Database Reference
In-Depth Information
Syslog Facility
A new feature of Oracle10 g is the ability to write audit trails using the syslog facility on UNIX
systems. This facility consists of a daemon process named syslogd (see man syslogd ) that accepts
log messages from applications via the syslog C library function (see man syslog ). The configu-
ration file for syslogd is usually /etc/syslog.conf and log messages go to files in /var/log or
/var/adm depending on the UNIX variant. The log file name is determined by a string that
consists of a facility name and a priority or level. Most of these may be used when setting
AUDIT_SYSLOG_LEVEL . Each entry in /etc/syslog.conf assigns a log file name to a certain combi-
nation of facility and priority. By placing the entry user.notice /var/log/oracle_dbms into the
file syslog.conf and telling syslogd to reread the configuration file by sending it a hang-up
signal with the command kill , 1 any subsequent log entries from an ORACLE instance with the
setting AUDIT_SYSLOG_LEVEL=user.notice will be recorded in the file /var/log/oracle_dbms .
Introduction to Auditing
On UNIX systems, CONNECT , STARTUP , and SHUTDOWN of an ORACLE instance with SYSDBA or SYSOPER
privileges are unconditionally audited to files with extension .aud in $ORACLE_HOME/rdbms/audit
or a directory specified with the parameter AUDIT_FILE_DEST . 2 Oracle9 i was the first release that
had the capability of auditing actions other than CONNECT , STARTUP , and SHUTDOWN performed with
SYSDBA or SYSOPER privileges by setting AUDIT_SYS_OPERATIONS=TRUE .
Figure 1-1. Event Details in Windows Event Viewer
1. Use kill -HUP `cat /var/run/syslogd.pid` on Red Hat Linux.
2. AUDIT_FILE_DEST is used as soon as an instance has started. When connecting as SYSDBA or SYSOPER
while an instance is down, the default audit file destination $ORACLE_HOME/rdbms/audit is used.
 
Search WWH ::




Custom Search