Without DB Activity Monitoring in place, we would like daily job/script
(Windows Scheduled Task for MS SQL and Unix cron for Oracle) to
detect if the following took place :
a) failed login attempts to a DB (even a single failed attempt)
b) unusual high amount of data being queried (say 10 times more
than last 30 days' average; if this is not possible, then 15MB of
data)
Q1:
Can provide the specific commands (SQL or OS) for both DB types
above for Windows & UNIX (Solaris & RHEL)?
Q2:
For item a above, which file in MS SQL & Oracle DB contain that info?
As the scripts run once/day, Ideally the script covers the last 24hrs
events/logs so that in the next run
Q3:
Referring to above URL, what's the equivalent Oracle command to set
' audit_trail="true" ' and is there any way to do it without restarting the
Oracle instance & is it necessary to enable Audit Trail to get this info of
failed login attempts?
Q4:
Our DBA said turning on the Audit Trail can have major performance impact:
what can we do about this? How do we estimate the disk space the Audit
Trail will take?
Q5:
What's the command to roll over (ie once/day) a new Audit Trail file once the
sql query to get the failed login attempts is done