Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Oracle Fine Grained Auditing

 

The Oracle Fine Grained Auditing DSM can poll for database audit events from Oracle 9i and later by using the Java Database Connectivity (JDBC) protocol.

To collect events, administrators must enable fine grained auditing on their Oracle databases. Fine grained auditing provides events on select, update, delete, and insert actions that occur in the source database and the records that the data changed. The database table dba_fga_audit_trail is updated with a new row each time a change occurs on a database table where the administrator enabled an audit policy.

To configure Oracle fine grained auditing, administrators can complete the following tasks:

  1. Configure on audit on any tables that require policy monitoring in the Oracle database.

  2. Configure a log source for the Oracle Fine Grained Auditing DSM to poll the Oracle database for events.

  3. Verify that the events polled are collected and displayed on the Log Activity tab of JSA.

JDBC Log Source Parameters for Oracle Fine Grained Auditing

If JSA does not automatically detect the log source, add a Oracle Fine Grained Auditing log source on the JSA Console by using the JDBC protocol.

When using the JDBC protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect JDBC events from Oracle Fine Grained Auditing:

Table 1: JDBC Log Source Parameters for the Oracle Fine Grained Auditing DSM

Parameter

Value

Log Source Type

Oracle Fine Grained Auditing

Protocol Configuration

JDBC

Log Source Identifier

Type a name for the log source. The name can't contain spaces and must be unique among all log sources of the log source type that is configured to use the JDBC protocol.

If the log source collects events from a single appliance that has a static IP address or host name, use the IP address or host name of the appliance as all or part of the Log Source Identifier value; for example, 192.168.1.1 or JDBC192.168.1.1. If the log source doesn't collect events from a single appliance that has a static IP address or host name, you can use any unique name for the Log Source Identifier value; for example, JDBC1, JDBC2.

Database Type

Oracle

Predefined Query

From the list, select None.

Table Name

Type dba_fga_audit_trail as the name of the table that includes the event records. If you change the value of this field from the default, events cannot be properly collected by the JDBC protocol.

Compare Field

Type extended_timestamp to identify new events added between queries to the table by their time stamp.

Use Prepared Statements

Select the Use Prepared Statements check box.

Prepared statements allow the JDBC protocol source to set up the SQL statement one time, then run the SQL statement many times with different parameters. For security and performance reasons, it is suggested that you use prepared statements.

Clearing this check box requires you to use an alternative method of querying that does not use pre-compiled statements.