Pete, I follow your steps to enable audit_trail = db in init.ora located in ORACLE_HOME/dbs and restart my Oracle database on solaris. After my database is up, I do the exact query in your paper and results as followings: ==================================================================== SQL> select name,value from v$parameter 2 where name like 'audit%';
NAME ---------------------------------------------------------------- VALUE -------------------------------------------------------------------------------- audit_sys_operations FALSE audit_file_dest ?/rdbms/audit audit_trail NONE ==================================================================== Please tell me what is possible causes that I fail to enable audit on my database. Any comments are appreciated! Many thanks! Don Pete Finnigan wrote: > Hi > > You can get the ip address as follows: > > oracle:jupiter> sqlplus system/[EMAIL PROTECTED] > > SQL*Plus: Release 9.0.1.0.0 - Production on Wed Jun 25 20:45:54 2003 > > (c) Copyright 2001 Oracle Corporation. All rights reserved. > > Connected to: > Oracle9i Enterprise Edition Release 9.0.1.0.0 - Production > With the Partitioning option > JServer Release 9.0.1.0.0 - Production > > SQL> select sys_context('userenv','ip_address') ip,username,machine > 2 from v$session > 3 where sys_context('userenv','sessionid')=audsid; > > IP > ------------------------------------------------------------------------ > -------- > USERNAME > ------------------------------ > MACHINE > ---------------------------------------------------------------- > 172.16.240.11 > SYSTEM > jupiter > > SQL> > > you need to provide the service name when you log on otherwise the ip > address is not available using sys_context. > > Also new with 9i as part of application contexts you can use the "using" > clause of create role that a pl/sql package can be used to verify the > user, for example something like this, typed in from memory so check the > syntax!: > > create role some_role identified using sys.confirm_user; > > create or replace procedure confirm_user > authid current user is > lv_ipaddress varchar2(30); > begin > select sys_context('userenv','ip_address') > into lv_ipaddress > from sys.dual; > if lv_ipaddress='172.16.140.1' then > dbms_session.set_role('some_role'); > end if; > end; > / > > hth > > kind regards > > Pete > -- > Pete Finnigan > email:[EMAIL PROTECTED] > Web site: http://www.petefinnigan.com - Oracle security audit specialists > Book:Oracle security step-by-step Guide - see http://store.sans.org for details. > > -- > Please see the official ORACLE-L FAQ: http://www.orafaq.net > -- > Author: Pete Finnigan > INET: [EMAIL PROTECTED] > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com > San Diego, California -- Mailing list and web hosting services > --------------------------------------------------------------------- > To REMOVE yourself from this mailing list, send an E-Mail message > to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in > the message BODY, include a line containing: UNSUB ORACLE-L > (or the name of mailing list you want to be removed from). You may > also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Don Yu INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).