Edit D:\app\Administrator\product\11.2.0\dbhome_1\oc4j\j2ee\oc4j_applications\applications\em\em\online_help\tdpsg\tdpsg_auditing025.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=us-ascii" /> <meta http-equiv="Content-Style-Type" content="text/css" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <title>Guidelines for Auditing Suspicious Database Activity</title> <meta name="generator" content="Oracle DARB XHTML Converter (Mode = ohj/ohw) - Version 5.1" /> <meta name="date" content="2009-06-02T18:13:4Z" /> <meta name="robots" content="noarchive" /> <meta name="doctitle" content="Guidelines for Auditing Suspicious Database Activity" /> <meta name="relnum" content="11g Release 2 (11.2)" /> <meta name="partnum" content="E10575-01" /> <link rel="copyright" href="./dcommon/html/cpyr.htm" title="Copyright" type="text/html" /> <link rel="stylesheet" href="./dcommon/css/blafdoc.css" title="Oracle BLAFDoc" type="text/css" /> <link rel="contents" href="toc.htm" title="Contents" type="text/html" /> <link rel="prev" href="tdpsg_auditing024.htm" title="Previous" type="text/html" /> <link rel="next" href="tdpsg_auditing026.htm" title="Next" type="text/html" /> <script src="./callback.js" type="text/javascript"></script> <noscript>Your browser does not support JavaScript. This help page requires JavaScript to render correctly.</noscript> </head> <body> <div class="zz-skip-header"><a href="#BEGIN">Skip Headers</a></div> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr valign="bottom"> <td align="left"></td> <td align="center"><a href="tdpsg_auditing024.htm"><img src="./dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="tdpsg_auditing026.htm"><img src="./dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> <p><a id="i1007822" name="i1007822"></a><a id="TDPSG60684" name="TDPSG60684"></a></p> <div class="sect2"> <h1>Guidelines for Auditing Suspicious Database Activity</h1> <a name="BEGIN" id="BEGIN"></a> <p>When <a id="sthref519" name="sthref519"></a><a id="sthref520" name="sthref520"></a>you audit to monitor suspicious database activity, follow these guidelines:</p> <ol> <li> <p><span class="bold">Audit general information, and then audit specific information.</span></p> <p>When you start to audit for suspicious database activity, often not much information is available to target specific users or schema objects. Therefore, set audit options more generally at first, that is, by using the standard audit options described in <a href="tdpsg_auditing004.htm#BCGCCBCB">"Auditing General Activities Using Standard Auditing"</a>.</p> <p>After you have recorded and analyzed the preliminary audit information, disable general auditing, and then audit specific actions. You can use fine-grained auditing, described in <a href="javascript:open('http://www.oracle.com/pls/db112/lookup?id=DBSEG525','newWindow').focus()"><span class="italic">Oracle Database Security Guide</span></a>, to audit specific actions. Continue this process until you gather enough evidence to draw conclusions about the origin of the suspicious database activity.</p> </li> <li> <p><span class="bold">Protect the audit trail.</span></p> <p>When auditing for suspicious database activity, protect the audit trail so that audit information cannot be added, changed, or deleted without being audited. You audit the standard audit trail by using the <code>AUDIT</code> SQL statement. For example:</p> <pre xml:space="preserve" class="oac_no_warn"> SQLPLUS "SYS/AS SYSDBA" Enter password: <span class="italic">password</span> SQL> AUDIT SELECT ON SYS.AUD$ BY ACCESS; </pre></li> </ol> <div class="helpinfonotealso"> <h2>Related Topics</h2> <p><a href="tdpsg_auditing022.htm#CHDBEBEE">Guideline for Using Default Auditing of SQL Statements and Privileges</a></p> <p><a href="tdpsg_auditing023.htm#i1010870">Guidelines for Managing Audited Information</a></p> <p><a href="tdpsg_auditing024.htm#i1007821">Guidelines for Auditing Typical Database Activity</a></p> </div> </div> <!-- class="sect2" --> <!-- class="sect1" --> <!-- Start Footer --> <div class="footer"> <table class="simple oac_no_warn" summary="" cellspacing="0" cellpadding="0" width="100%"> <col width="86%" /> <col width="*" /> <tr> <td align="left"><span class="copyrightlogo">Copyright © 2006, 2009, Oracle and/or its affiliates. All rights reserved.</span><br /> <a href="./dcommon/html/cpyr.htm"><span class="copyrightlogo">Legal Notices</span></a></td> <td align="center"><a href="tdpsg_auditing024.htm"><img src="./dcommon/gifs/leftnav.gif" alt="Previous" /><br /> <span class="icon">Previous</span></a> </td> <td align="center"><a href="tdpsg_auditing026.htm"><img src="./dcommon/gifs/rightnav.gif" alt="Next" /><br /> <span class="icon">Next</span></a></td> </tr> </table> </div> <!-- class="footer" --> </body> </html>
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de