Hello folks
a client wants to tighten their auditing setup, and they need to log all events in central syslog server. This is no problem using the regular oracle database auditing.
However, applying the same to auditing policy for SYS seems not so trivial. As Oracle provides no means of setting audit_sys_operations=syslog or the like, but merely writing it into files located in audit_file_dest, I need some mechanism to re-route these messages to the syslog service so they can be forwarded to the core syslog server.
This poses several issues:
- The OS is AIX, Filesystem is UFS - and I'm unaware of any filesystem-triggers that could handle such a job using OS supported functionality - Running a background process that constantly monitors the directory - could easily be killed - Protecting it via a cronjob still leaves a window open where the files can be tampered with - And it all seems like a hack, not like an elegant solution
Has anybody got any experience with these kinda situations ?
Appreciate any kind of feedback
Regards