Traditional Database Auditing
Oracle Database provides robust audit support in both the Enterprise and Standard Edition of the database. Audit records include information about the operation that was audited, the user performing the operation, and the date and time of the operation. Audit records can be stored in the database audit trail or in files on the operating system. Standard auditing includes operations on privileges, schemas, objects, and statements.
Oracle recommends that the audit trail be written to the operating system files as this configuration imposes the least amount of overhead on the source database system. To enable database auditing, the initialization parameter, AUDIT_TRAIL, should be set to one of these values:
|DB||Enables database auditing and directs all audit records to the database audit trail (SYS.AUD$), except for records that are always written to the operating system audit trail|
|DB,EXTENDED||Does all actions of AUDIT_TRAIL=DB and also populates the SQL bind and SQL text columns of the SYS.AUD$ table|
|XML||Enables database auditing and directs all audit records in XML format to an operating system file|
|XML,EXTENDED||Does all actions of AUDIT_TRAIL=XML, adding the SQL bind and SQL text columns|
|OS (recommended)||Enables database auditing and directs all audit records to an operating system file|
In addition, the following database parameters should be set:
|init.ora parameter: AUDIT_FILE_DEST — Dynamic parameter specifying the location of the operating system audit trail. The default location on Unix/Linux is $ORACLE_BASE/admin/$ORACLE_SID/adump. The default on Windows is the event log. For optimal performance, it should refer to a directory on a disk that is locally attached to the host running the Oracle instance.|
|init.ora parameter: AUDIT_SYS_OPERATIONS — Enables the auditing of operations issued by user SYS, and users connecting with SYSDBA, SYSOPER, SYSASM, SYSBACKUP, SYSKM and SYSDG privileges. The audit trail data is written to the operating system audit trail. This parameter should be set to true.|
For more information and best practices on Oracle Database Auditing please read the best practices paper on the Oracle Audit Vault OTN page. Detailed information on database auditing can be found in the introductory Oracle Database 2 Day + Security Guide and the Oracle Database Security Guide.