| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: sys.aud$ - auditing user activities? - follow up
Tim - Thanks for the well worded response. Very, very helpful.
So my next question: Are there any 3rd party applications available to do what Oracle won't?
-----Original Message-----
Sent: Monday, November 18, 2002 4:29 PM
To: Multiple recipients of list ORACLE-L
SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i with the AUDIT_SYS_OPERATIONS parameter set to TRUE. SYSDBA operations are always logged to the OS audit trail, including access/modifications to the SYS.AUD$ table...
The reason that these records are only logged to the audit trail (previous to Oracle9i, only connections as SYSDBA were logged) is because that is the only way to protect the audit records review and (especially!) alteration from people with SYSDBA privilege. Someone with SYSDBA could alway muck with the contents of the SYS.AUD$ table, but they would not necessarily have OS permissions to alter the audit records sent to the OS.
...which is why the command CONNECT INTERNAL went away with Oracle9i, to remove the last necessity for DBAs to be members of the OSDBA and OSOPER groups in the OS. Now, with 9i and CONNECT ... AS SYSDBA commands, you can "lock down" the OS account and account-group that owns the Oracle software away from those with SYSDBA privileges, thus protecting the software distribution files, log files, trace files, and audit files from casual modification, if desired...
> Hello All,
>
> Do any of you have suggestions for a good way to monitor sysdba user
> activities on the sys.aud$ table? Or, in terms of logging everything,
what
> would be the keypoints to log scrub on?
>
> Any suggestions would be wonderful.
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author:
> INET: Dana.Mueller_at_guardent.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Tim Gorman INET: Tim_at_SageLogix.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: Dana.Mueller_at_guardent.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Mon Nov 18 2002 - 20:58:42 CST
 |
 |