Scribd
Upload
164 views

Configure Oracle 10g or 11g For Syslog Auditing

syslog

Uploaded by

Mohammed Shoukat Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
164 views

Configure Oracle 10g or 11g For Syslog Auditing

syslog

Uploaded by

Mohammed Shoukat Ali
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 2

Configure Oracle 10g or 11g for Syslog Auditing

Important: Use Oracle syslog auditing only on UNIX systems.

These configuration instructions support Oracle 10.2.0.1 and 11.0.1.6.


To configure Oracle for Syslog auditing:
1. On the Oracle host, perform the following tasks:
a. Determine how database parameters are stored and set in your version of
Oracle:
l Database parameters are stored in the initORACLE_SID.ora file, which
typically resides in
$ORACLE_HOME/dbs. To set parameters, you edit this file.
l Database parameters can be stored either in a binary server parameter file
(spfile) or in a normal
parameter file (pfile). If Oracle is using a binary server parameter file, set
parameters by issuing
ALTER SYSTEM commands.
b. Do one of the following to set the AUDIT_TRAIL parameter:
l If Oracle is using a normal parameter file, set AUDIT_TRAIL as follows:
AUDIT_TRAIL = OS
l If Oracle is using a binary server parameter file, run the following command:
alter system set audit_trail=os scope=spfile;
c. Do one of the following to set the AUDIT_SYS_OPERATIONS parameter:
l If Oracle is using a normal parameter file, set AUDIT_SYS_OPERATIONS as
follows:
AUDIT_SYS_OPERATIONS = TRUE
l If Oracle is using a binary server parameter file, run the following command:
alter system set audit_sys_operations=true scope=spfile;
d. Do one of the following to set the AUDIT_SYSLOG_LEVEL parameter:
l If Oracle is using a normal parameter file, set AUDIT_SYSLOG_LEVEL as
follows:
AUDIT_SYSLOG_LEVEL = '*.debug'
l If Oracle is using a binary server parameter file, run the following command:
alter system set audit_syslog_level='*.debug' scope=spfile;
e. Connect to the monitored instance as a privileged user with a tool such as
SQL* PLUS.
f. Disconnect from and reconnect to the instance. Oracle will generate audit
logs.
g. Restart Oracle.

Event Source Update 2010 RSA Security Inc. All rights reserved Page 8 of 11

2. Log on to your Linux machine, and open the /etc/ syslog.conf file in a
text editor.

3. To log all messages at the debug level and higher, add the following line:
*.debug @xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address of the enVision Collector appliance.


4. Save the file.
5. Open a command prompt, and to restart the syslog service, type:
service syslog restart

You might also like