Tim / All. I figured it out.
Basically assign users SYSDBA privies and track accordingly. -----Original Message----- Sent: Monday, November 18, 2002 7:44 PM To: Multiple recipients of list ORACLE-L please be a little more specific? what exactly is it that oracle won't do? ----- Original Message ----- To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> Sent: Monday, November 18, 2002 7:58 PM > Tim - Thanks for the well worded response. Very, very helpful. > > So my next question: Are there any 3rd party applications available to do > what Oracle won't? > > -----Original Message----- > Sent: Monday, November 18, 2002 4:29 PM > To: Multiple recipients of list ORACLE-L > > > SYSDBA activities are not logged to the SYS.AUD$ table, even in Oracle9i > with the AUDIT_SYS_OPERATIONS parameter set to TRUE. SYSDBA operations are > always logged to the OS audit trail, including access/modifications to the > SYS.AUD$ table... > > The reason that these records are only logged to the audit trail (previous > to Oracle9i, only connections as SYSDBA were logged) is because that is the > only way to protect the audit records review and (especially!) alteration > from people with SYSDBA privilege. Someone with SYSDBA could alway muck > with the contents of the SYS.AUD$ table, but they would not necessarily have > OS permissions to alter the audit records sent to the OS. > > ..which is why the command CONNECT INTERNAL went away with Oracle9i, to > remove the last necessity for DBAs to be members of the OSDBA and OSOPER > groups in the OS. Now, with 9i and CONNECT ... AS SYSDBA commands, you can > "lock down" the OS account and account-group that owns the Oracle software > away from those with SYSDBA privileges, thus protecting the software > distribution files, log files, trace files, and audit files from casual > modification, if desired... > > ----- Original Message ----- > To: "Multiple recipients of list ORACLE-L" <[EMAIL PROTECTED]> > Sent: Monday, November 18, 2002 12:46 PM > > > > Hello All, > > > > Do any of you have suggestions for a good way to monitor sysdba user > > activities on the sys.aud$ table? Or, in terms of logging everything, > what > > would be the keypoints to log scrub on? > > > > Any suggestions would be wonderful. > > -- > > Please see the official ORACLE-L FAQ: http://www.orafaq.com > > -- > > Author: > > INET: [EMAIL PROTECTED] > > > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > > San Diego, California -- Mailing list and web hosting services > > --------------------------------------------------------------------- > > To REMOVE yourself from this mailing list, send an E-Mail message > > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > > the message BODY, include a line containing: UNSUB ORACLE-L > > (or the name of mailing list you want to be removed from). You may > > also send the HELP command for other information (like subscribing). > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: Tim Gorman > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.com > -- > Author: > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Tim Gorman INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
