By using a standard audit, the resulting audit trails can be tampered with or deleted by database administrators or by an attacker who gained administrative privileges. This is a considerable security risk.
SYSLOG is a protocol (RFC5424) designed for transmitting event messages and alerts across an IP network. The messages are generated, for example, by an application (ftp, cron, or ssh), and a syslog daemon catches them and integrates them using a device or another remote daemon. In this recipe we will integrate the Oracle audit trails with rsyslog
.
Integration with
syslog
requires the destination of audit trails to be placed externally. Change the audit trail toOS
as follows:SQL> alter system set audit_trail=OS scope=spfile; System altered.
rsyslog
is a more advanced variant ofsyslog
and is the default in Red Hat 6. The configuration file is/etc/rsyslog...