7 Replies Latest reply: Nov 21, 2012 12:00 PM by jgarry RSS

    Oracle Auditing

    dba7188@
      running Oracle Database 11g on Solaris platform. We have turned on auditing as our application requires PCI compliance. We are using Oracle grid to monitor databases. Whenever we access OEM to troubleshoot some errors, an entry is getting logged in the OS Audit file location. it really generates a huge file. We do not want to log an entry, for each OEM access. is it possible to turn off auditing on grid access only ?

      Thanks in advance.
        • 1. Re: Oracle Auditing
          jgarry
          Are you accessing as sysdba?

          Also see http://psoug.org/reference/auditing.html
          • 2. Re: Oracle Auditing
            Dude!
            An audit files are created every time you login as user SYS. The are located in $ORACLE_HOME/rdbms/audit.

            You can clean out old files without problem if necessary. For instance, using a cron entry as user Oracle that deletes audit files older than 1 month:

            <pre>
            30 0 * * * find /u01/app/grid/11.2.0/grid/rdbms/audit -maxdepth 1 -name '*.aud' -mtime +30 -delete >/dev/null 2>&1
            </pre>
            • 3. Re: Oracle Auditing
              dba7188@
              No i connect as myself.
              • 4. Re: Oracle Auditing
                dba7188@
                Thank You. your suggestion is useful, but is there a way to stop it from creating. i am looking for some disable option on the Grid Control.
                • 5. Re: Oracle Auditing
                  jgarry
                  Please show us one of the aud files. Perhaps your sysman login (or whatever your version uses) is sysdba, rather than you.
                  • 6. Re: Oracle Auditing
                    dba7188@
                    i have trimmed the query in the middle, i did not run the query, i am sure it is from OEM.
                    $more xims_ora_25539_1.aud
                    Audit file /oracle/app/oracle/audit/xims_ora_25539_1.aud
                    Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
                    With the Partitioning, OLAP, Data Mining and Real Application Testing options
                    ORACLE_HOME = /oracle/app/oracle/product/11.2.0.3/db1
                    System name:    SunOS
                    Node name:      jpmcqa98
                    Release:        5.10
                    Version:        Generic_99999
                    Machine:        sun4u
                    Instance name: xims
                    Redo thread mounted by this instance: 1
                    Oracle process number: 610
                    Unix process pid: 25539, image: oracle@jpmcqa98
                    
                    Tue Nov 20 15:24:01 2012 -05:00
                    LENGTH : '8052'
                    ACTION :[7889] 'SELECT event, wait_class, dim_percentage, dim_act_sessions FROM   (SELECT event, wait_class ,....<<<<TRIMMED FOR BREVITY>>>(:ash_module IS NULL          OR module like :ash_module)   AND   (:ash_action IS NULL          OR action like :ash_action)   AND   (:ash_client_i
                    d IS NULL          OR client_id like :ash_client_id)   AND   (:ash_plsql_entry IS NULL          OR ( (unified_ash.dbid,                unified_ash.plsql_entry_object_id
                    ,                unified_ash.plsql_entry_subprogram_id) IN                (select d.dbid, object_id, subprogram_id from ( select object_id, subprogram_id, object_type,
                    owner,          object_name, procedure_name, overload   from dba_procedures )  plsname1,                 v$database d                where dbms_ash_internal.format_plsq
                    l(plsname1.owner,                                         plsname1.object_name,                                         plsname1.object_type,
                                  plsname1.procedure_name,                                         plsname1.overload)                      like :ash_plsql_entry) ) )  ) a         WHERE   1
                     = 1            and session_type = 'FOREGROUND'          GROUP BY event, wait_class ) ash       WHERE  ash.dim_percentage >= 1   AND  ash.dim_rank <= 5    ORDER  BY ash
                    .dim_rank'
                    DATABASE USER:[8] 'klyde'
                    PRIVILEGE :[4] 'NONE'
                    CLIENT USER:[8] 'NET8/klyde'
                    CLIENT TERMINAL:[5] 'pts/3'
                    STATUS:[1] '0'
                    DBID:[10] '1016814029' 
                    Edited by: dbmechanic on Nov 20, 2012 6:05 PM
                    • 7. Re: Oracle Auditing
                      jgarry
                      Hmmm, I'm not up on ASH security, but the user must have something granted to see it (or maybe ASH does something to public). I'd say ask support if it is a bug, maybe someone more up on that stuff can help. Perhaps the em forum could help more. Did you say you have enterprise edition with the diagnostic license?