FAQ
Tim - Thanks for the well worded response. Very, very helpful.

So my next question: Are there any 3rd party applications available to do
what Oracle won't?

-----Original Message-----
Sent: Monday, November 18, 2002 4:29 PM
To: Multiple recipients of list ORACLE-L

SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i
with the AUDIT_SYS_OPERATIONS parameter set to TRUE. SYSDBA operations are
always logged to the OS audit trail, including access/modifications to the
SYS.AUD$ table...

The reason that these records are only logged to the audit trail (previous
to Oracle9i, only connections as SYSDBA were logged) is because that is the
only way to protect the audit records review and (especially!) alteration
from people with SYSDBA privilege. Someone with SYSDBA could alway muck
with the contents of the SYS.AUD$ table, but they would not necessarily have
OS permissions to alter the audit records sent to the OS.

...which is why the command CONNECT INTERNAL went away with Oracle9i, to
remove the last necessity for DBAs to be members of the OSDBA and OSOPER
groups in the OS. Now, with 9i and CONNECT ... AS SYSDBA commands, you can
"lock down" the OS account and account-group that owns the Oracle software
away from those with SYSDBA privileges, thus protecting the software
distribution files, log files, trace files, and audit files from casual
modification, if desired...

Original Message -----
To: "Multiple recipients of list ORACLE-L"
Sent: Monday, November 18, 2002 12:46 PM
Hello All,

Do any of you have suggestions for a good way to monitor sysdba user
activities on the sys.aud$ table? Or, in terms of logging everything, what
would be the keypoints to log scrub on?

Any suggestions would be wonderful.
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: Dana.Mueller_at_guardent.com

Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Tim Gorman
INET: Tim_at_SageLogix.com

Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: Dana.Mueller_at_guardent.com

Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).

Search Discussions

  • Tim Gorman at Nov 19, 2002 at 3:43 am
    please be a little more specific? what exactly is it that oracle won't do?

    Original Message -----
    To: "Multiple recipients of list ORACLE-L"
    Sent: Monday, November 18, 2002 7:58 PM
    Tim - Thanks for the well worded response. Very, very helpful.

    So my next question: Are there any 3rd party applications available to do
    what Oracle won't?

    -----Original Message-----
    Sent: Monday, November 18, 2002 4:29 PM
    To: Multiple recipients of list ORACLE-L


    SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i
    with the AUDIT_SYS_OPERATIONS parameter set to TRUE. SYSDBA operations are
    always logged to the OS audit trail, including access/modifications to the
    SYS.AUD$ table...

    The reason that these records are only logged to the audit trail (previous
    to Oracle9i, only connections as SYSDBA were logged) is because that is the
    only way to protect the audit records review and (especially!) alteration
    from people with SYSDBA privilege. Someone with SYSDBA could alway muck
    with the contents of the SYS.AUD$ table, but they would not necessarily have
    OS permissions to alter the audit records sent to the OS.

    ..which is why the command CONNECT INTERNAL went away with Oracle9i, to
    remove the last necessity for DBAs to be members of the OSDBA and OSOPER
    groups in the OS. Now, with 9i and CONNECT ... AS SYSDBA commands, you can
    "lock down" the OS account and account-group that owns the Oracle software
    away from those with SYSDBA privileges, thus protecting the software
    distribution files, log files, trace files, and audit files from casual
    modification, if desired...

    ----- Original Message -----
    To: "Multiple recipients of list ORACLE-L"
    Sent: Monday, November 18, 2002 12:46 PM

    Hello All,

    Do any of you have suggestions for a good way to monitor sysdba user
    activities on the sys.aud$ table? Or, in terms of logging everything, what
    would be the keypoints to log scrub on?

    Any suggestions would be wonderful.
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author: Tim Gorman
    INET: Tim_at_SageLogix.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author: Tim Gorman
    INET: Tim_at_SageLogix.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
  • Dana.Mueller_at_guardent.com at Nov 19, 2002 at 5:38 am
    Tim / All.

    I figured it out.

    Basically assign users SYSDBA privies and track accordingly.

    -----Original Message-----
    Sent: Monday, November 18, 2002 7:44 PM
    To: Multiple recipients of list ORACLE-L

    please be a little more specific? what exactly is it that oracle won't do?

    Original Message -----
    To: "Multiple recipients of list ORACLE-L"
    Sent: Monday, November 18, 2002 7:58 PM
    Tim - Thanks for the well worded response. Very, very helpful.

    So my next question: Are there any 3rd party applications available to do
    what Oracle won't?

    -----Original Message-----
    Sent: Monday, November 18, 2002 4:29 PM
    To: Multiple recipients of list ORACLE-L


    SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i
    with the AUDIT_SYS_OPERATIONS parameter set to TRUE. SYSDBA operations are
    always logged to the OS audit trail, including access/modifications to the
    SYS.AUD$ table...

