Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Analyzing audit trail written to UNIX files
I am using Oracle 9.2.0.5 on HP UNIX 11i
My security department insists on writing Oracle audit trail to UNIX files instead of database tables (sys.aud$), but it makes it quite difficult to analyze audit trail data.
I was thinking of mapping Oracle UNIX Files to a external Oracle table, but it appears that is quite difficult to do the way Oracle is writing to audit trail on files.
Wed May 24 17:40:52 2006
SESSIONID: "142" ENTRYID: "1" STATEMENT: "1" USERID: "SYSTEM" TERMINAL:
"ttypc" ACTION: "100" RETURN
CODE: "0" COMMENT$TEXT: "Authenticated by: DATABASE" OS$USERID:
"oracle"
PRIV$USED: 5
Wed May 24 17:41:30 2006
SESSIONID: "142" ENTRYID: "2" STATEMENT: "7" USERID: "SYSTEM" TERMINAL:
"ttypc" ACTION: "43" RETURNC
ODE: "0" OBJ$NAME: "HRDB" OS$USERID: "oracle" PRIV$USED: 22
Wed May 24 18:02:22 2006
SESSIONID: "142" ENTRYID: "1" ACTION: "101" RETURNCODE: "0"
LOGOFF$PREAD: "0" LOGOFF$LREAD: "28" LOG
OFF$LWRITE: "10" LOGOFF$DEAD: "0" SESSIONCPU: "3"
Are there some scripts available to analyze audit trail written to
files.
Thanks. Received on Thu May 25 2006 - 07:24:36 CDT