Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Oracle Fine Grained Auditing

 

The Oracle Fine Grained Auditing DSM can poll for database audit events from Oracle 9i and later by using the Java Database Connectivity (JDBC) protocol.

To collect events, administrators must enable fine grained auditing on their Oracle databases. Fine grained auditing provides events on select, update, delete, and insert actions that occur in the source database and the records that the data changed. The database table dba_fga_audit_trail is updated with a new row each time a change occurs on a database table where the administrator enabled an audit policy.

To configure Oracle fine grained auditing, administrators can complete the following tasks:

  1. Configure on audit on any tables that require policy monitoring in the Oracle database.

  2. Configure a log source for the Oracle Fine Grained Auditing DSM to poll the Oracle database for events.

  3. Verify that the events polled are collected and displayed on the Log Activity tab of JSA.

Configuring a Log Source in JSA to Collect Events from Oracle Fine Grained Auditing

After the database administrator has configured database policies, you can configure a log source to access the Oracle database with the JDBC protocol.

  1. Log in to JSA.
  2. Click the Admin tab.
  3. Click the Log Sources icon.
  4. Click Add.
  5. Configure the :

    Table 1: Oracle Fine Grained Auditing JDBC Parameters

    Parameter

    Description

    Log Source Type

    Oracle Fine Grained Auditing

    Protocol Configuration

    JDBC

    Log Source Identifier

    Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.

    If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.

    Database Type

    Select MSDE as the database type.

    Database Name

    Type the name of the database to which you want to connect.

    The table name can be up to 255 alphanumeric characters in length. The table name can include the following special characters: dollar sign ($), number sign (#), underscore (_), en dash (-), and period(.).

    IP or Hostname

    Type the IP address or host name of the database.

    Port

    Enter the JDBC port. The JDBC port must match the listener port that is configured on the remote database. The database must permit incoming TCP connections. The valid range is 1 - 65535.

    The defaults are:

    • MSDE - 1433

    • Postgres - 5432

    • MySQL - 3306

    • Sybase - 1521

    • Oracle - 1521

    • Informix - 9088

    • DB2 - 50000

    If a database instance is used with the MSDE database type, you must leave the Port field blank.

    Username

    A user account for JSA in the database.

    The user name can be up to 255 alphanumeric characters in length. The user name can also include underscores (_).

    Password

    Type the database password.

    The password can be up to 255 characters in length.

    Confirm Password

    Confirm the password to connect to the database.

      
      

    Predefined Query

    From the list, select None.

    Table Name

    Type dba_fga_audit_trail as the name of the table that includes the event records. If you change the value of this field from the default, events cannot be properly collected by the JDBC protocol.

    Select List

    Type * to include all fields from the table or view.

    You can use a comma-separated list to define specific fields from tables or views, if this is needed for your configuration. The list must contain the field that is defined in the Compare Field parameter. The comma-separated list can be up to 255 alphanumeric characters in length. The list can include the following special characters: dollar sign ($), number sign (#), underscore (_), en dash (-), and period(.).

    Compare Field

    Type extended_timestamp to identify new events added between queries to the table by their time stamp.

    Use Prepared Statements

    Select the Use Prepared Statements check box.

    Prepared statements allow the JDBC protocol source to set up the SQL statement one time, then run the SQL statement many times with different parameters. For security and performance reasons, it is suggested that you use prepared statements.

    Clearing this check box requires you to use an alternative method of querying that does not use pre-compiled statements.

    Start Date and Time

    Optional. Configure the start date and time for database polling.

    Polling Interval

    Type the polling interval in seconds, which is the amount of time between queries to the database table. The default polling interval is 30 seconds.

    You can define a longer polling interval by appending H for hours or M for minutes to the numeric value. The maximum polling interval is 1 week in any time format. Numeric values without an H or M designator poll in seconds.

    EPS Throttle

    Type the number of Events Per Second (EPS) that you do not want this protocol to exceed. The default value is 20000 EPS.

      
      
      
      

    Use Oracle Encryption

    Oracle Encryption and Data Integrity settings is also known as Oracle Advanced Security.

    If selected, Oracle JDBC connections require the server to support similar Oracle Data Encryption settings as the client.

  6. Click Save.
  7. On the Admin tab, click Deploy Changes.