    The reason that these records are only logged to the audit trail (previous
    to Oracle9i, only connections as SYSDBA were logged) is because that is the
    only way to protect the audit records review and (especially!) alteration
    from people with SYSDBA privilege. Someone with SYSDBA could alway muck
    with the contents of the SYS.AUD$ table, but they would not necessarily have
    OS permissions to alter the audit records sent to the OS.

    ..which is why the command CONNECT INTERNAL went away with Oracle9i, to
    remove the last necessity for DBAs to be members of the OSDBA and OSOPER
    groups in the OS. Now, with 9i and CONNECT ... AS SYSDBA commands, you can
    "lock down" the OS account and account-group that owns the Oracle software
    away from those with SYSDBA privileges, thus protecting the software
    distribution files, log files, trace files, and audit files from casual
    modification, if desired...

    ----- Original Message -----
    To: "Multiple recipients of list ORACLE-L"
    Sent: Monday, November 18, 2002 12:46 PM

    Hello All,

    Do any of you have suggestions for a good way to monitor sysdba user
    activities on the sys.aud$ table? Or, in terms of logging everything, what
    would be the keypoints to log scrub on?

    Any suggestions would be wonderful.
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author: Tim Gorman
    INET: Tim_at_SageLogix.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author: Tim Gorman
    INET: Tim_at_SageLogix.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
  • Tim Gorman at Nov 19, 2002 at 1:28 pm
    ...um, if you say so. That really didn't answer my question, though...

    I hope that your solution did not include assigning users SYSDBA privileges
    in order to merely track/audit them?

    Original Message -----
    To: "Multiple recipients of list ORACLE-L"
    Sent: Monday, November 18, 2002 10:38 PM
    Tim / All.

    I figured it out.

    Basically assign users SYSDBA privies and track accordingly.

    -----Original Message-----
    Sent: Monday, November 18, 2002 7:44 PM
    To: Multiple recipients of list ORACLE-L


    please be a little more specific? what exactly is it that oracle won't do?
    ----- Original Message -----
    To: "Multiple recipients of list ORACLE-L"
    Sent: Monday, November 18, 2002 7:58 PM

    Tim - Thanks for the well worded response. Very, very helpful.

    So my next question: Are there any 3rd party applications available to
    do
    what Oracle won't?

    -----Original Message-----
    Sent: Monday, November 18, 2002 4:29 PM
    To: Multiple recipients of list ORACLE-L


    SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i
    with the AUDIT_SYS_OPERATIONS parameter set to TRUE. SYSDBA operations are
    always logged to the OS audit trail, including access/modifications to
    the
    SYS.AUD$ table...

    The reason that these records are only logged to the audit trail
    (previous
    to Oracle9i, only connections as SYSDBA were logged) is because that is the
    only way to protect the audit records review and (especially!)
    alteration
    from people with SYSDBA privilege. Someone with SYSDBA could alway muck
    with the contents of the SYS.AUD$ table, but they would not necessarily have
    OS permissions to alter the audit records sent to the OS.

    ..which is why the command CONNECT INTERNAL went away with Oracle9i, to
    remove the last necessity for DBAs to be members of the OSDBA and OSOPER
    groups in the OS. Now, with 9i and CONNECT ... AS SYSDBA commands, you can
    "lock down" the OS account and account-group that owns the Oracle
    software
    away from those with SYSDBA privileges, thus protecting the software
    distribution files, log files, trace files, and audit files from casual
    modification, if desired...

    ----- Original Message -----
    To: "Multiple recipients of list ORACLE-L"
    Sent: Monday, November 18, 2002 12:46 PM

    Hello All,

    Do any of you have suggestions for a good way to monitor sysdba user
    activities on the sys.aud$ table? Or, in terms of logging everything, what
    would be the keypoints to log scrub on?

    Any suggestions would be wonderful.
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author: Tim Gorman
    INET: Tim_at_SageLogix.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author: Tim Gorman
    INET: Tim_at_SageLogix.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author:
    INET: Dana.Mueller_at_guardent.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).
    --
    Please see the official ORACLE-L FAQ: http://www.orafaq.com
    --
    Author: Tim Gorman
    INET: Tim_at_SageLogix.com

    Fat City Network Services -- 858-538-5051 http://www.fatcity.com
    San Diego, California -- Mailing list and web hosting services
    ---------------------------------------------------------------------
    To REMOVE yourself from this mailing list, send an E-Mail message
    to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
    the message BODY, include a line containing: UNSUB ORACLE-L
    (or the name of mailing list you want to be removed from). You may
    also send the HELP command for other information (like subscribing).

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedNov 19, '02 at 2:58a
activeNov 19, '02 at 1:28p
posts4
users2
websiteoracle.com

People

Translate

site design / logo © 2022 Grokbase