サポートと今すぐチャット
サポートとのチャット

InTrust 11.5.1 - Preparing for Auditing Oracle

Oracle Auditing Overview

The Oracle Knowledge Pack expands the auditing and reporting capabilities of InTrust to Oracle. It lets you collect and report on the audit data from your Oracle database system. Featuring a fully automated workflow, InTrust helps you:

  • Gather and consolidate a variety of data from the Oracle hosts running on different platforms
  • Consolidate, store, and analyze this information
  • Generate the reports on various aspects of your Oracle system operation

The following Oracle database system versions are supported:

  • 18c
  • 19c
  • 21c

Data can be collected from the Oracle hosts running on the following platforms:

  • Microsoft Windows 2012 and higher
  • Redhat Enterprise Linux version 7 or above

Other platforms are also supported; however, reports on administrative users’ activity will not be generated for them (all other reports will be created).

Reports on your Oracle database system cover the following areas:

  • Activity of users with administrative privileges (logged on as SYSOPER or SYSDBA)
  • Other users’ activity, in particular, logons and logoffs
  • User and role management activity
  • Rights management
  • Data retrieval and modification activity
  • Data structure modification activity

Installing the Oracle Knowledge Pack

Support for Oracle auditing is provided by the Oracle Knowledge Pack. The Knowledge Pack must be installed on top of an existing InTrust installation.

Auditing Administrative User Activity

Gathering from Windows-Based Computers

Gathering from Unix-Based Computers

Gathering from Windows-Based Computers

Events from Oracle administrative users (users logged on to Oracle as SYSOPER or SYSDBA) are written into the Windows Application log of the Windows-based computers hosting Oracle database. This data is collected by InTrust in the traditional way, by retrieving events from the event logs on the specified computers.

In particular, to gather this data, you need to do the following:

  1. On the target machine, turn auditing on by setting the AUDIT_SYS_OPERATIONS parameter in the SPFILE file to TRUE. To do that, either use Oracle Enterprise Manager or run an SQL query. For example, you can take following steps:
    1. Connect to the necessary database as SYSDBA and run the following query:
      select name, value from v$parameter where name like ‘audit%’
    2. Then check whether the AUDIT_SYS_OPERATIONS parameter value is set to TRUE. If not, run the following query:
      ALTER SYSTEM SET audit_sys_operations = TRUE SCOPE=SPFILE;
    3. Wait for the system to report that the value has been altered, and restart Oracle database.
    4. Check whether administrative user events appear in the log.
  2. Populate the ‘Oracle for Windows servers in the domain’ site with the machines you want to collect data from.
  3. In the Oracle daily collection task, make sure that the ‘Oracle administrative users audit collection’ job involves the ‘Oracle administrative user events from Application log’ gathering policy, and that the job processes the ‘Oracle for Windows servers in the domain’ site.
セルフ・サービス・ツール
ナレッジベース
通知および警告
製品別サポート
ソフトウェアのダウンロード
技術文書
ユーザーフォーラム
ビデオチュートリアル
RSSフィード
お問い合わせ
ライセンスアシスタンス の取得
Technical Support
すべて表示
関連ドキュメント

The document was helpful.

評価を選択

I easily found the information I needed.

評価を選択