAM port
        capture.  I opened a ticket with our SAs and they wanted to
        know what ports.  I gave them the listener ports.  The SA ran
        a tcpdump (said it was verbose), but it didn't give any
        information on users, app servers, or sql statements.  I
        really don't know what I'm doing here, just passing
        information between my manager and SAs.  So, questions:

        1.  Will tcpdump give me what my manager is asking for?  If
        yes, what are the options the SA should use?0
        2.  Is there a better way to retrieve this information without
        using database auditing?

        Any assistance you can provide will be greatly appreciated.

-- Sandy B.




--
Sandy B.


Other related posts: