I am trying to setup logon/logoff auditing for our databases which reside in 9i and 10G on sun solaris servers. I am asked to turn on auditing sending the audit data to syslog! How exactly do you do that?
In Oracle Database 11.2.0.2, to delete audit trails after the audit records have been inserted into Oracle Audit Vault, is it necessary to schedule Oracle Audit Vault jobs to clean up audit trails on a scheduled basis, or AV automatically cleans up audit trails after the audit records have been inserted into the Audit Vault? I know there is a DBMS_AUDIT_MGMT package, but in 11gR2, the deletion of audit trails isn't done automatically?
I installed Audit Vault Server 12 (not install firewall) in a oracle linux vmware and activated an agent for Oracle 11g release 2 in windows 7 x64 vmware according to Oracle® Audit Vault and Database Firewall Installation Guide and Administrator’s Guide Release 12.1.0 as follows:
1) ALTER SYSTEM SET AUDIT_TRAIL=XML, EXTENDED SCOPE=SPFILE; Database restart
2) Register the Oracle Database Host Machine
3) Deploy Agent and Request Activation on the Host Machine
4) Create user accounts on the secured targets and set up Oracle AVDF user privileges on an Oracle Database secured target.
5) Register Secured Targets in the Audit Vault Server with user acount of stpe 4:jdbc:oracle:thin:@//IP:1521/orcl
6) Configure an Audit Trail in the Audit Vault Server : TABLE - sys.aud$ or DVSYS.audit_trail$, DIRECTORY - directory of audit trail xml saved.
I turned off firewall just in case.Administrator web page of AVDF showed only messages of "request completed" after configuring an audit trail in the Audit Vault Server.But, collection state was a red downward arrow, and even auditor web page showed same state.I couldn't show audit trails in the auditor web page.
in my environmnet audit is working audit_trail=db,extended . i am also viewing report of audit trail from dba_audit_trail or aud$. But problem is that i have to generate report on which object of schema what audit is running .
or from which tables we can get information of following commands.
AUDIT ALL BY xx_test BY ACCESS; AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY xx_test BY ACCESS; AUDIT EXECUTE PROCEDURE BY xx_test BY ACCESS;
I am using oracle developer 10g. I want to know the status of the printer where i want to print. If the running report is printing or in queue then a record is to be inserted into a table as audit-trail of printing. Idon't want to do it manually.
[oracle@RSASPGERP02 ~]$ cd / [oracle@RSASPGERP02 ~]$ . .bash_profile [oracle@RSASPGERP02 ~]$ sqlplus / as sysdba sql*plus:Release 10.2.0.4.0 - production Error: ORA-09925:Unable to create audit trail file
[code]....
its standby archieving problem ,the problem appears when try to connect directly or through telenet and we try to login directly using oracle user we receving following message and login fail, "GDM could not write to your authorization file,this could mean that you are out of disk space or that your home directory could not be opened for writting"
I am trying to understand how to enable some audit so we can capture OEM logins as well.
Here is my setup. Lets say my DB that i am auditing is called audit_db (audit trail set to DB) sitting on host called host_db. and we have grid control agent on this box.now my grid control is as this. Lets say my OMS and repository is on host called OMS_host.
we run query aginst dba_audit_session to get info as to who tried failed login attemps and stuff.
Now to the part that is not working.
-- this is the good part When i intentionaly login to the audit_db with sqlplus client from my laptop with wrong username/password that is captured. we get the username,os_username,userhost,terminal.
here is the sample output
username is the wrong user that i tried to login as os_username is the my local username(ad account) userhost is my_laptop_name terminal is laptop_name
from above we can figure who was trying to login(failed).
-- this is the bad part But lets say i try to login to audit_db through grid control and use wrong username/password.that gets captured too(but not all of it). we get the username,os_username,userhost,terminal.
here is the sample output
username is the wrong user that i tried to login as os_username is the user of OMS repository db(oracle) userhost is oms_host terminal is unknown
Now with the above info, we cannot figure out who tried to login with bad login credential.
AVDF current version 12.1 not support External/SAN storage. my question is, if customer get a huge number of Audit log and DBFW event records, then how max size can Audi Vault server support for online data (not archive data)? and can I use a Hardware server with multiple HDDs for AV Server?
