Mar 022016
 

Enabling Auditing in Oracle

To enable auditing and direct audit records to the database audit trail, we need to do the following.
Login as a sys user and execute the below mentioned SQL command and then restart the database.

SQL> ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE; 

System altered. 

SQL> SHUTDOWN 
Database closed. 
Database dismounted. 
ORACLE instance shut down. 
SQL> STARTUP 
ORACLE instance started. 

Total System Global Area 289406976 bytes 
Fixed Size 1248600 bytes 
Variable Size 71303848 bytes 
Database Buffers 213909504 bytes 
Redo Buffers 2945024 bytes 
Database mounted. 
Database opened. 
SQL>

 

Enabling Audit on the Oracle Database:

Enable auditing as per your requirements. The minimum that should be audited is:

  • User logon and logoff events (both successful and failed).
  • Database structure changes (CREATE, ALTER, DROP statements).
  • All actions on sensitive objects.
  • And if need be, all actions done by a specific user, such as the DBA.
  • Check that the audit trail is working, by running this command by logging in as a user who has SELECT access on AUD$ table:
    SELECT COUNT(*) FROM SYS.AUD$

For more information on auditing in Oracle, please visit. http://docs.oracle.com/cd/B19306_01/network.102/b14266/cfgaudit.htm

Integrating Oracle server with GFI EventsManager

  1. Under the Configuration tab select database servers groups.
  2. Right click oracle servers and select add new oracle servers.
  3. Enter the Ip address of the oracle server and click on add and on finish button.

    ADDING ORACLE SERVER IN THE GFI EVENT MANAGER

    ADDING ORACLE SERVER IN THE GFI EVENTSMANAGER

  4. Oracle server will be listed in the oracle servers group.
  5. Right click on the oracle server and select properties.

    Fig. 2

    Fig. 2

  6. Uncheck the inherit Oracle Server Post collection processing.
  7. Select the process using these rule sets radio button.
  8. Check the Oracle audit check box under the process using these rule sets frame.

    Fig. 3

  9. Click on Connection settings.
  10. Uncheck the inherit logon credentials from the parent group.
  11. Enter username and password of the user having access to the database and select command access on the sys.aud$ table.
  12. Enter the Port Number and SID or Service name of the database.

    Fig. 4

  13. Click on the Test button to check the connectivity between the GFI and the database server.

    Fig. 5

  14. Select Audit by statements tab.
  15. Select all statements in the statements option and all users in users option.
  16. Select by access and both in options section.
  17. Click on Audit Button to enable audit.

    Fig. 6

  18. Select Audit by Object tab.
  19. In the Object section select object Any_user.default from the list.
  20. Select ALL in the operation section.
  21. In the options section select by access and both.
  22. Click on the audit button to start the audit of the objects selected.
  23. Click Apply and OK to save the settings.

    Fig. 7

 

 

Shaad Mujawar

  2 Responses to “Monitoring the Oracle database with GFI Events Manager”

  1. Very complete for me, thanks for sharing the article.

  2. Wonderful beat ! I wish to apprentice at the same time as
    you amend your website, how can i subscribe for a blog site?

    The account aided me a acceptable deal. I had been a little
    bit familiar of this your broadcast offered bright transparent concept

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)