Auditing in Oracle Database


The auditing mechanism for Oracle is extremely flexible. Oracle stores information that is relevant to auditing in its data dictionary.

Every time a user attempts anything in the database where audit is enabled the Oracle kernel checks to see if an audit record should be created or updated (in the case or a session record) and generates the record in a table owned by the SYS user called AUD$. This table is, by default, located in the SYSTEM tablespace. This itself can cause problems with potential denial of service attacks. If the SYSTEM tablespace fills up, the database will hang.

init parameters

Until Oracle 10g, auditing is disabled by default, but can be enabled by setting the AUDIT_TRAIL static parameter in the init.ora file.

From Oracle 11g, auditing is enabled for some system level privileges.

SQL> show parameter audit

NAME

TYPE

VALUE

———————-

————

————-

audit_file_dest

string

?/rdbms/audit

audit_sys_operations

boolean

FALSE

audit_syslog_level

string

NONE

audit_trail

string

DB

transaction_auditing

boolean

TRUE

AUDIT_TRAIL can have the following values.

Continue reading

Advertisements