Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Welcome, Guest. Please Login.
Nov 19th, 2017, 4:33am
News: Welcome to Pete Finnigan's Oracle security forum
Home | Help | Search | Members | Login
   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Auditing
(Moderator: Pete Finnigan)
   Audit alerts to EM?
« Previous topic | Next topic »
Pages: 1  Reply | Notify of replies | Send Topic | Print
   Author  Topic: Audit alerts to EM?  (Read 2168 times)
Marcel-Jan
PeteFinnigan.com Junior Member
**






   
View Profile | WWW |

Gender: male
Posts: 83
Audit alerts to EM?
« on: Jan 6th, 2009, 12:20pm »
Quote | Modify

The last few days I've been looking into auditing.  
 
It's quite easy to audit certain statements, like "audit alter any procedure" for example. Having audit data as forensic option is nice, but I'd prefer to get an alert in Enterprise Manager, that would warn DBAs (by mail) that somebody is trying to alter a procedure (or create a directory of something else).  
 
I've been looking into EM's compliance features, but that kind of functionality does not seem to be included by default.  
 
Probably I have to create a job of some sort, that checks sys.aud$ for new rows and raises an alert in EM somehow.
 
Has anyone done this before?
IP Logged
isaez
PeteFinnigan.com Junior Member
**



Ivan

   
View Profile |

Gender: male
Posts: 76
Re: Audit alerts to EM?
« Reply #1 on: Jan 21st, 2009, 7:32pm »
Quote | Modify

Marcel-Jan,
 
I've not done it before but I've written user defined metrics for Oracle Grid and I think what you want can be easily implemented with a UDM. See the Oracle documentation on how to write UDM. It is easy.  
Also, if you write Oracle 's audit trail to an OS file other tools can be used to generate alerts.
 
regards,
 
Ivan
IP Logged

regards,

Ivan
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Audit alerts to EM?
« Reply #2 on: Jan 22nd, 2009, 3:21pm »
Quote | Modify

Another option Marcel-Jan would be to use a system trigger and to send message from the trigger to EM. This could be fired on ALTER and the trigger code can filter on the specific target of the ALTER.
 
cheers
 
Pete
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Marcel-Jan
PeteFinnigan.com Junior Member
**






   
View Profile | WWW |

Gender: male
Posts: 83
Re: Audit alerts to EM?
« Reply #3 on: Jan 23rd, 2009, 9:08am »
Quote | Modify

Lets say it was right in front of my nose in OEM, but I didn't notice the Create button completely on the right on the User Defined Metrics page.  
 
It wasn't until I studied this article that I noticed it:
http://dba-brent.blogspot.com/2007/08/howto-setup-user-defined-metrics-i n-oem.html
 
I consider UDM before trying system triggers.
IP Logged
Pete Finnigan
PeteFinnigan.com Administrator
*****




Oracle Security is easier if you design for it

   
View Profile | WWW | Email

Gender: male
Posts: 309
Re: Audit alerts to EM?
« Reply #4 on: Jan 23rd, 2009, 9:35am »
Quote | Modify

sounds like a better plan Marcel-Jan Smiley
IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Pages: 1  Reply | Notify of replies | Send Topic | Print

« Previous topic | Next topic »

Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright 2000-2004 Yet another Bulletin Board