Pete Finnigan's Oracle Security Forum

   Pete Finnigan's Oracle Security Forum
   Oracle Security
   Oracle Auditing (Moderator: Pete Finnigan)
   Audit alerts to EM?

« Previous topic | Next topic »

Pages: 1

Reply | Notify of replies | Send Topic | Print

Author

Topic: Audit alerts to EM? (Read 2453 times)

Pete Finnigan
PeteFinnigan.com Administrator

Oracle Security is easier if you design for it

View Profile | WWW | Email

Gender: male

Posts: 309

Audit alerts to EM?
« on: Jan 6^th, 2009, 12:20pm »

Quote | Modify

The last few days I've been looking into auditing.

It's quite easy to audit certain statements, like "audit alter any procedure" for example. Having audit data as forensic option is nice, but I'd prefer to get an alert in Enterprise Manager, that would warn DBAs (by mail) that somebody is trying to alter a procedure (or create a directory of something else).

I've been looking into EM's compliance features, but that kind of functionality does not seem to be included by default.

Probably I have to create a job of some sort, that checks sys.aud$ for new rows and raises an alert in EM somehow.

Has anyone done this before?

IP Logged

Pete Finnigan (email:pete@petefinnigan.com)
Oracle Security Web site: http://www.petefinnigan.com
Forum: http://www.petefinnigan.com/forum/yabb/YaBB.cgi
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html

Pete Finnigan
PeteFinnigan.com Administrator

Oracle Security is easier if you design for it

View Profile | WWW | Email

Gender: male

Posts: 309

Re: Audit alerts to EM?
« Reply #1 on: Jan 21^st, 2009, 7:32pm »

Quote | Modify

Marcel-Jan,

I've not done it before but I've written user defined metrics for Oracle Grid and I think what you want can be easily implemented with a UDM. See the Oracle documentation on how to write UDM. It is easy.
Also, if you write Oracle 's audit trail to an OS file other tools can be used to generate alerts.

regards,

Ivan

IP Logged

Pete Finnigan
PeteFinnigan.com Administrator

Oracle Security is easier if you design for it

View Profile | WWW | Email

Gender: male

Posts: 309

Re: Audit alerts to EM?
« Reply #2 on: Jan 22^nd, 2009, 3:21pm »

Quote | Modify

Another option Marcel-Jan would be to use a system trigger and to send message from the trigger to EM. This could be fired on ALTER and the trigger code can filter on the specific target of the ALTER.

cheers

Pete

IP Logged

Pete Finnigan
PeteFinnigan.com Administrator

Oracle Security is easier if you design for it

View Profile | WWW | Email

Gender: male

Posts: 309

Re: Audit alerts to EM?
« Reply #3 on: Jan 23^rd, 2009, 9:08am »

Quote | Modify

Lets say it was right in front of my nose in OEM, but I didn't notice the Create button completely on the right on the User Defined Metrics page.

It wasn't until I studied this article that I noticed it:
http://dba-brent.blogspot.com/2007/08/howto-setup-user-defined-metrics-i n-oem.html

I consider UDM before trying system triggers.

IP Logged

Pete Finnigan
PeteFinnigan.com Administrator

Oracle Security is easier if you design for it

View Profile | WWW | Email

Gender: male

Posts: 309

Re: Audit alerts to EM?
« Reply #4 on: Jan 23^rd, 2009, 9:35am »

Quote | Modify

sounds like a better plan Marcel-Jan

IP Logged

Pages: 1

Reply | Notify of replies | Send Topic | Print


« Previous topic \| Next topic »



Cookie Policy:We only use essential cookies on small sections of this website. For details see here.
Services \| Portal \| White Papers \| Scripts \| Tools \| Newsletter \| Information \| Alerts \| Search \| Weblog / Forum \| What's New About Us Consulting Services Training Courses Oracle Security Research Database Policy Partners Products Careers Pete Finnigan Contact Details Events Oracle Security Database Security Database Software Security Web Development Programming Off Topic Oracle Security Oracle Security (Page 2) Others Ramblings Oracle Security Tips SQL and PL/SQL Unix Tools Audit Tools Default Password Checker Default Password List Oracle Security Scanner Subscribe Un-Subscribe Recent Newsletters Web Links Books Oracle Newsgroups Oracle Blogs Oracle news Feedback / Enquiries Guestbook Site Map Site Statistics WebLog Forum Security Issues Database What's New Register for Updates PeteFinnigan.com in the news

Welcome, Guest. Please Login. Dec 16^th, 2018, 4:59pm News: Welcome to Pete Finnigan's Oracle security forum
Home \| Help \| Search \| Members \| Login