FYI: Resent with a different subject
-----------------
I've seen a few posts on the list lately suggesting the use
of LogMiner as an auditing tool.
I have serious doubts about it's use in this capacity. Imagine
the following scenario.
Duhveloper: 'We just discovered that someone dropped a critical
table in our system. We think some unauthorized
person has access to one of our production accounts!
We need to find out who this was!'
( duhvelopers always speak with exclamation points )
DBA: 'Is this the same database that was installed by the
vendor with default passwords? The same database that
I'm not allowed to change the default passwords on?'
Duhveloper: 'Uh, yeah, right.'
( Well, maybe not always )
DBA: 'OK, I may not be able to tell you who did it, but I
can pinpoint when it happened with LogMiner.'
Duhveloper: 'Great! How soon we get an answer!'
DBA: 'That depends on how closely you can narrow down the
window I have to look in. Approximately when did
happen?'
Duhveloper: 'Well, we didn't find out til this morning. The
last time anyone can recall looking at the table
was 10 days ago.'
DBA: 'This system generates a 500m log file 3 times an hour,
24x7. That means that a worst case scenario is I
process 720 Archive log files, many of which are on
tape, so I must bring those back 20 files at a time, as
the largest disk space I can spare is 10 gig. Working
fulltime I may be able to give you that answer in 30 days.'
Duhveloper: 'Oh. Well maybe we don't need it that bad. I know
what we can do! Why don't you change the default
system passwords on that database. I don't know
why you didn't do it as soon as the vendor left!'
( Duhveloper skulks away when DBA's face turns a lovely shade
of crimson and appears to be on the verge of burying Pompeii
in an ash flow. )
Seriously, has anyone successfully used LogMiner for auditing
in a production database.
Joe, your input here would be appreciated.
Jared
--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author:
INET: [EMAIL PROTECTED]
Fat City Network Services -- (858) 538-5051 FAX: (858) 538-5051
San Diego, California -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
