Click here to expand

    Adding Oracle Application Server

    • Navigate to Settings > Configuration > Manage Application Sources. You can also click on the +Add button on the top right corner of the Home page and select Application.
    • Next, select the Other Application Sources tab and click on the +Add Application button.
    • Enter the name of the device and click on the Add button.
    • After adding an Oracle device in EventLog Analyzer, configure the Oracle server as instructed below.

    Oracle Server Configuration

    Reference: http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#CEGBIIJD

    For Oracle server installed in Windows platform

    • Connect to SQL *Plus using the sqlplus command.
    • Change audit parameters using the below command:
    Copy to Clipboard

    ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;

    • Restart the Oracle server to let the changes take effect.

    For Oracle Server installed in Unix platform

    To enable Oracle syslog auditing, follow the procedure given below:

    1. Change audit parameters using the below command:
    2. Copy to Clipboard

      ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;

    3. Manually add and set the AUDIT_SYSLOG_LEVEL parameter in the initialization parameter file, initsid.ora.
    4. The AUDIT_SYSLOG_LEVEL parameter is set to specify a facility and priority in the format AUDIT_SYSLOG_LEVEL=facility.priority.

      facility: Describes the part of the operating system that is logging the message. Accepted values are user, local0–local7, syslog, daemon, kern, mail, auth, lpr, news, uucp, and cron.

      The local0–local7 values are predefined tags that enable you to sort the syslog message into categories. These categories can be log files or other destinations that the syslog utility can access. To find more information about these types of tags, refer to the syslog utility MAN page.

      priority: Defines the severity of the message. Accepted values are notice, info, debug, warning, err, crit, alert, and emerg.

      The syslog daemon compares the value assigned to the facility argument of the AUDIT_SYSLOG_LEVEL parameter with the syslog.conf file to determine where to log information.

      For example,the following statement identifies the facility as local1 with a priority level of warning:

      AUDIT_SYSLOG_LEVEL=local1.warning

      See Oracle Database Reference for more information about AUDIT_SYSLOG_LEVEL.

    5. Log in to the machine that contains the syslog configuration file, /etc/syslog.conf, with the superuser (root) privilege.
    6. Add the audit file destination to the syslog configuration file /etc/syslog.conf.
    7. For example: assuming you had set the AUDIT_SYSLOG_LEVEL to local1.warning, enter the following:

      local1.warning /var/log/audit.log

      This setting logs all warning messages to the /var/log/audit.log file.

    8. Restart the syslog logger:
    9. $/etc/rc.d/init.d/syslog restart

      Now, all audit records will be captured in the file /var/log/audit.log through the syslog daemon.

    10. Restart the Oracle server so that the changes take effect.

    Note: When logged in as SYSDBA/SYSOPER, Oracle database provides limited information on database activity monitoring.
    Hence, to get the complete audit trail activities of Oracle database, we suggest that you log in as a user with privilege other than SYSDBA/SYSOPER.

    Get download link