Is it possible to audit when a constraint is disabled, enabled or dropped? Sometimes I wonder why some constraints are missing. To make sure someone is dropping I would like to audit that action. Further, I would need to compare schemas to realize if some constraints are missing. As it names are generated automatically by oracle, how could I easily run a select to compare the constraints that does not match between schemas?
We have a non-production Oracle 10g Cluster running on Linux, with DataGuard (logical standby). From time to time, we need to refresh the schema on primary, but to do so as always caused problems with the logical standby. Our DBAs can never get it to complete successfully. They have tried a bunch of different methods (even provided from Oracle), but it does not work. e have a bunch of skip statements on the
Everytime, we need to refresh the schema, we have to build the entire database (primary and logical standby) from production RMAN backup. As you can imagine this is a very time consuming ordeal. There has got to be a way this process can be completed in a timely manner.
I was thinking of the following.... 1) shut down dataguard, log shipping 2) lock user, kill sessions, drop user from primary 3) lock user, kill sessions, drop user from logical standby 4) run impdb on production export file on primary 5) run impdb on production export file on logical standby 6) re-enable dataguard, log shipping 7) confirm logs being applied, databases in sync
We are only replicating the one schema to the logical standby. I am not clear on how redo logs would be applied to the logical standby. There are hundreds of them @ 100 mb each, so I would think if we do this independently, I could somehow sync primary and logical standby after the imports complete.
We have an application with many separate databases (one per customer). Given they share the same business requirements (service hours, change mgmt etc), we're interested in potentially consolidating the separate DBs (which are relatively small) into separate schemas within a fewer no of databases to reduce the overhead.
Our issue is that the application is hard-coded to use a specific administrator and application connection user name. Changing this is unfortunately not an option.
Given this limitation, is there any possibility to map a generic user into a customer-specific schema based on the database service that they connect to? Each customer connects to different database services but may use the same user name. We considered using private synonyms but this seems to acheive the opposite (i.e. many different users could connect and map to a single users schema). One thing to point out is that where there is a single user name, it is acceptable for a single password to be used across the different customer DBs as they will be a single admin/user.
I am trying to setup logon/logoff auditing for our databases which reside in 9i and 10G on sun solaris servers. I am asked to turn on auditing sending the audit data to syslog! How exactly do you do that?
Let us say I want to audit data updates, deletes on existing table EMP_TAB that has a few hundred thousands of records.I created a shadow table Emp_tab_audit and added few audit columns
Emp_tab ( Empno NUMBER NOT NULL, Ename VARCHAR2(10), Job VARCHAR2(9),
[code]...
I am mostly interested in UPDATES and DELETES but I decided to add INSERTS to have full history for each eomplyee in one table (audit schema) instead of querying two tables all the time (production table and audit table) to see the changes.
I created this AFTER INSERT, UPDATE, DELETE trigger.decided to copy the :NEW values for INSERT and UPDATE and :OLD values for DELETE. attached.
so when insert happens, the first audit row is created in EMP_TAB_AUDIT. update happens, the 2nd new row is created in EMP_TAB_AUDIT.
The problem I am facing is the old records that curently exist. If someone updates an old row I am copying the :NEW values so I won't have a copy of the :OLD values unless I create 2 ROWS (one for the old and one for the new).
Do you think I should copy all the hundreds of thousands of records to the AUDIT tables for this to work.
******************************************************************* CREATE OR REPLACE TRIGGER TRG_EMP_AUDIT AFTER INSERT OR DELETE OR UPDATE ON EMP_TAB FOR EACH ROW DECLARE v_operation VARCHAR2(10) := NULL;
getting logon timestamp for our auditing process. In some website, it says to get the logon timestamp I have to select it from timestamp column of dba_audit_session but when I do this, some results has a logoff earlier than logon. Is timestamp column really the logon timestamp?
Oracle Audit Vault 10.2.3.2 & Linux Red Hat 5 on a V.M. box
I'm new to the Audit Vault and am experiencing some issues. Right now my biggest question is how does A.V. deal with TNS issues (allowing the collectors to find remote target db's) when we do not add any tns entries to the local tnsnames file?
We've recently added more space and our sysadmins have moved all of our AV data to the new disk space and have supposedly updated pointers allowing us to continue seamlessly. However now my collectors won't start, they are complaining with message below. These had started previously before the space add.
