Chat now with support
Chat with Support

InTrust 11.3.1 - Preparing for Auditing Oracle

Oracle Auditing Overview

The Oracle Knowledge Pack expands the auditing and reporting capabilities of InTrust to Oracle. It lets you collect and report on the audit data from your Oracle database system. Featuring a fully automated workflow, InTrust helps you:

  • Gather and consolidate a variety of data from the Oracle hosts running on different platforms
  • Consolidate, store, and analyze this information
  • Generate the reports on various aspects of your Oracle system operation

The following Oracle database system versions are supported:

  • 11g
  • 10g (R1 and R2)
  • 9i (R1 and R2)

Data can be collected from the Oracle hosts running on the following platforms:

  • Microsoft Windows 2000 and higher
  • Sun Solaris versions 8 and 9
  • Redhat Enterprise Linux version 3 or 4
  • SUSE Linux Enterprise Server 9
  • HP-UX 11i v2 (11.23)
  • AIX 5L version 5.3

Other platforms are also supported; however, reports on administrative users’ activity will not be generated for them (all other reports will be created).

Reports on your Oracle database system cover the following areas:

  • Activity of users with administrative privileges (logged on as SYSOPER or SYSDBA)
  • Other users’ activity, in particular, logons and logoffs
  • User and role management activity
  • Rights management
  • Data retrieval and modification activity
  • Data structure modification activity

Installing the Oracle Knowledge Pack

Support for Oracle auditing is provided by the Oracle Knowledge Pack. The Knowledge Pack must be installed on top of an existing InTrust installation.

Auditing Administrative User Activity

Gathering from Windows-Based Computers

Gathering from Unix-Based Computers

Gathering from Windows-Based Computers

Events from Oracle administrative users (users logged on to Oracle as SYSOPER or SYSDBA) are written into the Windows Application log of the Windows-based computers hosting Oracle database. This data is collected by InTrust in the traditional way, by retrieving events from the event logs on the specified computers.

In particular, to gather this data, you need to do the following:

  1. On the target machine, turn auditing on by setting the AUDIT_SYS_OPERATIONS parameter in the SPFILE file to TRUE. To do that, either use Oracle Enterprise Manager or run an SQL query. For example, you can take following steps:
    1. Connect to the necessary database as SYSDBA and run the following query:
      select name, value from v$parameter where name like ‘audit%’
    2. Then check whether the AUDIT_SYS_OPERATIONS parameter value is set to TRUE. If not, run the following query:
      ALTER SYSTEM SET audit_sys_operations = TRUE SCOPE=SPFILE;
    3. Wait for the system to report that the value has been altered, and restart Oracle database.
    4. Check whether administrative user events appear in the log.
  2. Populate the ‘Oracle for Windows servers in the domain’ site with the machines you want to collect data from
  3. In the Oracle daily collection task, make sure that the ‘Oracle administrative users audit collection’ job involves the ‘Oracle administrative user events from Application log’ gathering policy, and that the job processes the ‘Oracle for Windows servers in the domain’ site.
Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents