Re: Oracle Audit aud$ vs Database Logon Trigger

From: Sanjay Mishra <smishra_97_at_yahoo.com>
Date: Fri, 19 Oct 2012 07:37:44 -0700 (PDT)
Message-ID: <1350657464.17532.YahooMailNeo_at_web122103.mail.ne1.yahoo.com>

Thanks Walker. Even my environment is not RAC but is good caution for reference.

From: "Walker, Jed S" <Jed_Walker_at_cable.comcast.com> To: "smishra_97_at_yahoo.com" <smishra_97_at_yahoo.com>; "christopher.taylor2_at_parallon.net" <christopher.taylor2_at_parallon.net>; "kevin.lange_at_ppoone.com" <kevin.lange_at_ppoone.com>; "mdinh235_at_gmail.com" <mdinh235_at_gmail.com> Cc: "oracle-l_at_freelists.org" <oracle-l_at_freelists.org> Sent: Thursday, October 18, 2012 5:47 PM Subject: RE: Oracle Audit aud$ vs Database Logon Trigger

If you use built-in auditing be careful about using he trail in the database. On RAC this can cause a lot of cluster waits.

For what you need I'd probably create a logon trigger, and maybe just update a row for each user to show the latest logon time. That would keep the amount of data small and allow you to do those reports.

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Sanjay Mishra Sent: Thursday, October 18, 2012 3:37 PM To: Christopher.Taylor2_at_parallon.net; kevin.lange_at_ppoone.com; mdinh235_at_gmail.com Cc: oracle-l_at_freelists.org
Subject: Re: Oracle Audit aud$ vs Database Logon Trigger

Chris
That will be lots of trigger plus if new users are added then we cannot automate. So it should be database based.

Sanjay

From: "Christopher.Taylor2_at_parallon.net" <Christopher.Taylor2_at_parallon.net> To: kevin.lange_at_ppoone.com; smishra_97_at_yahoo.com; mdinh235_at_gmail.com Cc: oracle-l_at_freelists.org
Sent: Thursday, October 18, 2012 11:24 AM Subject: RE: Oracle Audit aud$ vs Database Logon Trigger

If you use a logon trigger, consider putting it in the SCHEMA of the users - "CREATE ... AFTER LOGON ON SCOTT.SCHEMA..."

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Lange, Kevin G Sent: Thursday, October 18, 2012 9:58 AM To: smishra_97_at_yahoo.com; Michael Dinh Cc: oracle-l
Subject: RE: Oracle Audit aud$ vs Database Logon Trigger

I use both for different databases and reasons.� I think I like the logon trigger more simply because it is more customizable on what data is recorded.�� Plus, it's a lot easier to exclude certain IDs in the logon trigger than it is in the Oracle Auditing.� Of course, auditing is written by Oracle and integrated into the system (as opposed to one of us writing a logon trigger) so I tend to think that the code is beter and less of a drag on the system.

-----Original Message-----
From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Sanjay Mishra Sent: Thursday, October 18, 2012 9:40 AM To: Michael Dinh
Cc: oracle-l
Subject: Re: Oracle Audit aud$ vs Database Logon Trigger

Thanks Mike. Do we have any pros and cons for both approach. This database is heavily accessed in terms of logon like 500+ user anytime and has 3000+ user in the database. So want to explore as use this approach for this many user or so based on maintenance and reliability.

Tx
Sanjay

From: Michael Dinh <mdinh235_at_gmail.com> To: smishra_97_at_yahoo.com
Cc: oracle-l <oracle-l_at_freelists.org> Sent: Wednesday, October 17, 2012 11:28 PM Subject: Re: Oracle Audit aud$ vs Database Logon Trigger

I would use audit functionality for simplicity.�

AUDIT SESSION WHENEVER SUCCESSFUL; Query�DBA_AUDIT_SESSION

Use�DBMS_AUDIT_MGMT to manage.

HTH -Michael.

On Wed, Oct 17, 2012 at 7:32 PM, Sanjay Mishra <smishra_97_at_yahoo.com> wrote:

Hi
>
>Can someone help as what is best approach in term system performance
>and best practices for auditing. Requirements is only to check what
>user has not logon to the database in x number of days and create a
>report on daily basis. Requirement is to report user who has not logon
>to the database in last 180 days. So what is best practices like to use
>Audit command or Database Logon Trigger. Any help in providing any fact
>is highly appreciable
>
>TIA
>Sanjay
>
>
>--
>http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l



This e-mail, including attachments, may include confidential and/or proprietary information, and may be used only by the person or entity to which it is addressed. If the reader of this e-mail is not the intended recipient or his or her authorized agent, the reader is hereby notified that any dissemination, distribution or copying of this e-mail is prohibited. If you have received this e-mail in error, please notify the sender by replying to this message and delete this e-mail immediately.

--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Oct 19 2012 - 16:37:44 CEST

This message: [ Message body ]
Next message: Sanjay Mishra: "Re: Oracle Audit aud$ vs Database Logon Trigger"
Previous message: Rich Jesse: "MOS SR updates not showing dates anymore?"
In reply to: Walker, Jed S: "RE: Oracle Audit aud$ vs Database Logon Trigger"
Next in thread: Sanjay Mishra: "Re: Oracle Audit aud$ vs Database Logon Trigger"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message