RE: setting of audit_trail initialization parameter

  • From: Don Granaman <DonGranaman@xxxxxxxxxxxxxxx>
  • To: "JBECKSTROM@xxxxxxxxx" <JBECKSTROM@xxxxxxxxx>, oracle-l-freelist <oracle-l@xxxxxxxxxxxxx>
  • Date: Tue, 21 May 2013 13:29:17 -0500

Each has significant advantages and disadvantages.  I have worked extensively 
with all of them since 8i (or whenever they became available) as we have some 
clients that insist on one or another.  A few highlights...

OS: Contains the least information, rather more difficult to parse and report 
on, easy to secure with syslog, possible to secure otherwise (group ownership 
of AUDIT_FILE_DEST is not the OSDBA group and DBAs do not routinely log in as 
the software owner), least performance impact, etc.

DB: More complete information, easy to report on and "parse", most difficult to 
secure the audit trail, highest performance penalty, ...

XML: More complete information, same security issues as OS files, many serious 
and sometimes crippling bugs (in 10g especially it is nearly unusable), 
performance impact similar to but slightly larger than with OS files, ...

OS+syslog is preferred in many situations- primarily since it has inherent 
protection for the audit trail.

Don Granaman | Ph: 402-361-3073 | Cell: 402-960-6955  | Solutionary - Relevant 
| Intelligent | Security

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jeffrey Beckstrom
Sent: Tuesday, May 21, 2013 8:09 AM
To: oracle-l-freelist
Subject: setting of audit_trail initialization parameter

I know what the docs say but what do people really set this to;  DB, OS or XML 
and why?
Jeffrey Beckstrom
Database Administrator
Greater Cleveland Regional Transit Authority Information Systems
1240 W. 6th Street
Cleveland, Ohio 44113



Other related posts: