Build vs buy.
a.k.a.
"Spend money surreptitiously" vs "spend money openly".
On 8/11/17 15:15, Sandra Becker wrote:
I left out the part where he doesn't want to spend any money. I'll take a look at the product anyway. We may be able to leverage it for some other troubleshooting activities.
Thanks,
Sandy
On Fri, Aug 11, 2017 at 2:54 PM, Martin Berger <martin.a.berger@xxxxxxxxx <mailto:martin.a.berger@xxxxxxxxx>> wrote:
Oracle has a Product called
Oracle Database Firewall.
I never tested it, but it promises all your manager asks for.
https://www.oracle.com/database/security/audit-vault-database-firewall/index.html
<https://www.oracle.com/database/security/audit-vault-database-firewall/index.html>
As always, if it sounds promising, make your lawyer talk to oracle
sales ....
^∆x
On 11 Aug 2017 22:44, "Sandra Becker" <sbecker6925@xxxxxxxxx
<mailto:sbecker6925@xxxxxxxxx>> wrote:
We need to produce a "log" of sql statements--along with the
user, IP (or host) they are coming from, and the sql
statement--for another team to analyze. My manager does not
want to user auditing because of the uncertainty of the load
on this critical database. He suggested doing a SPAM port
capture. I opened a ticket with our SAs and they wanted to
know what ports. I gave them the listener ports. The SA ran
a tcpdump (said it was verbose), but it didn't give any
information on users, app servers, or sql statements. I
really don't know what I'm doing here, just passing
information between my manager and SAs. So, questions:
1. Will tcpdump give me what my manager is asking for? If
yes, what are the options the SA should use?0
2. Is there a better way to retrieve this information without
using database auditing?
Any assistance you can provide will be greatly appreciated.
-- Sandy B.
--
Sandy B.