• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 748
  • Last Modified:

How to enable audit for high Privilege users?

I enabled audit trail using audit trail = DB option. Its started logging events for normal users. But when I add normal user to DBA role then suddenly stopping logging everything. Can anyone guide me in this matter??

Thanks in advance....

Regards,
Pralay
0
pralay
Asked:
pralay
1 Solution
 
actonwangCommented:
issue audit command again:

AUDIT SELECT;

to see what happens.
0
 
pralayAuthor Commented:
I done that but no use. I mean for normal users its logging all the events. But for high privilege user like sys, sysdba its not doing. And if I add any user to DBA role then also its stop logiing events.

I hope this makes situation more clear to understand.

Thanks,
Pralay
0
 
gvsbnarayanaCommented:
Hi
All Actions of SYS and users having SYSDBA previliges are not logged in the database. They are logged on OS.
HTH
Regards,
Badri.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
actonwangCommented:
i c.

you must set parameter AUDIT_SYS_OPERATIONS as true.

AUDIT_SYS_OPERATIONS enables or disables the auditing of operations issued by user SYS, and users connecting with SYSDBA or SYSOPER privileges. The audit records are written to the operating system's audit trail.


Acton
0
 
pralayAuthor Commented:
Thanks. I done that way only. Well can anyone suggest if I want to enable loggon failure events and not anything else then what should I have to enable.

If I want to that's using one user then what minimum permissions i should give to that user.

Thanks in advance.

Regards,
Pralay Desai
0
 
actonwangCommented:
use:

AUDIT SESSION WHENEVER NOT SUCCESSFUL;
0
 
pralayAuthor Commented:
Very true. Well I have one query. I am working on Oracle 9i on windows 2000. Its normal installation with auditing enable.

I am getting logs in SYS.AUD$ table. Now in logs when I am trying login with sys and system users then sometimes its showing user authenticate by os and sometimes its showing user authenticate by database. Can I know why its coming like that??


Thanks in advance....

Regards,
Pralay Desai
0
 
actonwangCommented:
your parameter:

REMOTE_LOGIN_ PASSWORDFILE might be set as NONE.

user with sysdba privilege will be authenticated by os by default. other normal users will still be checked by db itself.


acton
0
 
pralayAuthor Commented:
Yes that's correct. But why in logs some times its shows authenticated by os for normal user (without SYSDBA) privilege. and some times authenticated by database for that same normal users.

 I am quite confused on that.

thanks,
Pralay Desai
0
 
actonwangCommented:
not sure what happended but a normal user either by os or by db. It is set when you create the user. shouldn't happen for one user.
0
 
Computer101Commented:
Forced accept.

Computer101
EE Admin
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now