Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Oracle Fine Grained Auditing

 

The Oracle Fine Grained Auditing DSM can poll for database audit events from Oracle 9i and later by using the Java Database Connectivity (JDBC) protocol.

To collect events, administrators must enable fine grained auditing on their Oracle databases. Fine grained auditing provides events on select, update, delete, and insert actions that occur in the source database and the records that the data changed. The database table dba_fga_audit_trail is updated with a new row each time a change occurs on a database table where the administrator enabled an audit policy.

To configure Oracle fine grained auditing, administrators can complete the following tasks:

  1. Configure on audit on any tables that require policy monitoring in the Oracle database.

  2. Configure a log source for the Oracle Fine Grained Auditing DSM to poll the Oracle database for events.

  3. Verify that the events polled are collected and displayed on the Log Activity tab of JSA.

Configuring a Log Source

After the database administrator has configured database policies, you can configure a log source to access the Oracle database with the JDBC protocol.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. On the navigation menu, click Data Sources.
  4. Click the Log Sources icon.
  5. Click Add.
  6. Using the Log Source Type list, select Oracle Fine Grained Auditing.
  7. From the Protocol Configuration list, select JDBC.
  8. Configure the following values:

    Table 1: Oracle Fine Grained Auditing JDBC Parameters

    Parameter

    Description

    Log Source Identifier

    Type the log source identifier in the following format:

    <database>@<hostname> or

    <table name>|<database>@<hostname>

    Where:

    • <table name> is the name of the table or view of the database that contains the event records. This parameter is optional. If you include the table name, you must include a pipe (|) character and the table name must match the Table Name parameter.

    • <database> is the database name, as defined in the Database Name parameter. The database name is a required parameter.

    • <hostname> is the host name or IP address for this log source, as defined in the IP or Hostname parameter. The host name is a required parameter.

    The log source identifier must be unique for the log source type.

    Database Type

    Select MSDE as the database type.

    Database Name

    Type the name of the database to which you want to connect.

    The table name can be up to 255 alphanumeric characters in length. The table name can include the following special characters: dollar sign ($), number sign (#), underscore (_), en dash (-), and period(.).

    IP or Hostname

    Type the IP address or host name of the database.

    Port

    Type the port number that is used by the database server. The default that is displayed depends on the selected Database Type. The valid range is 0 - 65536.

    The JDBC configuration port must match the listener port of the database. The database must have incoming TCP connections that are enabled to communicate with JSA.

    The default port number for all options includes the following ports:

    • DB2 - 50000

    • MSDE - 1433

    • Oracle - 1521

    If you define a Database Instance when MSDE is used as the database type, you must leave the Port parameter blank in your configuration.

    Username

    Type the database user name.

    The user name can be up to 255 alphanumeric characters in length. The user name can also include underscores (_).

    Password

    Type the database password.

    The password can be up to 255 characters in length.

    Confirm Password

    Confirm the password to access the database.

    Authentication Domain

    If you select MSDE as the Database Type, the Authentication Domain field is displayed. If your network is configured to validate users with domain credentials, you must define a Windows Authentication Domain. Otherwise, leave this field blank.

    The authentication domain must contain alphanumeric characters. The domain can include the following special characters: underscore (_), en dash (-), and period(.).

    Database Instance

    If you select MSDE as the Database Type, the Database Instance field is displayed.

    Type the type the instance to which you want to connect, if you have multiple SQL server instances on one server.

    If you use a non-standard port in your database configuration, or block access to port 1434 for SQL database resolution, you must leave the Database Instance parameter blank in your configuration.

    Predefined Query

    From the list, select None.

    Table Name

    Type dba_fga_audit_trail as the name of the table that includes the event records. If you change the value of this field from the default, events cannot be properly collected by the JDBC protocol.

    Select List

    Type * to include all fields from the table or view.

    You can use a comma-separated list to define specific fields from tables or views, if this is needed for your configuration. The list must contain the field that is defined in the Compare Field parameter. The comma-separated list can be up to 255 alphanumeric characters in length. The list can include the following special characters: dollar sign ($), number sign (#), underscore (_), en dash (-), and period(.).

    Compare Field

    Type extended_timestamp to identify new events added between queries to the table by their time stamp.

    Use Prepared Statements

    Select the Use Prepared Statements check box.

    Prepared statements allow the JDBC protocol source to set up the SQL statement one time, then run the SQL statement many times with different parameters. For security and performance reasons, it is suggested that you use prepared statements.

    Clearing this check box requires you to use an alternative method of querying that does not use pre-compiled statements.

    Start Date and Time

    Optional. Configure the start date and time for database polling.

    Polling Interval

    Type the polling interval in seconds, which is the amount of time between queries to the database table. The default polling interval is 30 seconds.

    You can define a longer polling interval by appending H for hours or M for minutes to the numeric value. The maximum polling interval is 1 week in any time format. Numeric values without an H or M designator poll in seconds.

    EPS Throttle

    Type the number of Events Per Second (EPS) that you do not want this protocol to exceed. The default value is 20000 EPS.

    Use Named Pipe Communication

    If you select MSDE as the Database Type, the Use Named Pipe Communications check box is displayed. By default, this check box is clear.

    Select this check box to use an alternative method to a TCP/IP port connection.

    When you use a Named Pipe connection, the user name and password must be the appropriate Windows authentication user name and password and not the database user name and password. Also, you must use the default Named Pipe.

    Use NTLMv2

    If you select MSDE as the Database Type, the Use NTLMv2 check box is displayed.

    Select the Use NTLMv2 check box to force MSDE connections to use the NTLMv2 protocol when it communicates with SQL servers that require NTLMv2 authentication. The default value of the check box is selected.

    If the Use NTLMv2 check box is selected, it has no effect on MSDE connections to SQL servers that do not require NTLMv2 authentication.

    Use SSL

    Select this check box if your connection supports SSL communication. This option requires more configuration on your SharePoint database and also requires administrators to configure certificates on both appliances.

    Database Cluster Name

    If you select the Use Named Pipe Communication check box, the Database Cluster Name parameter is displayed. If you are running your SQL server in a cluster environment, define the cluster name to ensure that Named Pipe communication functions properly.

  9. Click Save.
  10. On the Admin tab, click Deploy Changes.