ORACLE (10 and XE): audit_trail on windows event
Michele "L'emarginato"
i'm an absolute beginners on oracle systems, so, excuse me for the
"stupid qeustion" maybe.
I'm working to a project for to log and store the administrative login
to the oracle DB, in both OS windows and unix (linux).
I've readed something but on my test server i cannot reproduce what i'm
looking for.
I have an oracle XE on windows (2008) and oracle 10 on linux.
I execute on linux the follow commands:
alter system set audit_sys_operations=true scope=spfile; alter system
set audit_syslog_level='local1.info' scope=spfile;
shutdown;
startup;
alter system set audit_trail=os scope=spfile;
audit session whenever not successful ;
Well, on linux it seems to work,but i'm not so sure because i cannot see
any LOGOFF.
On windows DOESN'T completely:
alter system set audit_sys_operations=true scope=spfile; alter system
shutdown;
startup;
alter system set audit_trail=os scope=spfile;
audit session whenever not successful ;
Where i was wrong?
There is some documentation to read for to solve this issue?
Thanks
ddf
You are looking for these files in the directory listed in the
audit_file_dest parameter?
David Fitzjarrell
Michele "L'emarginato"
> You are looking for these files in the directory listed in the
> audit_file_dest parameter?
Hi David,
no, for Windows i know that the Event viewer will be used
(audit_trail=OS)
FOr linux i will use local.info , so the audit will be on one file on
the os.
But startign from windows i cannot see anything on event viewer, and
before this, i cannot send that command to activate the audit_trail.
Am i wrong?
thanks
ddf
Looking at the documentation (something you should also do) it appears
such auditing is not available in XE:
http://www.oracle.com/pls/xe102/ranked?word=audit_sys_operations
However a full release of 10.2 provides such an option:
David Fitzjarrell
Shakespeare
For XE, you will have to restart the database (shutdown, startup)
Shakespeare
Shakespeare
Which you did. Missed that....
Shakespeare
Michele "L'emarginato"
ok, i solved 50% of the proble, isntalling the 11x version.
Now the login are logged on the event viewer:
Log Name: Application
Source: Oracle.orcl
Date: 23/09/2009 12.04.36
Event ID: 34
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: w2008mike
Description:
The description for Event ID 34 from source Oracle.orcl cannot be found.
Either the component that raises this event is not installed on your
local computer or the installation is corrupted. You can install or
repair the component on the local computer.
If the event originated on another computer, the display information had
to be saved with the event.
The following information was included with the event:
ACTION : 'CONNECT' DATABASE USER: 'SYS' PRIVILEGE : SYSDBA CLIENT USER:
CLIENT TERMINAL: unknown STATUS: 0
Also the failed LOGIN are logged:
Log Name: Application
Source: Oracle.orcl
Date: 23/09/2009 12.03.45
Event ID: 34
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: w2008mike
Description:
The description for Event ID 34 from source Oracle.orcl cannot be found.
Either the component that raises this event is not installed on your
local computer or the installation is corrupted. You can install or
repair the component on the local computer.
If the event originated on another computer, the display information had
to be saved with the event.
The following information was included with the event:
ACTION : 'CONNECT' DATABASE USER: 'SYS' PRIVILEGE : NONE CLIENT USER:
CLIENT TERMINAL: unknown STATUS: 1017
...
But for to have also the LOGOFF, it is possible without special
triggers, or not?
Thankyou