datablogs: Audit
Showing posts with label Audit. Show all posts
Showing posts with label Audit. Show all posts

Wednesday, June 21, 2023

Oracle RDS Audit log enable

 |   |  No comments  |  , , , ,

Oracle Audit Log : 

Oracle Audit Log refers to the feature in Oracle Database that records and stores information about various database activities and events. It provides a mechanism to track and monitor user activities, system events, and changes made to the database.

  1. User Logins: Recording user login attempts and authentication information.
  2. Database Activities: Logging SQL statements executed by users, including select, insert, update, and delete operations.
  3. Privilege Usage: Monitoring the usage of privileges, such as granting or revoking permissions.
  4. Schema Changes: Tracking modifications to database objects, such as creating or altering tables, views, or indexes.
  5. System Events: Recording system-level events, such as startup and shutdown of the database.
  6. Security Violations: Detecting unauthorized access attempts or suspicious activities.
  7. Administrative Operations: Logging administrative tasks performed by database administrators, such as user management or database configuration changes.

The Oracle Audit Log provides an essential tool for security, compliance, and troubleshooting purposes.

Types of Auditing in Amazon RDS for Oracle : 

  1. Standard Auditing 
  2. Unified Auditing 
  3. Fine-grained Auditing

We are going to see , how do we enable Standard auditing in Oracle RDS 

How to enable Audit Log in Oracle RDS?

Make sure you have enabled custom parameter group for Oracle RDS 

  • Modify below values for Audit_Trail Parameter 

            Audit_Trail - DB, EXTENDED

  • Next ,Just needs to modify below DDL or DML statements to capture the logs from the server 

            AUDIT DELETE ANY TABLE;

            AUDIT DELETE TABLE BY USER_01 BY ACCESS;

            AUDIT DELETE TABLE BY USER_02 BY ACCESS;

            AUDIT ALTER, GRANT, INSERT, UPDATE, DELETE ON DEFAULT;

            AUDIT READ ON DIRECTORY datapump_dir;

Its all done , we have enabled required logs to capture for security purpose 

How to we monitor Audit Logs ? 

We can just run the below command get the captured audit logs in Oracle RDS ,

SELECT * FROM DBA_AUDIT_TRAIL order by 1 desc 

Its just for normal scenario , explained the process . Still we can separate Audit Table space and many further things are available in Oracle . Let see on another blogs 

Happy Auditing !!!