Oracle Database - How to add

Add Oracle Database to monitor logs

To configure hosts for which you want to monitor Oracle logs carry out the procedure given below.

  • In the Add New Host page

Add the Oracle Application server as a new Windows Host (if the Oracle application is running on a Windows machine) as per the procedure given or as a new Linux Host (if the Oracle application is running on a UNIX machine) as per the procedure given.

  • In the Settings page

After adding as Windows or Linux Host, select Settings > Configurations: Manage Applications: Add: Oracle menu or or Home tab > Applications > Actions: +Oracle menu. The Configure Oracle Hosts page opens up. In the Add Host text field, enter the host name of the Oracle application server. Click the Save icon besides the text field. Existing Oracle Application hosts are listed below the text field as Existing Hosts.

After Configuring Oracle Hosts in EventLog Analyzer, carry out the configuration given below in Oracle server.

Oracle Server Configuration

Reference: http://download.oracle.com/docs/cd/B28359_01/network.111/b28531/auditing.htm#CEGBIIJD


For Oracle server installed in Windows platform

connect to sqlplus

  • Change audit parameter using below query

ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;

  • Restart the Oracle server to get the changes effected

 


For Oracle Server installed in Unix platform

To enable Oracle syslog auditing, follow the procedure given below:

  1. Assign a value of OS to the AUDIT_TRAIL initialization parameter, as described in 'Enabling or Disabling the Standard Audit Trail'

For example: ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;

  1. Manually add and set the AUDIT_SYSLOG_LEVEL parameter to the initialization parameter file, initsid.ora.

Set the AUDIT_SYSLOG_LEVEL parameter to specify a facility and priority in the format AUDIT_SYSLOG_LEVEL=facility.priority.

facility: Describes the part of the operating system that is logging the message. Accepted values are user, local0–local7, syslog, daemon, kern, mail, auth, lpr, news, uucp, and cron.

The local0–local7 values are predefined tags that enable you to sort the syslog message into categories. These categories can be log files or other destinations that the syslog utility can access. To find more information about these types of tags, refer to the syslog utility MAN page.

priority: Defines the severity of the message. Accepted values are notice, info, debug, warning, err, crit, alert, and emerg.

The syslog daemon compares the value assigned to the facility argument of the AUDIT_SYSLOG_LEVEL parameter with the syslog.conf file to determine where to log information.

For example, the following statement identifies the facility as local1 with a priority level of warning:

AUDIT_SYSLOG_LEVEL=local1.warning

See Oracle Database Reference for more information about AUDIT_SYSLOG_LEVEL.

  1. Log in to the machine that contains the syslog configuration file, /etc/syslog.conf, with the superuser (root) privilege.

  2. Add the audit file destination to the syslog configuration file /etc/syslog.conf.

For example, assuming you had set the AUDIT_SYSLOG_LEVEL to local1.warning, enter the following:

local1.warning /var/log/audit.log

This setting logs all warning messages to the /var/log/audit.log file.

  1. Restart the syslog logger:

$/etc/rc.d/init.d/syslog restart

Now, all audit records will be captured in the file /var/log/audit.log through the syslog daemon.

  1. Restart the Oracle server so that changes are effected.