1 Reply Latest reply: Mar 2, 2011 2:13 PM by 844189 RSS

    Different types of Auditing.

    844189
      These are the



      System Level Triggers - You can audit Oracle user activity, DDL (great for auditing change control), and server errors.


      For this we can write DDL triggers script for DDL auditing.

      The first step is to create an Oracle table that can store the information (like User ID, Session ID, Host, Logon date) gathered by the end-user

      Logon/logoff triggers.

      Now we'll gather the information (like Last Program, Last action, Last Module, Logoff date) available just prior to user logoff. At user logoff time, the

      Oracle system-level trigger provides information about the Current session and the activity of the user.



      Oracle Audit Command - This is the innate Oracle audit tool.


      These options audit all DDL and DML, along with some system events.

      DDL (CREATE, ALTER & DROP of objects), DML (INSERT UPDATE, DELETE, SELECT, EXECUTE), SYSTEM EVENTS (LOGON, LOGOFF etc.).

      AUDIT_TRAIL = db Enables database auditing and directs all audit records to the SYS.AUD$ table.

      AUDIT_TRAIL = db_extended Enables database auditing and directs all audit records to the database audit trail (the SYS.AUD$ table) including

      the SQLBIND and SQLTEXT CLOB columns.

      AUDIT_TRAIL = none Disables database auditing.

      AUDIT_TRAIL = os Enables database auditing and directs all audit records to the operating system's audit trail.

      AUDIT_TRAIL = xml Enables database auditing and writes all audit records to XML format OS files.

      AUDIT_TRAIL = xml_extended Enables database auditing and prints all audit trail columns, including Saltiest and Slid values.



      Oracle fine-grained auditing - The FGA auditing package provides for Oracle auditing.


      Fine grained auditing extends Oracle standard auditing capabilities by allowing the user to audit actions based on user-defined predicates.

      It is independent of the AUDIT_TRAIL parameter setting and all audit records are stored in the FGA_LOG$ table, rather than the AUD$ table

      This is package for the auditing DBMS_FGA.



      Oracle LogMiner auditing - This LogMiner Oracle audit approach utilizes the Oracle redo logs to track and audit all database changes.


      Oracle LogMiner is a redo log query engine that is provided with the Oracle database server.

      Log Miner uses redo entries embedded in online redo log files or archived redo log files and data dictionary information to build the SQL statement. Log

      Miner keeps the contents of the redo log file in the fixed view, v$logmnr_contents.



      Third party tools - Tools such as Oracle Audit Vault, Oracle Audit Pack and Event Pack can provide detailed audit trails for Oracle user activity.


      Oracle Audit Vault automates the audit collection, monitoring and reporting process, turning audit data into a key security resource for detecting unauthorized activity.