3 Ответы Последний ответ: 22.11.2018 17:27, автор: WadhahDaouehi

    How to enable audit_trail in Oracle 11g?

    Praveen Kamble

      Dear Team,

       

      We are collecting audit logs from Oracle 11g (11.2.0.4.0) into a syslog server/SIEM solution for log monitoring and analysis.

      For this we need to edit the parameter audit_trail to os,db etc.

       

      But unfortunately, we are unable to find the file initORACLE_SID.ora, in which the audit_trail parameter is edited.

      This file is missing in Oracle 11g.

       

      Also, we tried to run the command - alter system set audit_trail=os scope=spfile;

      after running this command, we are getting error - "insufficient privileges", where as we are logging in as admin, sysdba.

      Attaching the screenshot below:

       

       

      Can i request your help here in the above 2 scenarios.

      I am from security background, need your help on the database part. Would be much appreciated.

       

       

      Best Regards,

      Praveen Kamble

        • 1. Re: How to enable audit_trail in Oracle 11g?
          Kishore_Reddy

          Hi Praveen,

           

          You can set the  database initialization parameter AUDIT_TRAIL to DB or OS for enabling auditing. The DB setting means the audit trail records are stored in the database in the SYS.AUD$ table. OS will send the audit trail records to an operating system file. The OS setting is operating system-dependent and is not supported on all operating systems.

           

          SQL> ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE;

           

           

          System altered.

           

           

          SQL> SHUTDOWN

          Database closed.

          Database dismounted.

          ORACLE instance shut down.

          SQL> STARTUP

          ORACLE instance started.

           

           

          Total System Global Area  289406976 bytes

          Fixed Size                  1248600 bytes

          Variable Size              71303848 bytes

          Database Buffers          213909504 bytes

          Redo Buffers                2945024 bytes

          Database mounted.

          Database opened.

          SQL>

          • 2. Re: How to enable audit_trail in Oracle 11g?
            AndrewSayer

            Praveen Kamble wrote:

             

            Dear Team,

             

            We are collecting audit logs from Oracle 11g (11.2.0.4.0) into a syslog server/SIEM solution for log monitoring and analysis.

            For this we need to edit the parameter audit_trail to os,db etc.

             

            But unfortunately, we are unable to find the file initORACLE_SID.ora, in which the audit_trail parameter is edited.

            This file is missing in Oracle 11g.

             

            Also, we tried to run the command - alter system set audit_trail=os scope=spfile;

            after running this command, we are getting error - "insufficient privileges", where as we are logging in as admin, sysdba.

            Attaching the screenshot below:

             

             

            Can i request your help here in the above 2 scenarios.

            I am from security background, need your help on the database part. Would be much appreciated.

             

             

            Best Regards,

            Praveen Kamble

            Are you sure you are
            "where as we are logging in as admin, sysdba."

            ?

             

            Insufficient privileges would suggest you are not. The user you are connecting as must have alter system privileges in order to alter system

            • 3. Re: How to enable audit_trail in Oracle 11g?
              John Thorton

              Praveen Kamble wrote:

               

              Dear Team,

               

              We are collecting audit logs from Oracle 11g (11.2.0.4.0) into a syslog server/SIEM solution for log monitoring and analysis.

              For this we need to edit the parameter audit_trail to os,db etc.

               

              But unfortunately, we are unable to find the file initORACLE_SID.ora, in which the audit_trail parameter is edited.

              This file is missing in Oracle 11g.

               

              Also, we tried to run the command - alter system set audit_trail=os scope=spfile;

              after running this command, we are getting error - "insufficient privileges", where as we are logging in as admin, sysdba.

              Attaching the screenshot below:

               

               

              Can i request your help here in the above 2 scenarios.

              I am from security background, need your help on the database part. Would be much appreciated.

               

               

              Best Regards,

              Praveen Kamble

              show us using COPY & PASTE exactly how you logged into Oracle DB prior to do commands above.

               

              post SQL & results that show if this instance was started using spfile or pfile.

              • 4. Re: How to enable audit_trail in Oracle 11g?
                EdStevens

                Andrew,

                While your response is relevant and on-target, did you notice the age of this thread?

                 

                I've seen several of these archeological artifacts revived this morning, both here and on the MOS forums.  I'm beginning to wonder if it is fallout from the 'fix' to the recent forum problems, possibly the forum itself throwing old threads back into the stream?

                • 5. Re: How to enable audit_trail in Oracle 11g?
                  WadhahDaouehi

                  Hi,

                   

                  run these commandes:

                  $ ls -ld /rdsdbdata/admin/ORCLDB/adump

                  SQL> show user

                   

                  Best regards