OS Audit trail
DBAsupport.com Forums - Powered by vBulletin
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: OS Audit trail

  1. #1
    Join Date
    Feb 2002
    Posts
    267
    Hi,
    What purpose does audit_trial=OS serve; any way whether you
    set it to OS or not it is going to auditing and generate the os files.....

    Could any body guide me...... does this generate any extra information.

    Regards
    sonia

  2. #2
    Join Date
    Feb 2000
    Location
    Singapore
    Posts
    1,758
    Your audit information is saved in OS, outside the database when you set AUDIT_TRAIL=OS

    Sanjay


  3. #3
    Join Date
    Feb 2002
    Posts
    267
    No sanjay.....what i meant to say was whether u set it to
    OS or not, anyway ORACLE is going to write into audit file
    at the OS level...then what is the use of it ?



    [Edited by sonia on 09-18-2002 at 03:16 AM]

  4. #4
    Join Date
    Jun 2000
    Location
    Madrid, Spain
    Posts
    7,447
    you know the difference between trace and audit files???

  5. #5
    Join Date
    Oct 2001
    Posts
    83
    Hello,

    Auditing option allows you to collect some information related to DML, DLL, connections ... (Suspicious or normal Database Activity). You can store data collect in the database (in SYS.AUD$ table) or in an OS file (OS level).

    Hope this help

  6. #6
    Join Date
    Feb 2002
    Posts
    267
    Yes noor,
    What i am trying to say is irrespective of setting it to OS or DB, audit files are always generated in the path specified by audit_file_dest.....
    So what for is this audit_tria=OS....

  7. #7
    Join Date
    Jun 2000
    Location
    Madrid, Spain
    Posts
    7,447
    itīs obvious you have not read the docs

    quote:

    Events Audited by Default
    Regardless of whether database auditing is enabled, Oracle will always audit certain database-related actions into the operating system audit trail. These events include the following:

    Instance startup

    An audit record is generated that lists the OS user starting the instance, the user's terminal identifier, the date and time stamp, and whether database auditing was enabled or disabled. This is stored in the OS audit trail because the database audit trail is not available until after startup has successfully completed. Recording the state of database auditing at startup also prevents an administrator from restarting a database with database auditing disabled (so they can perform unaudited actions).

    Instance shutdown

    An audit record is generated that lists the OS user shutting down the instance, the user's terminal identifier, the date and time stamp.

    Connections to the database with administrator privileges

    An audit record is generated that lists the OS user connecting to Oracle as SYSOPER or SYSDBA, to provide accountability of users with administrator privileges.


  8. #8
    Join Date
    Feb 2000
    Location
    Singapore
    Posts
    1,758
    Originally posted by sonia
    No sanjay.....what i meant to say was whether u set it to
    OS or not, anyway ORACLE is going to write into audit file
    at the OS level...then what is the use of it?
    If you set AUDIT_TRAIL=OS whatever auditing you turn on, will be saved to OS files but if you set it to DB, the information will go to sys.aud$ (other than default audit, as pando mentioned)

    Sanjay

    [Edited by SANJAY_G on 09-18-2002 at 04:27 AM]

  9. #9
    Join Date
    Jun 2002
    Location
    Longmont, Colorado
    Posts
    174
    Originally posted by pando
    itīs obvious you have not read the docs
    quote:

    Events Audited by Default
    Regardless of whether database auditing is enabled, Oracle will always audit certain database-related actions into the operating system audit trail. These events include the following:

    Instance startup

    An audit record is generated that lists the OS user starting the instance, the user's terminal identifier, the date and time stamp,
    and whether database auditing was enabled or disabled. This is stored in the OS audit trail because the database audit trail is not available until after startup has successfully completed. Recording the state of database auditing at startup also prevents an administrator from restarting a database with database auditing disabled (so they can perform unaudited actions).

    I'm starting to understand this aspect of auditing, but I don't see the information about whether auditing was disabled or enabled at startup in the audit file. The only I see in the audit record about the startup is this:

    ....
    Wed Jan 5 12:34:24 2005
    ACTION : 'STARTUP'
    DATABASE USER: '/'
    PRIVILEGE : SYSDBA
    CLIENT USER: jsmith
    CLIENT TERMINAL: Not Available
    STATUS: 0
    ...


    So where's the info about auditing being on or off at startup??

  10. #10
    Join Date
    Oct 2002
    Posts
    391
    Originally posted by dbbyleo
    I'm starting to understand this aspect of auditing, but I don't see the information about whether auditing was disabled or enabled at startup in the audit file. The only I see in the audit record about the startup is this:

    ....
    Wed Jan 5 12:34:24 2005
    ACTION : 'STARTUP'
    DATABASE USER: '/'
    PRIVILEGE : SYSDBA
    CLIENT USER: jsmith
    CLIENT TERMINAL: Not Available
    STATUS: 0
    ...


    So where's the info about auditing being on or off at startup??
    what your saw is exactly what pando is referring to

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width