2 Replies Latest reply on Sep 22, 2018 1:48 PM by 3336843

    Security audits log (OID,WL,OAM,EM)




      I'm stuck in a situation, where I'm asked to find most security relevant data from following sources:-


      • OID
      • Web logic
      • OAM
      • Enterprise manager


      For e.g from OID i get logs as


      2012-08-12 19:20:51.914958 “OID” “004lvTcRpnnBx00_NxXBie0002vl0001Sn,0” – – “8089” – – “UserLogin” FALSE – “cn=Atul,cn=Users,dc=onlineappsdba,dc=com” “Operation name: bind” “49” “” – – – – “bind” “Simple:DN/Password Based“”


      They are useful to a point, but when I look at the audit configuration I see it follows the same steps , also generally I see diagnostic /access logs already produced but for Audit point of view which component mentioned above has greatest important from security stand point of view.


      Architecturally speaking from client request first is process by weblogic (under SSO) if its audit configured , should I enable audit for OAM also, between what are audit quality difference?


      I don't want to log too much or too less, and also avoid duplication. I have little experience in Oracle, but security analyst wants Oracle from security log management. Thanks.