Video Screencast Help
Search Video Help Close Back
to help
Not able to make it to Vision this year? Get a sampling in the Best of Vision on Demand group.

Oracle Audit Log collector Deployment

Created: 13 Mar 2011 | 4 comments
S_Prudent's picture
S_Prudent
Accredited
0 0 Votes
Login to vote

Hi,

I want to deploy Oracle Audit log collector for Solaris, I have done installation of Agent and Collector but no idea what to configure at Oracle side to make this collector to read audit files.

Anyone has experience with this collector and can share what should be work flow.

I have done below steps:

1- Registration of Oracle Audit Collector with SSIM

2- Installation of Solaris Agent and Oracle Audit collector at Oracle DB Server.

3- Enable auditing as described in collector manual for DB.

I have done configuration at Oracle DB server end as per attached document, can you please let me know any other configuration required at that server.

Discussion Filed Under:
, , , , , ,

Comments

BadBoo's picture
14
Mar
2011
1 Vote +1
Login to vote
BadBoo
Symantec Employee

After doing steps from the

After doing steps from the doc, Oracle is passing syslog messages to a local syslog daemon.

If your syslog daemon is configured to leave copies of messages in the local file (which is so by default) - all you need is to point the collector to a local file, which is /var/log/syslog by default.

Thanks,

Alexey.

S_Prudent's picture
14
Mar
2011
0 Votes 0
Login to vote
S_Prudent
Accredited

Thanks, Means after enabling

Thanks,

Means after enabling Audit for Oracle DB as mentioned in manual, oracle will start putting messages in syslog files. (this will be done automatically "If your syslog daemon is configured to leave copies of messages in the local file (which is so by default)")

In sensor configuration, it says file name will be messages but I think as per your comment file name will be syslog, right?

And I have to point my collector to read those files? I will do this configuration and will share my findings, please correct me if I am wrong somewhere to understand you.

BadBoo's picture
15
Mar
2011
1 Vote +1
Login to vote
BadBoo
Symantec Employee

So far you're right. As for

So far you're right. As for default name - it may differ between Linux/Unix. Doc was written for Linux installation, I took a look at my Solaris box - filename is "syslog" a I don't remember I changed it there.

Thanks,

Alexey.

S_Prudent's picture
19
Mar
2011
0 Votes 0
Login to vote
S_Prudent
Accredited

Hi BadBoo,messages file is

Hi BadBoo,

messages file is there /var/adm directory, all the SYSDBA activites has been recorded.

I am testing now, will share update with you....

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
270,005