Roxanne25
asked on
Oracle Auditing - Real World Best Practice
Hello, we have recently moved to Oracle from SQL Server and I am a newbie at a lot of Oracle standards. We turned on the oracle auditing features which I think are really robust however, I'm wondering what do people in the real world do with auditing? Do you audit EVERYTHING or do you only turn on certain things... do you write your own auditing logic... should we create separate tables to only store certain auditing fields?
We turned it on and of course its a TON of data... I assume we should prune it at some point? What interval do you recommend?
We have a process that takes 4 hours to run and without auditing it takes 3.5 hours to run. So, the auditing didn't seem to impact it all that much.
Any advice in the right direction is appreciated.
We turned it on and of course its a TON of data... I assume we should prune it at some point? What interval do you recommend?
We have a process that takes 4 hours to run and without auditing it takes 3.5 hours to run. So, the auditing didn't seem to impact it all that much.
Any advice in the right direction is appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You hardly don't need to use the AUDIT statement due to the built-in functionality Oracle provides (as mrjoltcola pointed out).
However, the most "pressing" questions about auditing surface when someone (mainly an executive) wants to know "Who changed this data?" or "Who dropped that table?" or "Who modified ...blah, blah, blah...?. For this kind of situations you could use logminer and/or AUDIT for tracking "special" operations (or the recomended FGA).
However, the most "pressing" questions about auditing surface when someone (mainly an executive) wants to know "Who changed this data?" or "Who dropped that table?" or "Who modified ...blah, blah, blah...?. For this kind of situations you could use logminer and/or AUDIT for tracking "special" operations (or the recomended FGA).
ASKER
Well we just had a conference call and I tried to explain its best not to turn on EVERYTHING and recommended to only track session activity, table auditing and invalid login attemps and they shot me down... the CFO said he wanted us to turn on EVERYTHING and then see if we need to adjust it from there. They also reiterated that they want me to tell them what kind of things I can turn off... which I thought I did.
I tried to say that it was best practice to do specific things but they were like "is that best practice for the gov't?? We have different standards".
I tried to say that it was best practice to do specific things but they were like "is that best practice for the gov't?? We have different standards".
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much that definately has given me a better direction... I think the approach of saying its an opt in rather than opt out methodolgy will greatly improve my communication with them. :)
ASKER
I work for the gov't...so their answer when asked what they need is everything lol.