18 Auditing

Copyright © Oracle Corporation, 2002. All rights reserved.

 Objectives

After completing this lesson, you should be able to do

the following:
• Outline auditing categories
• Enable auditing for an instance
• Outline auditing options
• Obtain audit information

18-2 Copyright © Oracle Corporation, 2002. All rights reserved.

 Auditing

• Auditing is the monitoring of selected user database

actions, and is used to:
– Investigate suspicious database activity
– Gather information about specific database activities
• Auditing can be performed by session or access

18-3 Copyright © Oracle Corporation, 2002. All rights reserved.

 Auditing Guidelines

• Define what you want to audit:

– Users, statements, or objects
– Statement executions
– Successful statement executions, unsuccessful
statement executions, or both
• Manage your audit trail:
– Monitor the growth of the audit trail
– Protect the audit trail from unauthorized access

18-4 Copyright © Oracle Corporation, 2002. All rights reserved.

18-5 Copyright © Oracle Corporation, 2002. All rights reserved.
 Auditing Categories

• Audited by default:
– Instance startup and instance shutdown
– Administrator privileges
• Database auditing:
– Enabled by the DBA
– Cannot record column values
• Value-based or application auditing:
– Implemented through code
– Can record column values
– Used to track changes to tables

18-6 Copyright © Oracle Corporation, 2002. All rights reserved.

18-7 Copyright © Oracle Corporation, 2002. All rights reserved.
 Database Auditing

Enable database Execute command

auditing
DBA Parameter file User

Server
Review Specify process
audit audit options Generate
information
audit trail

Audit options
OS audit
Database trail
Audit trail

18-8 Copyright © Oracle Corporation, 2002. All rights reserved.

18-9 Copyright © Oracle Corporation, 2002. All rights reserved.
 Auditing Options

• Statement auditing:
AUDIT TABLE;

• Privilege auditing:
AUDIT create any trigger;

• Schema object auditing:

AUDIT SELECT ON emi.orders;

18-10 Copyright © Oracle Corporation, 2002. All rights reserved.

 Auditing Options

Fine-grained auditing:
• Provides the monitoring of data access based on
content
• Is implemented using the DBMS_FGA package

18-11 Copyright © Oracle Corporation, 2002. All rights reserved.

 Auditing User SYS

• Auditing user SYS provides:

– Extra level of security
– Set AUDIT_SYS_OPERATIONS to True
• Non-auditing of user SYS:
– Set AUDIT_SYS_OPERATIONS to False
– This is the default value.

18-12 Copyright © Oracle Corporation, 2002. All rights reserved.

 Obtaining Auditing Information

Information about auditing can be obtained by

querying the following views:
• ALL_DEF_AUDIT_OPTS
• DBA_STMT_AUDIT_OPTS
• DBA_PRIV_AUDIT_OPTS
• DBA_OBJ_AUDIT_OPTS

18-13 Copyright © Oracle Corporation, 2002. All rights reserved.

 Obtaining Audit Records Information

Information about auditing records can be obtained by

querying the following views:
• DBA_AUDIT_TRAIL
• DBA_AUDIT_EXISTS
• DBA_AUDIT_OBJECT
• DBA_AUDIT_SESSION
• DBA_AUDIT_STATEMENT

18-14 Copyright © Oracle Corporation, 2002. All rights reserved.

 Summary

In this lesson, you should have learned how to:

• Outline auditing needs
• Enable and disable auditing
• Identify and use the various auditing options
• Obtain audit information

18-15 Copyright © Oracle Corporation, 2002. All rights reserved.

 Practice 18 Overview

There is no practice for this lesson.

18-16 Copyright © Oracle Corporation, 2002. All rights reserved.