Enabling Auditing in Oracle
To enable auditing and direct audit records to the database audit trail, we need to do the following.
Login as a sys user and execute the below mentioned SQL command and then restart the database.
SQL> ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE; System altered. SQL> SHUTDOWN Database closed. Database dismounted. ORACLE instance shut down. SQL> STARTUP ORACLE instance started. Total System Global Area 289406976 bytes Fixed Size 1248600 bytes Variable Size 71303848 bytes Database Buffers 213909504 bytes Redo Buffers 2945024 bytes Database mounted. Database opened. SQL>
Enabling Audit on the Oracle Database:
Enable auditing as per your requirements. The minimum that should be audited is:
- User logon and logoff events (both successful and failed).
- Database structure changes (CREATE, ALTER, DROP statements).
- All actions on sensitive objects.
- And if need be, all actions done by a specific user, such as the DBA.
- Check that the audit trail is working, by running this command by logging in as a user who has SELECT access on AUD$ table:
SELECT COUNT(*) FROM SYS.AUD$
For more information on auditing in Oracle, please visit. http://docs.oracle.com/cd/B19306_01/network.102/b14266/cfgaudit.htm
Integrating Oracle server with GFI EventsManager
- Under the Configuration tab select database servers groups.
- Right click oracle servers and select add new oracle servers.
- Enter the Ip address of the oracle server and click on add and on finish button.
- Oracle server will be listed in the oracle servers group.
- Right click on the oracle server and select properties.
- Uncheck the inherit Oracle Server Post collection processing.
- Select the process using these rule sets radio button.
- Check the Oracle audit check box under the process using these rule sets frame.
- Click on Connection settings.
- Uncheck the inherit logon credentials from the parent group.
- Enter username and password of the user having access to the database and select command access on the sys.aud$ table.
- Enter the Port Number and SID or Service name of the database.
- Click on the Test button to check the connectivity between the GFI and the database server.
- Select Audit by statements tab.
- Select all statements in the statements option and all users in users option.
- Select by access and both in options section.
- Click on Audit Button to enable audit.
- Select Audit by Object tab.
- In the Object section select object Any_user.default from the list.
- Select ALL in the operation section.
- In the options section select by access and both.
- Click on the audit button to start the audit of the objects selected.
- Click Apply and OK to save the settings.