SoftTree Technologies SoftTree Technologies
Technical Support Forums
RegisterSearchFAQMemberlistUsergroupsLog in
Excluding applications from the data audit

 
Reply to topic    SoftTree Technologies Forum Index » DB Audit, DB Mail, DB Tools View previous topic
View next topic
Excluding applications from the data audit
Author Message
randy



Joined: 13 Oct 2005
Posts: 9

Post Excluding applications from the data audit Reply with quote

We have a couple of user id that have dba authority
that run in a nightly encapsulated process.

Our Sarbox buddies don't care for that needless to say, but
they are really only interested in seeing if the user id
is used outside of that application.

So, I setup the audit to include these power users and to
exclude this certain application. To test this, I logged
into SqlTalk and updated a record, committed, updated to the
previous value and commited. Result was no audit trail recorded.

If I select to use all apps, then it does get captured. (and
SqlTalk was not the excluded app)

Am I doing something incorrect? It seems fairly straightforward. I
did notice that if the trigger can't find the app (ie, the
program name is returned as null in the query) then it retuns.

Thanks in advance for your assistance.
Randy

Mon Oct 17, 2005 10:12 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 6484

Post Re: Excluding applications from the data audit Reply with quote

From your previous post I assume you are auditing Oracle 9.2. Did you use the Lookup option to pickup the application name or you entered it manually? In the latest case what did you enter?

: We have a couple of user id that have dba authority
: that run in a nightly encapsulated process.

: Our Sarbox buddies don't care for that needless to say, but
: they are really only interested in seeing if the user id
: is used outside of that application.

: So, I setup the audit to include these power users and to
: exclude this certain application. To test this, I logged
: into SqlTalk and updated a record, committed, updated to the
: previous value and commited. Result was no audit trail recorded.

: If I select to use all apps, then it does get captured. (and
: SqlTalk was not the excluded app)

: Am I doing something incorrect? It seems fairly straightforward. I
: did notice that if the trigger can't find the app (ie, the
: program name is returned as null in the query) then it retuns.

: Thanks in advance for your assistance.
: Randy

Mon Oct 17, 2005 9:38 pm View user's profile Send private message
randy



Joined: 13 Oct 2005
Posts: 9

Post Re: Excluding applications from the data audit Reply with quote

: From your previous post I assume you are auditing Oracle 9.2. Did you use the
: Lookup option to pickup the application name or you entered it manually?
: In the latest case what did you enter?

It is on Oracle 9.2.

I used the name of the executable itself typing it in. eg, VMCOSTING.EXE. I then
used the application SQLTALK.EXE to perform the update as described resulting in
no audit record. Both of these app names can be seen in the enterprise manager
and using your tools app and sqlplus. The program name column in v$session shows
the same as well.

If I remove the entry, the audit occurs as expected for the selected users.
The costing app creates some 5-7K transactions every night and I'm trying to
avoid that growth if possible.

Thanks in advance.
Randy

Tue Oct 18, 2005 9:00 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 6484

Post Re: Excluding applications from the data audit Reply with quote

Most likely this is correct, but just in case try using the lookup function in DB Audit to paste the application name. To use that function, run DB Audit console while the application is running, open Data Audit Options, click Apps filter button and then on the Applications dialog click the Lookup button, choose the required application. This will ensure that all spaces, extra characters,etc... are picked exactly. Then click the Proceed to rebuild the flter table

: It is on Oracle 9.2.

: I used the name of the executable itself typing it in. eg, VMCOSTING.EXE. I
: then
: used the application SQLTALK.EXE to perform the update as described resulting
: in
: no audit record. Both of these app names can be seen in the enterprise
: manager
: and using your tools app and sqlplus. The program name column in v$session
: shows
: the same as well.

: If I remove the entry, the audit occurs as expected for the selected users.
: The costing app creates some 5-7K transactions every night and I'm trying to
: avoid that growth if possible.

: Thanks in advance.
: Randy

Tue Oct 18, 2005 9:45 am View user's profile Send private message
randy



Joined: 13 Oct 2005
Posts: 9

Post Re: Excluding applications from the data audit Reply with quote

: Most likely this is correct, but just in case try using the lookup function
: in DB Audit to paste the application name. To use that function, run DB
: Audit console while the application is running, open Data Audit Options,
: click Apps filter button and then on the Applications dialog click the
: Lookup button, choose the required application. This will ensure that all
: spaces, extra characters,etc... are picked exactly. Then click the Proceed
: to rebuild the flter table

i did that yesterday based on your suggestion in the prior response.

same results. indicated to filter an application and use dbtools sql
editor to make the change and still no audit.

i'll keep checking back for a fix.

thanks for the assistance.
randy

Wed Oct 19, 2005 9:25 am View user's profile Send private message
SysOp
Site Admin


Joined: 26 Nov 2006
Posts: 6484

Post Re: Excluding applications from the data audit Reply with quote

I am not sure what's causing that. You are not trying to use network user names in filters instead of database user names? Are you?

By the way, making such very targeted filter (audit only users X and Y when they are not using application Z) will prevent you from auditing all other users and applications. Are you sure you want to do that? Another possibility for that is auditing all users and running a report with report-time filter for specific user(s). To avoid running and checking such report manually you can use the Alert Center feature which can be used automatically to comb through audit trails and send alerts when events of interest are found. In your case you can create a custom monitor that search for audit records containing user X and Y name and application name other then Z.

: i did that yesterday based on your suggestion in the prior response.

: same results. indicated to filter an application and use dbtools sql
: editor to make the change and still no audit.

: i'll keep checking back for a fix.

: thanks for the assistance.
: randy

Wed Oct 19, 2005 11:33 am View user's profile Send private message
Display posts from previous:    
Reply to topic    SoftTree Technologies Forum Index » DB Audit, DB Mail, DB Tools All times are GMT - 4 Hours
Page 1 of 1

 
Jump to: 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


 

 

Powered by phpBB © 2001, 2005 phpBB Group
Design by Freestyle XL / Flowers Online.