Auditing If an unauthorized user is deleting data, then the DBA might decide to audit all connections to the database and all successful and unsuccessful deletions from all tables in the database. The DBA can gather statistics about which tables are being updated, how many logical inputs/outputs (I/Os) are performed, and how many concurrent users connect at peak times. | Auditing Objectives After completing this lesson, you should be able to do the following: Outline auditing categories Enable auditing for an instance Outline auditing options Obtain audit information Auditing Auditing is the monitoring of selected user database actions, and is used to: Investigate suspicious database activity Gather information about specific database activities Auditing can be performed by session or access Auditing If an unauthorized user is deleting data, then the DBA might decide to audit all connections to the database and all successful and unsuccessful deletions from all tables in the database. The DBA can gather statistics about which tables are being updated, how many logical inputs/outputs (I/Os) are performed, and how many concurrent users connect at peak times. Auditing Guidelines Define what you want to audit: Users, statements, or objects Statement executions Successful statement executions, unsuccessful statement executions, or both Manage your audit . | Auditing Objectives After completing this lesson, you should be able to do the following: Outline auditing categories Enable auditing for an instance Outline auditing options Obtain audit information Auditing Auditing is the monitoring of selected user database actions, and is used to: Investigate suspicious database activity Gather information about specific database activities Auditing can be performed by session or access Auditing If an unauthorized user is deleting data, then the DBA might decide to audit all connections to the database and all successful and unsuccessful deletions from all tables in the database. The DBA can gather statistics about which tables are being updated, how many logical inputs/outputs (I/Os) are performed, and how many concurrent users connect at peak times. Auditing Guidelines Define what you want to audit: Users, statements, or objects Statement executions Successful statement executions, unsuccessful statement executions, or both Manage your audit trail: Monitor the growth of the audit trail Protect the audit trail from unauthorized access Auditing Guidelines Restrict auditing by first identifying the auditing requirements, and setting minimal auditing options that will cater to the requirements. Object auditing must be used where possible to reduce the number of entries generated. If statement or privilege auditing must be used, you can minimize audit generation by using the following settings: Specifying users to audit Auditing by session, and not by access Auditing either successes or failures, but not both Note: Audit records can be written to either $ or the operating system’s audit trail. The ability to use the operating system’s audit trail is operating system dependent. Monitoring the growth of the audit trail If the audit trail becomes full, no more audit records can be inserted, and audited statements will not execute successfully. Errors are returned to all users who issue an audited statement. You must free .
