Integrating Oracle audit with SYSLOG
By using a standard audit, the resulting audit trails can be tampered with or deleted by database administrators or by an attacker who gained administrative privileges. This is a considerable security risk.
SYSLOG is a protocol (RFC5424) designed for transmitting event messages and alerts across an IP network. The messages are generated, for example, by an application (ftp, cron, or ssh), and a syslog daemon catches them and integrates them using a device or another remote daemon. In this recipe we will integrate the Oracle audit trails with rsyslog
.
Getting ready
All steps will be performed on the nodeorcl1
and HACKDB
database.
How to do it...
- Integration with
syslog
requires the destination of audit trails to ...
Get Oracle 11g Anti-hacker's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.