Auditing Using Operating System Audit Trail:


Using the Operating System Audit Trail:
To allow auditing information to write to the operating system (OS) rather than database (DB), use "System Audit Trail" Option:

vi /etc/syslog.conf

# Send Oracle audit logs to /var/log/oracle/audit.log
local0.* /var/log/oracle/audit.log

mkdir /var/log/oracle
touch /var/log/oracle/audit.log
ls -l /var/log/oracle/audit.log
chown -R oracle:dba /var/log/oracle
chmod -R 0660 /var/log/oracle


# restart syslogd to take effect
/etc/init.d/syslog restart


vi /etc/logrotate.d/ora_housekeeping
>>

# Oracle audit log
/var/log/oracle/audit.log {
weekly
rotate 4
compress
notifempty
missingok
copytruncate
delaycompress
create 0660 oracle dba
}

 

# asm
sho parameter audit
alter system set audit_file_dest='/var/log/oracle' scope=spfile;
alter system set audit_syslog_level='local0.info' scope=spfile;

-- after server reboot
sho parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /var/log/oracle
audit_sys_operations boolean FALSE
audit_syslog_level string LOCAL0.INFO

# db
sho parameter audit
alter system set audit_trail='OS' scope=spfile;
alter system set audit_file_dest='/var/log/oracle' scope=spfile;
alter system set audit_syslog_level='local0.info' scope=spfile;

-- after server reboot
sho parameter audit
NAME TYPE VALUE
------------------------------------ -------------------- ------------------------------
audit_file_dest string /var/log/oracle
audit_sys_operations boolean FALSE
audit_syslog_level string LOCAL0.INFO
audit_trail string OS

 

[Reference]
http://docs.oracle.com/cd/E11882_01/network.112/e16543/auditing.htm

arrow
arrow
    全站熱搜
    創作者介紹
    創作者 DanBrother 的頭像
    DanBrother

    DanBrother的部落格

    DanBrother 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