• All Files
Using  >  Managing Event Sources  >  Database sources  >  Oracle server sources

Oracle server sources

GFI EventsManager enables you to collect and process events generated by Oracle Relational database management systems. The following audits are collected and processed by GFI EventsManager:

Audit Description
Session auditing

Audit user sessions and database access.
Statement auditing

Audit processed SQL statements.
Object auditingEnable this auditing feature to audit events of users accessing objects (example, files, folder and printer). For more information, refer to http://technet.microsoft.com/en-us/library/cc976403.aspx

Audit queries and statements related to specific objects.

The following Oracle Database versions are supported:

  • Oracle Database 9i
  • Oracle Database 10g
  • Oracle Database 11g

This section contains information about:

Pre-configuration settings for Oracle Servers event sources

Before adding Oracle Server event sources, follow the steps below on each Oracle Server instance you want to monitor:

Pre-configuration Step Description
Step 1 Ensure the logon credentials used to connect, set audits and access the audit table has the necessary permissions.
Step 2

Enable auditing on the Oracle Server by changing startup parameters. To enable auditing:

1. Startup parameters for the Oracle servers are stored in:

<Oracle Home Directory>\admin\<Oracle SID>\pfile\init.ora.

2. Locate and open the parameters file using a text editor.

3. Locate AUDIT_TRAIL parameter and change the default value to ‘db’ or ‘db_extended’ (‘db,extended’ on latest versions of Oracle).

4. Save and restart the Oracle server.

Adding a new Oracle Server group

To add a new Oracle Database group:

1. Click Configuration tab > Event Sources.

2. From Group Type, select Database Servers Groups.

Database Servers Groups

3. From Groups, right-click Oracle Servers and select Create group…

Oracle Database group - General tab

4. From General tab, configure the options described in below:

Option Description
Group Name

Key in a group name to identify the Oracle Database group.
Description

Optionally, key in a description.
Collects logs from the database servers included in this group

Collects events from the event sources in the Oracle group. Once this option is enabled, configure the Schedule scanning and Maintenance options.
Schedule scanning

Specify the frequency to collect events on a pre-defined schedule.
Maintenance

Oracle audit events are stored in a specific audit table on the Oracle server. To prevent excessive audit table growth, configure the options in this section to delete audit logs and old entries on a pre-defined time.

Oracle Database group - Logon Credentials tab

5. Select Logon Credentials tab and key in a valid username and password to connect to the Oracle server.

Oracle Database group - Operational Time tab

6. Select Operational Time tab and configure the normal operational time of the Oracle Database servers in this group.

Oracle Database group - Oracle Audit tab

7. Select Oracle Audit and configure the options described below:

Option Description
ArchiveA collection of events stored in the SQL Server based database backed of GFI EventsManager. all logs without further processing Archive events in GFI EventsManager database backend without applying processing rules.
Process the logs with the rules selected below before archiving Specify the rules to perform before archiving events in GFI EventsManager database backend.

8. Click Apply and OK.

Adding a new Oracle Server event source

To add a new Oracle Database to a database group:

1. Right-click an Oracle Server group and select Add new Oracle Server...

Add new Oracle server

2. Key in the server name or IP and click Add.

3. Click Finish and the Add New Oracle Servers dialog closes.

Note

Use Select and Import to search the network for SQL Server® or import list of SQL Server® from a text file respectively.

Oracle Server properties - General tab

4. From the right pane, double-click the new oracle server event source and configure the options described below:

Option Description
Inherit Oracle Server post collecting processing from parent group Select to inherit all settings from the parent group.
Archive events in database Archive events in GFI EventsManager database backend without applying processing rules.
Process using these rule sets Specify the rules to perform before archiving events in GFI EventsManager database backend.

Oracle Server properties - Connection Settings tab

5. Select Connection Settings and configure the options described below:

Option Description
Inherit the logon credentials from the parent group

Select to inherit login settings from the parent group.
Port

Key in the port to use to connect to the Oracle Database.
SID

The SID is a unique name to identify an Oracle Database instance. Key in the SID of the database to audit.
Service Name

The Service name is the alias used to identify the Oracle Database. Key in the Service name of the database to audit.
Test

Test the connection with the Oracle Database server.

Oracle Server properties - Audit by Objects tab

6. Select Audit by Objects and configure the options described below:

Option Description
Object

Click Browse to launch a list of available Oracle objects. Select the object to audit and click OK.

NOTE: Amongst others, Oracle objects can be procedures, views, functions and tables.
Operations

Operations are actions that modify or query an object. Click Browse to launch a list of available operations. Select the operations to audit and click OK.
Options

Select the audit options:

  • By Access - Creates an audit log per object operation execution.
  • By Session - Creates an audit log per operation and per schema object. A session is the time between a connection and a disconnection to/from the database.
  • Success - Select to process only successful audits.
  • Failure - Select to process only failed audits. Oracle will create an audit log if an audit fails to complete.
  • Both - Select to process all audit logs.
Audit

Choose this option to instruct the Oracle server to start auditing the server activities corresponding to the selected parameters (like users, statements, etc.)
Stop Audit Choose this option to instruct the Oracle server to stop auditing the server activities corresponding to the selected parameters (such as users, statements, etc.)
Current audited schema objects

A list that displays all current Oracle audited schema.

Oracle Server properties - Audit by Statements tab

7. Select Audit by Statements and configure the options described below:

Option Description
Statements

Click Browseto launch a list of available Oracle statements. Select the Oracle statements to audit and click OK.

NOTE: Amongst others, Oracle statements can be ALTER, CREATE and SELECT .
User

Oracle enables you to audit statements for a specific user. Click browse button to launch a list of available users. Select the user and click OK.
Options

Select audit options:

  • By Access - Creates one audit log for each statement execution.
  • By Session - Creates one audit log per user and per schema object. A session is the time between a connection and a disconnection to/from the database.
  • Success - Processes only successful audits.
  • Failure - Select option to process only failed audits. Oracle will create an audit log if an audit fails to complete.
  • Both - Select option to process all audit logs.
Audit

Choose this option to instruct the Oracle server to start auditing the server activities corresponding to the selected parameters (such as users, statements, etc.)
Stop Audit

Choose this option to instruct the Oracle server to stop auditing the server activities corresponding to the selected parameters (such as users, statements, etc.)
Current audited statements

A list that displays all current Oracle audited statements.

8. Click Apply and OK.

Try now, for FREE!

Related Topics

GFI EventsManager Help System v13.1.0
Copyright © GFI Software Ltd 2018
Free Trial