RE: setting of audit_trail initialization parameter

  • From: Don Granaman <DonGranaman@xxxxxxxxxxxxxxx>
  • To: John Hallas <John.Hallas@xxxxxxxxxxxxxxxxxx>, "hemantkchitale@xxxxxxxxx" <hemantkchitale@xxxxxxxxx>, "JBECKSTROM@xxxxxxxxx" <JBECKSTROM@xxxxxxxxx>
  • Date: Tue, 28 May 2013 13:56:48 -0500

In the initial post, you said: "We set it to DB, EXTENDED as we need to get the 
DBID in the syslog file".
Perhaps you meant "the OS audit file" instead of "the syslog file"?

Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955  | Solutionary - Relevant 
| Intelligent | Security


-----Original Message-----
From: John Hallas [mailto:John.Hallas@xxxxxxxxxxxxxxxxxx] 
Sent: Tuesday, May 28, 2013 9:17 AM
To: Don Granaman; hemantkchitale@xxxxxxxxx; JBECKSTROM@xxxxxxxxx
Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter

Not sure what you mean Don. 
One correction to my original post - the extended option also provides details 
of what the 'alter system' command actually did, whereas without it all the 
trail file (or syslog file to be precise)  shows is that somebody ran an 'alter 
system command'

Show parameter audit

audit_file_dest                      string      /app/oracle/admin/SID/adump
audit_sys_operations                 boolean     TRUE
audit_syslog_level                   string      LOCAL0.INFO
audit_trail                          string      DB, EXTENDED

cat /etc/syslog.conf 

# @(#)B.11.31_LR
#
# syslogd configuration file.
#
# See syslogd(1M) for information about the format of this file.
#
mail.debug              /var/adm/syslog/mail.log
local0.info             @xx.x.xxx.xx
*.info;mail.none;local0.none    /var/adm/syslog/syslog.log
*.alert                 /dev/console
*.alert                 root
*.emerg   



              *
-----Original Message-----
From: Don Granaman [mailto:DonGranaman@xxxxxxxxxxxxxxx]
Sent: 28 May 2013 15:14
To: John Hallas; hemantkchitale@xxxxxxxxx; JBECKSTROM@xxxxxxxxx
Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter

You must have a custom process to insert DB audit records into syslog, as it is 
not a native option.

Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955  | Solutionary - Relevant 
| Intelligent | Security

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of John Hallas
Sent: Monday, May 27, 2013 2:10 AM
To: hemantkchitale@xxxxxxxxx; JBECKSTROM@xxxxxxxxx
Cc: oracle-l-freelist
Subject: RE: setting of audit_trail initialization parameter

We set it to DB, EXTENDED as we need to get the DBID in the syslog file. The 
file is sent to am external company for them to manage and filter on anything 
untoward. We provide a mapping of DBID to database name so they can report back 
to us.

John
www.jhdba.wordpress.com

______________________________________________________________________
Wm Morrison Supermarkets Plc is registered in England with number 358949. The 
registered office of the company is situated at Gain Lane, Bradford, West 
Yorkshire BD3 7DL. This email and any attachments are intended for the 
addressee(s) only and may be confidential. 

If you are not the intended recipient, please inform the sender by replying to 
the email that you have received in error and then destroy the email. 
If you are not the intended recipient, you must not use, disclose, copy or rely 
on the email or its attachments in any way. 

This email does not constitute a contract in writing for the purposes of the 
Law of Property (Miscellaneous Provisions) Act 1989.

Our Standard Terms and Conditions of Purchase, as may be amended from time to 
time, apply to any contract that we enter into. The current version of our 
Standard Terms and Conditions of Purchase is available at: 
http://www.morrisons.co.uk/gscop

Although we have taken steps to ensure the email and its attachments are 
virus-free, we cannot guarantee this or accept any responsibility, and it is 
the responsibility of recipients to carry out their own virus checks. 
______________________________________________________________________
--
//www.freelists.org/webpage/oracle-l


Other related posts: