On Tue, Jun 04, 2002 at 04:05:10PM +0200, Markus.Harnviat_private wrote: > Someone suggested I should use the redo logs for security auditing. The > argument used was that redo logs doesn't slow things down like "real" > auditing. That doesn't sound like security logging to me. Why not? It all depends on what your definition of "security logging" is. And "auditing", for that matter; you use the two terms seemingly interchangeably, but that isn't necessarily the case. > I also read that > you cannot audit selects with redo logs. I believe that this is true; redo logs only describe changes actually made to the DB, rather than queries made against it. In that sense, some security information _is_ lost by analyzing redo logs rather than audit trails, in that other transient transactions such as attempts to log in are also not kept in redo logs. It really all depends on what your goals are. Also, I believe Pete Finnigan wrote a whitepaper and some tools to do this sort of "Oracle IDS" analysis; you may want to check the archives of this list and the securityfocus sectools list for info on those. -- Sweth. -- Sweth Chandramouli Idiopathic Systems Consulting svcat_private http://www.idiopathic.net/ --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 12:09:33 PDT