We have an oracle database installed in a Azure Virtual Machine sitting in its own private VNET. We would like to capture the insert, update, delete events happening on the Oracle DB records and feed these events to some kind of queue (Service Bus Queue, Event Grid, Event Hub etc.) which can then be processed by the Azure Function or Azure Logic App.
What will be the best way to capture these events in Azure?
I don't know about the details of Azure, but I would start in the Oracle Database itself by either using the build-in auditing features or custom triggers if you need more control over what must be audited.
If you use the build-in auditing, you will then just select from the auditing views and when using a trigger you will log all the needed auditing information in the trigger and then select from the custom audit tables.
Example for auditing:
create audit policy my_audit_policy actions all on hr.regions;
audit policy my_audit_policy;
Example for trigger:
create trigger aud_regions_trigger
after insert or delete or update
on hr.regions
for each row
begin
-- log data in tables
end;
/
Related
ADB users can connect to the database with any database service like LOW, MEDIUM, HIGH as listed in the doc. How can I prevent specific user from accessing these services?
Disclaimer: I am a product manager for Autonomous Database.
Today, this is possible using logon triggers. You can create a logon trigger and block any user from accessing the services you want to block.
Here's an example. In this example, the user SALES will not be able to connect to the HIGH service.
create or replace trigger sess_logon
after logon on database
begin
if sys_context('USERENV','SESSION_USER') = 'SALES' and
sys_context('USERENV','SERVICE_NAME') = 'IAAA8NWXQOHGU3H_SALESDB_high.adwc.oraclecloud.com'
then
raise_application_error(-20001,'You are not allowed to connect to the HIGH service.');
end if;
END;
/
The full service names for HIGH, MEDIUM, LOW to use in this trigger can be found with this query.
select name from v$services;
Disclaimer: I am a product manager for Autonomous Database.
I am trying to investigate some database users that used to exist in the system. I am interested when and who deleted the database user from the oracle database. Does oracle have any table or way to track deleted users?
You can check the DBA_AUDIT_TRAIL or UNIFIED_AUDIT_TRAIL views for records, but if you didn't already have it enabled the audit trail won't have captured what happened and there's no way to find out.
Going forward, if you need to enable it here's a couple of posts on auditing and basic configurations. The first, from my blog, has a quick script for basic audits including account creation and deletion using Unified Auditing:
https://pmdba.wordpress.com/2020/03/10/auditing-by-the-numbers/
https://docs.oracle.com/en/database/oracle/oracle-database/19/dbseg/introduction-to-auditing.html#GUID-94381464-53A3-421B-8F13-BD171C867405
https://oracle-base.com/articles/8i/auditing
The first thing to do is enable full Unified Auditing. This introduces several built-in access controls and tools that will make auditing of the database simpler. To enable Unified Auditing, complete the following steps:
Confirm whether or not UA is already enabled. If the response to the
following query is "TRUE", then it is.
SELECT * FROM V$OPTION WHERE
PARAMETER = 'Unified Auditing';
If UA is not enabled, then follow the steps in Section
4.6.13.2 of the Oracle Database Upgrade Guide to turn it on.
Enable basic audit policies:
-- audit granting and revocation of any privilege:
create audit policy stig_grant_privilege_actions actions grant, revoke;
-- audit all OLS administrative actions:
create audit policy stig_ols_admin_actions actions component = OLS all;
-- audit all user logon and logoff attempts:
create audit policy stig_user_logon_actions actions logon, logoff;
-- audit execution of any PL/SQL program unit:
create audit policy stig_execute_plsql_actions actions execute;
-- audit all user administration actions:
create audit policy stig_user_admin_actions actions create user, alter user, drop user, change password;
-- audit any database parameter changes, dynamic or static:
create audit policy stig_db_param_actions actions alter database, alter system, create spfile;
-- apply policies:
audit policy stig_grant_privilege_actions;
audit policy stig_ols_admin_actions;
audit policy stig_user_logon_actions;
audit policy stig_execute_plsql_actions;
audit policy stig_user_admin_actions;
audit policy stig_db_param_actions;
We have one system status table A in DB and Application process select and update on that table for 4 times in one seconds so huge audit logs are generating.
So I have tried
NOAUDIT ALL on schema.A;
but still audit logs are generated why?
and how do I find out previously fired Audit statement?
You must restart the sessions for them to stop logging in the trail.
Check that you have no trigger on that table who would do the auditing above Oracle's mechanism
I have a WCF service that uses Microsoft Enterprise Library Logging to log some messages to the Event Log. That works just fine.
The problem is that i want to log some messages to a table in an Oracle database. I am using the Entity Framework to communicate with that Oracle database.
The next step is a right click on the 'web.config' and choose the option 'Edit Enterprise Configuration'. I get the 'Enterprise Library Configuration' editor. In there i am trying to set the Logging Settings so that it also logs to the database, but when i add a database trace listener it´s asking me to fill in a procedure name. Do i have to add a procedure name to fill the table in Oracle? The msdn tells me to run the script that create an MSSQL database 'Logging' and some tables. But i don't have an MSSQL server, i have an Oracle server. And i don't want to use a seperate logging database, but save the logs to a single table.
Can anybody help me with this?
Kind regards
The Enterprise Library Database Trace Listener uses 2 stored procedures to write to the database: Add Category Procedure and Write To Log Procedure.
There is a SQL Server script to create the tables and stored procedures. This would have to be ported to Oracle.
Unfortunately, it looks like this does not work as easily as you would hope. See the blog post, Enterprise Library Logging to Oracle Database (this is based on EntLib 3, I believe) and the work item Cannot log to oracle Database using logging blocks for a description of some of the issues as well as some downloads to help.
Does oracle have Audit Trail as an inbuilt functionality?
Do i need to create separate table for Audit Log purpose to capture INSERT, UPDATE and DELETE changes?
Yes, Oracle does support auditing. You won't need to create the audit tables yourself, but you will need to configure the audit settings (i.e. which tables/users/queries to audit).
http://download.oracle.com/docs/cd/B28359_01/server.111/b28318/security.htm#i16445