• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 753
  • Last Modified:

How to enable audit for high Privilege users?

I enabled audit trail using audit trail = DB option. Its started logging events for normal users. But when I add normal user to DBA role then suddenly stopping logging everything. Can anyone guide me in this matter??

Thanks in advance....

Regards,
Pralay
0
pralay
Asked:
pralay
1 Solution
 
actonwangCommented:
issue audit command again:

AUDIT SELECT;

to see what happens.
0
 
pralayAuthor Commented:
I done that but no use. I mean for normal users its logging all the events. But for high privilege user like sys, sysdba its not doing. And if I add any user to DBA role then also its stop logiing events.

I hope this makes situation more clear to understand.

Thanks,
Pralay
0
 
gvsbnarayanaCommented:
Hi
All Actions of SYS and users having SYSDBA previliges are not logged in the database. They are logged on OS.
HTH
Regards,
Badri.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
actonwangCommented:
i c.

you must set parameter AUDIT_SYS_OPERATIONS as true.

AUDIT_SYS_OPERATIONS enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges. The audit records are written to the operating system's audit trail.


Acton
0
 
pralayAuthor Commented:
Thanks. I done that way only. Well can anyone suggest if I want to enable loggon failure events and not anything else then what should I have to enable.

If I want to that's using one user then what minimum permissions i should give to that user.

Thanks in advance.

Regards,
Pralay Desai
0
 
actonwangCommented:
use:

AUDIT SESSION WHENEVER NOT SUCCESSFUL;
0
 
pralayAuthor Commented:
Very true. Well I have one query. I am working on Oracle 9i on windows 2000. Its normal installation with auditing enable.

I am getting logs in SYS.AUD$ table. Now in logs when I am trying login with sys and system users then sometimes its showing user authenticate by os and sometimes its showing user authenticate by database. Can I know why its coming like that??


Thanks in advance....

Regards,
Pralay Desai
0
 
actonwangCommented:
your parameter:

REMOTE_LOGIN_ PASSWORDFILE might be set as NONE.

user with sysdba privilege will be authenticated by os by default. other normal users will still be checked by db itself.


acton
0
 
pralayAuthor Commented:
Yes that's correct. But why in logs some times its shows authenticated by os for normal user (without SYSDBA) privilege. and some times authenticated by database for that same normal users.

 I am quite confused on that.

thanks,
Pralay Desai
0
 
actonwangCommented:
not sure what happended but a normal user either by os or by db. It is set when you create the user. shouldn't happen for one user.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now