Forum Stats

  • 3,816,600 Users
  • 2,259,212 Discussions
  • 7,893,516 Comments

Discussions

Question for several audit/monitoring related changes to Exadata/ZFS systems

user12240455
user12240455 Member Posts: 1 Blue Ribbon
edited May 4, 2022 12:00PM in Oracle Linux

Hello,

Triggered by internal auditing/security department, I've got several important - and unfortunately urgent - questions:

Basics: we are forced to give syslog AND auditlog of all components to security department, preferable via Universal Forwarder (splunk agent).

Learned: 

- syslog forwarding possible to be configured via dbmcli/cellcli on compute nodes/cell servers => ok.

- auditlog forwarding has to happen via audispd + configuration or Universal Forwarder; both need special customer audit_rules file


Question 1: Is it allowed to replace existing audit_rules file by a customer version of it on compute nodes and cell servers?

Question 2: Is it allowed to install Universal Forwarder (splunk agent) on compute nodes and cell servers?


Exadata switches (management switch and/or RoCE leaf and spine switches):

Question 1: Is it allowed to install Univeral Forwarder (splunk agent Cisco version or an other one) to Exadata switches + replacing the audit_rules file?

Question 2: In case (1) not allwoed, is syslog and auditlog forwarding allowed/possible + replacing the audit_rules file


ZFS ToR switches for Exadata-ZFS connection:

Question 1: Is it allowed to install Univeral Forwarder (splunk agent Cisco version or an other one) to ZFS ToR switches + replacing the audit_rules file?

Question 2: In case (1) not allwoed, is syslog and auditlog forwarding allowed/possible + replacing the audit_rules file


ZFS systems:

Question 1: Is it allowed to install Univeral Forwarder (splunk agent Solaris version) to ZFS ToR switches + replacing the audit_rules file?

Question 2: In case (1) not allwoed, is syslog and auditlog forwarding allowed/possible + replacing the audit_rules file


Always important: Is replacing the audit_rules file allowed?


Kind Regards,

Manfred

Tagged: