Chat now with support
Chat with Support

InTrust 11.4.1 - Preparing for Auditing Oracle

Configuring Sites

It is recommended that you gather data using agents running on the Oracle ODBC proxy computers. Configure the InTrust site in the following way:

  1. In InTrust Manager, create a copy of the existing ‘Oracle ODBC computers’ site. By default, this site contains all computers from the current domain where Oracle ODBC driver is installed. Clear the site.
  2. Populate this site with Oracle ODBC proxy computers. Note that if you are going to gather data without agents, you have to include each computer in a separate site and assign a separate job to process it.

Setting Up a Gathering Policy

The following procedure describes how to set up a gathering policy to collect Oracle 11g audit trails. You can set up a policy for collecting Oracle 10g and Oracle 9i audit trails in a similar way.

Note: It is recommended that you create a copy of each predefined object (policy, task, or job) you need and then modify it as necessary.

  1. In InTrust Manager, select Gathering | Gathering policies | Microsoft Windows Network | Oracle 11g audit trail (ODBC).
  2. Create a copy of this policy. From the shortcut menu, select Add Data Source and follow the wizard to add the data source you have prepared.
  3. Under the policy node, select the old data source, and from its shortcut menu, select Delete.
  4. Open the policy’s properties, and on the Filter tab specify the filters you need.

Setting Up a Scheduled Task

  1. In InTrust Manager, select the Workflow | Tasks | Oracle Daily Collection and Reporting task.
  2. For each gathering job you need, go to the General tab and make sure the job is enabled.

NOTE: The task contains jobs for Oracle audit trail collection: "Oracle 11g audit trail collection (via ODBC)", "Oracle 10g audit trail collection (via ODBC)" and "Oracle 9i audit trail collection (via ODBC)". Select the job you need and make sure it is enabled. Disable the unnecessary jobs by clearing the Enable check box on the General tab (for example, you may not need the ‘Oracle for Unix administrative users audit collection’ job.)

  1. For the Oracle audit trail collection job you need, on the Gathering tab select Use agents to execute this job on target computers.
  2. From the task’s shortcut menu, select Properties and modify the properties as necessary.

InTrust Configuration Objects for Oracle

  • Gathering policies:
    • Oracle administrative user events from Application log
    • Oracle for Unix administrative user events
    • Oracle 11g audit trail (ODBC)
    • Oracle 10g audit trail (ODBC)
    • Oracle 9i audit trail (ODBC)
  • Import policies:
    • Oracle administrative user events from Application log
    • Oracle for Unix administrative user events
    • Oracle 11g audit trail (ODBC)
    • Oracle 10g audit trail (ODBC)
    • Oracle 9i audit trail (ODBC)
  • Jobs:
    • Oracle administrative users audit collection
    • Oracle for Unix administrative users audit collection
    • Oracle 11g audit trail collection (via ODBC)
    • Oracle 10g audit trail collection (via ODBC)
    • Oracle 9i audit trail collection (via ODBC)
    • Oracle reporting
  • “Oracle daily collection and reporting” task
  • Sites:
    • Oracle for Windows servers in the domain
    • Oracle for Unix servers
    • Oracle ODBC computers
  • Data Sources:
    • Oracle 11g DB-based log
    • Oracle 10g DB-based log
    • Oracle 9i DB-based log
    • Oracle Text log
Related Documents