지금 지원 담당자와 채팅
지원 담당자와 채팅

InTrust 11.5.1 - Preparing for Auditing Oracle

Oracle Auditing Overview

The Oracle Knowledge Pack expands the auditing and reporting capabilities of InTrust to Oracle. It lets you collect and report on the audit data from your Oracle database system. Featuring a fully automated workflow, InTrust helps you:

  • Gather and consolidate a variety of data from the Oracle hosts running on different platforms
  • Consolidate, store, and analyze this information
  • Generate the reports on various aspects of your Oracle system operation

The following Oracle database system versions are supported:

  • 18c
  • 19c
  • 21c

Data can be collected from the Oracle hosts running on the following platforms:

  • Microsoft Windows 2012 and higher
  • Redhat Enterprise Linux version 7 or above

Other platforms are also supported; however, reports on administrative users’ activity will not be generated for them (all other reports will be created).

Reports on your Oracle database system cover the following areas:

  • Activity of users with administrative privileges (logged on as SYSOPER or SYSDBA)
  • Other users’ activity, in particular, logons and logoffs
  • User and role management activity
  • Rights management
  • Data retrieval and modification activity
  • Data structure modification activity

Installing the Oracle Knowledge Pack

Support for Oracle auditing is provided by the Oracle Knowledge Pack. The Knowledge Pack must be installed on top of an existing InTrust installation.

Auditing Administrative User Activity

Gathering from Windows-Based Computers

Gathering from Unix-Based Computers

Gathering from Windows-Based Computers

Events from Oracle administrative users (users logged on to Oracle as SYSOPER or SYSDBA) are written into the Windows Application log of the Windows-based computers hosting Oracle database. This data is collected by InTrust in the traditional way, by retrieving events from the event logs on the specified computers.

In particular, to gather this data, you need to do the following:

  1. On the target machine, turn auditing on by setting the AUDIT_SYS_OPERATIONS parameter in the SPFILE file to TRUE. To do that, either use Oracle Enterprise Manager or run an SQL query. For example, you can take following steps:
    1. Connect to the necessary database as SYSDBA and run the following query:
      select name, value from v$parameter where name like ‘audit%’
    2. Then check whether the AUDIT_SYS_OPERATIONS parameter value is set to TRUE. If not, run the following query:
      ALTER SYSTEM SET audit_sys_operations = TRUE SCOPE=SPFILE;
    3. Wait for the system to report that the value has been altered, and restart Oracle database.
    4. Check whether administrative user events appear in the log.
  2. Populate the ‘Oracle for Windows servers in the domain’ site with the machines you want to collect data from.
  3. In the Oracle daily collection task, make sure that the ‘Oracle administrative users audit collection’ job involves the ‘Oracle administrative user events from Application log’ gathering policy, and that the job processes the ‘Oracle for Windows servers in the domain’ site.
셀프 서비스 도구
지식 기반
공지 및 알림
제품 지원
소프트웨어 다운로드
기술 설명서
사용자 포럼
비디오 자습서
RSS 피드
문의처
라이센싱 지원가져오기
기술 지원
모두 보기
관련 문서

The document was helpful.

평가 결과 선택

I easily found the information I needed.

평가 결과 선택