Using Linux Audit to Audit / Log All Oracle Related Activity
Steve Grubb
sgrubb at redhat.com
Mon Dec 17 13:36:39 UTC 2007
On Monday 17 December 2007 08:21:18 Mathew Brown wrote:
> I was wondering if the Linux Audit Daemon could be used to address the
> issue of Oracle auditing. Has anyone investigated this possibility?
What would you like to know about Oracle?
> Ideally, I would like to audit all network (listener) as well as all
> local access (an Oracle DBA running sqlplus directly on the machine).
You mean accepting the connection? I think you can get all accepts that Oracle
would issue, but I don't know if you will get the remote address in the logs.
You also cannot tell it that you want accepts of a specific socket.
You might want to spend some time looking at Oracle from strace. That is about
the view of the world from the Linux Audit System. If you can't find anything
worth logging from that, it most likely means that you'd want Oracle to be
patched to send meaningful events to the audit system.
-Steve
More information about the Linux-audit
mailing list