I need to build a query on making a vertical records to horizontal records. I did read somewhere saying that we can use decode function. But im still trying to understand how decode function can make a vertical records to horizontal records.
i have written an sql to look as sales orders but i want it to only return the last 12 months worth of sales for the date its run, the date file [sdtrdj] is julian date so i used to_char to conver it to dd-mm-yyyy how can i get it to only return the last 12 months from the date its run
select sdshan As "Location", sddcto As "Order Type", sddoco As "Order Number",sdlitm As "Product Code", sddsc1 As "Product Description", to_char(to_date(sdtrdj + 1900000, 'yyyyddd'),'DD-MM-YY')As "Order Date", sduorg As "Order Qty", sdaexp As "Extended Amount", sdsoqs As "Quantity Shipped", ibsrp4 As "Srp4", ibsrp6 As "Srp6", ibsrp7 As "srp7", ibsrp9 As "Srp9", ibsrp0 As "srp10", sdsrp2 As "Franchise" From proddta.f4211, proddta.f4102 Where sdmcu = ' UKC001' and sddcto = 'KO' and sdlitm = iblitm and sdmcu = ibmcu and sdsrp2 In ('504','973','322','236','232','856','233','566','590','470','343','266','279')
I have an issue of not able to connect to the database after switchover without making changes in TNS entry after the switchover when I try to connect to then the primary database (which is standby before ) , the tns entry has entries for both the primary and secondary but the order of the primay and seconday database is to be changed manually till then it keep showing ERROR: ORA-01033: ORACLE initialization or shutdown in progress.
I am going through the Oracle VSS writer , trying out various methods. Just keen to know if this is the right place to ask VSS related questions as I could not find any post related to VSS.
For Volume based VSS shadow copy backups for a logged database, I am unsure about the restore method using VSS writer. Also oracle doc does not mention any steps for volume based restore of a logged (archive log mode db) database.
Previously it is working fine but today when i am trying to duplicate a database using rman not getting exactly error but the o/p is as below
C:Usersdbadmin>rman target sys/tiger@na Recovery Manager: Release 11.2.0.1.0 - Production on Thu Jun 27 15:33:33 2013 Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved. connected to target database: NA (DBID=1572981579) RMAN> connect auxiliary sys/tiger@da connected to auxiliary database: NOIDA (DBID=1572981579, not open)
It is correct that the rman is connected to the db with name na but not with db da Previously i am able to connect both the instance.
I created a script to make my admin server a windows service. I successfully made it a service but when it starts it then shuts itself down. i ran a debug and found a error. I dont get what to do. I have tried changing the variables in the script and try it over and over again .....here is my script code and here is the error i got from debug output:
script
SETLOCAL set DOMAIN_NAME=FRClassicDomain set USERDOMAIN_HOME=C:/Oracle/Middleware/user_projects/domains/FRClassicDomain set SERVER_NAME=FRweblogic
ORA-00607: Internal error occurred while making a change to a data block ORA-00600: internal error code, arguments: [4194], [89], [83], [], [], [], [], []
We can audit a particular table alone, I would like to audit one table, to find all different kinds of queries fired (Including select, insert and update) over a period of 2 months.
I have to create a audit/history table on a master table so that I can store the old/current state of data in my audit table. I am planning to write following program.
1. Created the audit table with similar number of records. 2. Everyday at a particular time I will compare the audit/main table and push the records in audit table which are either updated or not present in the audit table so that the audit table = main table + old state of data.
I am unable to figure out the proper way to implement the point 2 above in oracle database.
I facing the below issue while enable the audit on table.
SQL> audit delete on test; audit delete on test * ERROR at line 1: ORA-00604: error occurred at recursive SQL level 1 ORA-01400: cannot insert NULL into ("SYS"."AUDIT_DDL"."DICT_OBJ_TYPE") ORA-06512: at line 2
=== Related Information === SQL> select version from v$instance;
VERSION ----------------- 11.2.0.2.0
SQL> show parameter audit;
NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ audit_file_dest string /orasw/product/11.2.0 /rdbms/audit audit_sys_operations boolean FALSE audit_syslog_level string audit_trail string DB
SQL> SELECT TABLESPACE_NAME,owner from dba_tables where table_name='AUD$';
