Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> LogMiner and Auditing

LogMiner and Auditing

From: <jkstill_at_cybcon.com>
Date: Wed, 14 Feb 2001 14:38:31 -0800
Message-ID: <F001.002B48BF.20010214131023@fatcity.com> 







FYI: Resent with a different subject






I've seen a few posts on the list lately suggesting the use
of LogMiner as an auditing tool.



I have serious doubts about it's use in this capacity. Imagine
the following scenario.



Duhveloper:  'We just discovered that someone dropped a critical

             table in our system.  We think some unauthorized
             person has access to one of our production accounts!
             We need to find out who this was!'





( duhvelopers always speak with exclamation points )




DBA:  'Is this the same database that was installed by the

       vendor with default passwords?  The same database that
       I'm not allowed to change the default passwords on?'





Duhveloper: 'Uh, yeah, right.'


( Well, maybe not always )




DBA:  'OK, I may not be able to tell you who did it, but I


       can pinpoint when it happened with LogMiner.'



Duhveloper: 'Great!  How soon we get an answer!'



DBA:  'That depends on how closely you can narrow down the

       window I have to look in.  Approximately when did
       happen?'

Duhveloper:  'Well, we didn't find out til this morning.  The
              last time anyone can recall looking at the table
              was 10 days ago.'

DBA:  'This system generates a 500m log file 3 times an hour,
       24x7.  That means that a worst case scenario is I
       process 720 Archive log files, many of which are on
       tape, so I must bring those back 20 files at a time, as
       the largest disk space I can spare is 10 gig.  Working
       fulltime I may be able to give you that answer in 30 days.'

Duhveloper:  'Oh.  Well maybe we don't need it that bad. I know
              what we can do!  Why don't you change the default
              system passwords on that database.  I don't know
              why you didn't do it as soon as the vendor left!'





( Duhveloper skulks away when DBA's face turns a lovely shade

  of crimson and appears to be on the verge of burying Pompeii
  in an ash flow. )




Seriously, has anyone successfully used LogMiner for auditing
in a production database.



Joe, your input here would be appreciated.



Jared




-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: 
  INET: jkstill_at_cybcon.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Wed Feb 14 2001 - 16:38:31 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US