RE: audit_sys_operations apparently not working
- From: "Andre van Winssen" <dreveewee@xxxxxxxxx>
- To: <pete@xxxxxxxxxxxxxxxx>, <jkstill@xxxxxxxxx>
- Date: Thu, 19 Mar 2009 10:09:31 +0100
I do not agree to that as for windows. Oracle should write to the log most
suitable for the platform it's running on and on windows that's the event
log. There are lots of windows event log collection tools available. When
these are being used it's very difficult to wipe out audit trails.
Does anyone have practical experience with the SYSLOG facility, eg on linux
or AIX ?
Rgds,
Andre
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Pete Finnigan
Sent: donderdag 19 maart 2009 9:47
To: jkstill@xxxxxxxxx
Cc: Oracle-L Freelists
Subject: Re: audit_sys_operations apparently not working
It goes to the event viewer Jared, this is an area I would like to see some
consistency from Oracle. I think it should go to audit_file_dest on all
o/s's.
cheers
Pete
Jared Still wrote:
> Platform: Windows 23k Server SP2 64bit
> Oracle: 10.2.0.4 EE
>
> I have two databases for which both audit_file_dest and
> audit_sys_operations are set.
>
>
> NAME VALUE
> VAL? MOD? MOD?
> -------------------------
> --------------------------------------------------
> ---- ---- ----
> audit_file_dest D:\ORACLE\ORCL\102\RDBMS\AUDIT
> Y N D
> audit_sys_operations TRUE
> N N N
> audit_trail DB
> N N N
>
> 3 rows selected.
>
>
> Yet I don't find any audit files in audit_file_dest.
>
> Obvious possible problems:
> permissions - Local System user runs the Oracle service, and has
> full control of the directory
> full file system - it is not full, 40G free
>
> Even without audit_sys_operations=true, audit logs showing logons by
> SYS/SYSDBA should appear in the audit_file_dest directory.
>
> Checking a linux 10.2.0.4 database, I find that it works as expected.
>
> Before OYASR (Opening Yet Another Service Request) I thought it would
> be a good idea to ask here first. For low priority issues, Oracle-L
> is usually faster. :)
>
> So, is there something I am missing, or is it just broke on Windows?
>
> I did search MetaLink^H^H^H^H^H^H^H^HMy Oracle Support, but didn't
> find anything useful.
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
--
Pete Finnigan
Director
PeteFinnigan.com Limited
Specialists in database security.
If you need help to audit or secure an Oracle database, please ask for
details of our courses and consulting services
Phone: +44 (0)1904 791188
Fax : +44 (0)1904 791188
Mob : +44 (0)7742 114223
email: pete@xxxxxxxxxxxxxxxx
site : http://www.petefinnigan.com
Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
Company No : 4664901
VAT No. : 940 6681 14
Please note that this email communication is intended only for the addressee
and may contain confidential or privileged information. The contents of this
email may be circulated internally within your organisation only and may not
be communicated to third parties without the prior written permission of
PeteFinnigan.com Limited. This email is not intended nor should it be taken
to create any legal relations, contractual or otherwise.
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
