Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: LogMiner and Auditing

Re: LogMiner and Auditing

From: Rachel Carmichael <carmichr_at_hotmail.com>
Date: Wed, 14 Feb 2001 17:50:41 -0800
Message-ID: <F001.002B4B72.20010214171025@fatcity.com>

Jared... thank you, the grin was much appreciated

Rachel

>From: jkstill_at_cybcon.com
>Reply-To: ORACLE-L_at_fatcity.com
>To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com>
>Subject: LogMiner and Auditing
>Date: Wed, 14 Feb 2001 13:10:22 -0800
>
>
>FYI: Resent with a different subject
>-----------------
>
>
>I've seen a few posts on the list lately suggesting the use
>of LogMiner as an auditing tool.
>
>I have serious doubts about it's use in this capacity. Imagine
>the following scenario.
>
>Duhveloper: 'We just discovered that someone dropped a critical
> table in our system. We think some unauthorized
> person has access to one of our production accounts!
> We need to find out who this was!'
>
>( duhvelopers always speak with exclamation points )
>
>DBA: 'Is this the same database that was installed by the
> vendor with default passwords? The same database that
> I'm not allowed to change the default passwords on?'
>
>Duhveloper: 'Uh, yeah, right.'
>( Well, maybe not always )
>
>DBA: 'OK, I may not be able to tell you who did it, but I
> can pinpoint when it happened with LogMiner.'
>
>Duhveloper: 'Great! How soon we get an answer!'
>
>DBA: 'That depends on how closely you can narrow down the
> window I have to look in. Approximately when did
> happen?'
>
>Duhveloper: 'Well, we didn't find out til this morning. The
> last time anyone can recall looking at the table
> was 10 days ago.'
>
>DBA: 'This system generates a 500m log file 3 times an hour,
> 24x7. That means that a worst case scenario is I
> process 720 Archive log files, many of which are on
> tape, so I must bring those back 20 files at a time, as
> the largest disk space I can spare is 10 gig. Working
> fulltime I may be able to give you that answer in 30 days.'
>
>Duhveloper: 'Oh. Well maybe we don't need it that bad. I know
> what we can do! Why don't you change the default
> system passwords on that database. I don't know
> why you didn't do it as soon as the vendor left!'
>
>( Duhveloper skulks away when DBA's face turns a lovely shade
> of crimson and appears to be on the verge of burying Pompeii
> in an ash flow. )
>
>
>Seriously, has anyone successfully used LogMiner for auditing
>in a production database.
>
>Joe, your input here would be appreciated.
>
>Jared
>
>
>
>--
>Please see the official ORACLE-L FAQ: http://www.orafaq.com
>--
>Author:
> INET: jkstill_at_cybcon.com
>
>Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
>San Diego, California -- Public Internet access / Mailing Lists
>--------------------------------------------------------------------
>To REMOVE yourself from this mailing list, send an E-Mail message
>to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
>the message BODY, include a line containing: UNSUB ORACLE-L
>(or the name of mailing list you want to be removed from). You may
>also send the HELP command for other information (like subscribing).



Get your FREE download of MSN Explorer at http://explorer.msn.com
-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Rachel Carmichael
  INET: carmichr_at_hotmail.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Feb 14 2001 - 19:50:41 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US