2 Replies Latest reply on Sep 22, 2018 1:48 PM by 3336843

    Security audits log (OID,WL,OAM,EM)

    3336843

      Hello,

       

      I'm stuck in a situation, where I'm asked to find most security relevant data from following sources:-

       

      • OID
      • Web logic
      • OAM
      • Enterprise manager

       

      For e.g from OID i get logs as

       

      2012-08-12 19:20:51.914958 “OID” “004lvTcRpnnBx00_NxXBie0002vl0001Sn,0” – – “8089” – – “UserLogin” FALSE – “cn=Atul,cn=Users,dc=onlineappsdba,dc=com” “Operation name: bind” “49” “192.168.1.12” – – – – “bind” “Simple:DN/Password Based“”

       

      They are useful to a point, but when I look at the audit configuration I see it follows the same steps , also generally I see diagnostic /access logs already produced but for Audit point of view which component mentioned above has greatest important from security stand point of view.

       

      Architecturally speaking from client request first is process by weblogic (under SSO) if its audit configured , should I enable audit for OAM also, between what are audit quality difference?

       

      I don't want to log too much or too less, and also avoid duplication. I have little experience in Oracle, but security analyst wants Oracle from security log management. Thanks.

       

      regards

      asad