ITPub博客

首页 > Linux操作系统 > Linux操作系统 > Configuring Syslog Auditing

Configuring Syslog Auditing

原创 Linux操作系统 作者:jiuniang012 时间:2009-07-18 15:13:42 0 删除 编辑

To enable syslog auditing, follow these steps:

  1. Assign a value of OS to the AUDIT_TRAIL initialization parameter, as described in "Enabling or Disabling the Standard Audit Trail".

    For example:

    ALTER SYSTEM SET AUDIT_TRAIL=OS SCOPE=SPFILE;
  2. Manually add and set the AUDIT_SYSLOG_LEVEL parameter to the initialization parameter file, initsid.ora.

    Set the AUDIT_SYSLOG_LEVEL parameter to specify a facility and priority in the format AUDIT_SYSLOG_LEVEL=facility.priority.

    • facility: Describes the part of the operating system that is logging the message. Accepted values are user, local0–local7, syslog, daemon, kern, mail, auth, lpr, news, uucp, and cron.

      The local0–local7 values are predefined tags that enable you to sort the syslog message into categories. These categories can be log files or other destinations that the syslog utility can access. To find more information about these types of tags, refer to the syslog utility MAN page.

    • priority: Defines the severity of the message. Accepted values are notice, info, debug, warning, err, crit, alert, and emerg.

    The syslog daemon compares the value assigned to the facility argument of the AUDIT_SYSLOG_LEVEL parameter with the syslog.conf file to determine where to log information.

    For example, the following statement identifies the facility as local1 with a priority level of warning:

    AUDIT_SYSLOG_LEVEL=local1.warning

    See Oracle Database Reference for more information about AUDIT_SYSLOG_LEVEL.

  3. Add the audit file destination to the syslog configuration file /etc/syslog.conf.

    For example, assuming you had set the AUDIT_SYSLOG_LEVEL to local1.warning, enter the following:

    local1.warning /var/log/audit.log

    This setting logs all warning messages to the /var/log/audit.log file.

  4. Restart the syslog logger:

    $/etc/rc.d/init.d/syslog restart

    Now, all audit records will be captured in the file /var/log/audit.log through the syslog daemon.

  5. Restart the database instance:

    CONNECT SYS / AS SYSOPER
    Enter password: password
    Connected.

    SQL> SHUTDOWN;
    Database closed.
    Database dismounted.
    ORACLE instance shut down.

    SQL> STARTUP;
    ORACLE instance started.

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/9466564/viewspace-609573/,如需转载,请注明出处,否则将追究法律责任。

上一篇: Fine-Grianed Auditing
请登录后发表评论 登录
全部评论

注册时间:2009-07-02

  • 博文量
    126
  • 访问量
    211346