============================================================== Dec 13, 2010 11:44:35 AM Thread-10 FINEST: resp.getData:<?xml version='1.0' encoding='UTF-8'?> <auditException errKey="av.auditservice.DAO_INITIALIZATION_FAILED.9" ><nestedException message="ORA-12154: TNS:could not resolve the connect identifier specified " exceptionClass="java.sql.SQLException"/></auditException> ===============================================================
In Oracle Database 11.2.0.2, to delete audit trails after the audit records have been inserted into Oracle Audit Vault, is it necessary to schedule Oracle Audit Vault jobs to clean up audit trails on a scheduled basis, or AV automatically cleans up audit trails after the audit records have been inserted into the Audit Vault? I know there is a DBMS_AUDIT_MGMT package, but in 11gR2, the deletion of audit trails isn't done automatically?
i want to trace user activities, I want to generate the file with SQL statement generated by particular user. I tried to look in to sys.AUD$ but all i get is logging logout and locations but no SQL Text.
I am using 'Novell Sentinel Log Manager' to collect/fetch logs from my Oracle 11g R2.To enable auditing, first I did following:
login as sys, then SQL> create user testuser identified by "testuser"; SQL> grant connect to testuser SQL> grant dba to sharf SQL> grant CREATE SESSION to testuser; SQL> grant select on v_$session to testuser; SQL> grant select on v_$version to testuser; SQL> grant select on SYS.DBA_AUDIT_TRAIL to testuser; SQL> grant select_catalog_role to testuser; SQL> grant select any dictionary to testuser;
Now logon/logof of user 'testuser' are logged , as well as if testuser drops a table or creates a table, its also logged . but when 'testuser' insert a new record, this information does not logged ;( while I need to know exactly what was added SQL> insert into emp (empid, name, salary) values (10002, 'Ron', 6000)
likewise if 'testuser' modify/update an existing record it also does not logged. SQL> update emp set salary=700 where empid=10001;
which sql statements I have to execute to start auditing 'insert' and 'update', so that I know what was added/inserted and exactly what was updated/ changed/modify by user 'testuser'.
I installed Audit Vault Server 12 (not install firewall) in a oracle linux vmware and activated an agent for Oracle 11g release 2 in windows 7 x64 vmware according to Oracle® Audit Vault and Database Firewall Installation Guide and Administrator’s Guide Release 12.1.0 as follows:
1) ALTER SYSTEM SET AUDIT_TRAIL=XML, EXTENDED SCOPE=SPFILE; Database restart
2) Register the Oracle Database Host Machine
3) Deploy Agent and Request Activation on the Host Machine
4) Create user accounts on the secured targets and set up Oracle AVDF user privileges on an Oracle Database secured target.
5) Register Secured Targets in the Audit Vault Server with user acount of stpe 4:jdbc:oracle:thin:@//IP:1521/orcl
6) Configure an Audit Trail in the Audit Vault Server : TABLE - sys.aud$ or DVSYS.audit_trail$, DIRECTORY - directory of audit trail xml saved.
I turned off firewall just in case.Administrator web page of AVDF showed only messages of "request completed" after configuring an audit trail in the Audit Vault Server.But, collection state was a red downward arrow, and even auditor web page showed same state.I couldn't show audit trails in the auditor web page.
I have to find all the 'failed log ins' through audit report. then it has to be uploaded to a table. The script, either in windows or unix should be reusable and can read files one by one.
I want to audit user connection on my reporting database, and send a report to application team on monthly basis, with a list of users who are not connected for a month and remove them.
What would be best method, i know there is LOGON trigger, or database level auditing.
in my environmnet audit is working audit_trail=db,extended . i am also viewing report of audit trail from dba_audit_trail or aud$. But problem is that i have to generate report on which object of schema what audit is running .
or from which tables we can get information of following commands.
AUDIT ALL BY xx_test BY ACCESS; AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE BY xx_test BY ACCESS; AUDIT EXECUTE PROCEDURE BY xx_test BY ACCESS;
efficient & fast method for Audit trailing tables in a Schema for any insert /update /deletes for a table. I do not want to use db triggers because of performance issues.
presently we have as system which does audit trail as below:
1. If a user changes a column value for a table ( update/insert/delete) then we call a db package and pass the parameters like table name,col name,user, operation (ins/update/delete),old value, new value,date modified,user modified etc
2. the called package will insert a record in the audit trail table with the parameters passed
3. The audit trail table is used for report generation .
I want to do sanity check on schema ( as we have loaded data from file system to ORACLE TABLES ) . Need to get the count of records in each table from a schema.
I need to create a structure DATABASE=>SCHEMA=>TABLE as
DB=>SC=>EMPLOYEE ...but after connecting database i could create table only user my user schema(own schema)only . I want to create a new schema called SC as public and need to create a table .
I do a schema in oracle ... an m my question is if I can create 2 o more users for access to a schema..for example i have schema Project and i need that one administrator and 2 more users with others permission.
how can i grant a user permission to create tables and indexes in other user schema.Grant create table permits the user to create tables in his own schema which is part of Resource role.Grant any table will permit him to create table in any schema including system which i don't want.
