• • Home
  • Articles
  • Scripts
  • Forums
  • Blog
  • Certification
  • Misc
  • About
  • Printer Friendly

Oracle 8i | Oracle 9i | Oracle 10g | Oracle 11g | Miscellaneous | Oracle RAC | Oracle Apps | Linux

Home » Articles » 8i » Here

Auditing

The auditing mechanism for Oracle is extremely flexible so I'll only discuss performing full auditing on a single user:

• Server Setup
• Audit Options
• View Audit Trail
• Maintenence
• Security

Server Setup

To allow auditing on the server you must:

• Set "audit_trail = true" in the init.ora file.
• Run the $ORACLE_HOME/rdbms/admin/cataudit.sql script while connected as SYS.

Audit Options

Assuming that the "fireid" user is to be audited:

CONNECT sys/password AS SYSDBA

AUDIT ALL BY fireid BY ACCESS;
AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY fireid BY ACCESS;
AUDIT EXECUTE PROCEDURE BY fireid BY ACCESS;

These options audit all DDL & DML issued by "fireid", along with some system events.

• DDL (CREATE, ALTER & DROP of objects)
• DML (INSERT UPDATE, DELETE, SELECT, EXECUTE).
• SYSTEM EVENTS (LOGON, LOGOFF etc.)

View Audit Trail

The audit trail is stored in the SYS.AUD$ table. It's contents can be viewed directly or via the following views:

• DBA_AUDIT_EXISTS
• DBA_AUDIT_OBJECT
• DBA_AUDIT_SESSION
• DBA_AUDIT_STATEMENT
• DBA_AUDIT_TRAIL
• DBA_OBJ_AUDIT_OPTS
• DBA_PRIV_AUDIT_OPTS
• DBA_STMT_AUDIT_OPTS

The audit trail contains alot of data, but the following are most likely to be of interest:

• Username : Oracle Username.
• Terminal : Machine that the user performed the action from.
• Timestamp : When the action occured.
• Object Owner : The owner of the object that was interacted with.
• Object Name : The name of the object that was interacted with.
• Action Name : The action that occured against the object. (INSERT, UPDATE, DELETE, SELECT, EXECUTE)

Maintenance

The audit trail must be deleted/archived on a regular basis to prevent the SYS.AUD$ table growing to an unnacceptable size.

Security

Only DBAs should have maintenance access to the audit trail. If SELECT access is required by any applications this can be granted to any users, or alternatively a specific user may be created for this.

Auditing modifications of the data in the audit trail itself can be achieved as follows:

AUDIT INSERT, UPDATE, DELETE ON sys.aud$ BY ACCESS;

For more information see:

• Auditing Database Use (8i)
• Fine Grained Auditing (9i)
• Fine Grained Auditing Enhancements (10g)
• Uniform Audit Trail (10g)
• Audit Trail Contents (10g)

Hope this helps. Regards Tim...

Back to the Top.