Oracle XE audit_trail not saving for all users - oracle

I enabled auditing on my Oracle XE server via the following run by the sys user:
SQL> ALTER SYSTEM SET audit_sys_operations=true SCOPE=spfile;
SQL> ALTER SYSTEM SET audit_trail=XML,EXTENDED SCOPE=spfile;
SQL> SHUTDOWN IMMEDIATE
SQL> STARTUP
When I run queries as the sys user, an xml file records the queries in the default location (e.g., /u01/app/oracle/admin/XE/adump/xe_ora_2339_1.xml). However, if I run a query as a different user (e.g., test_user), no updates occur in any of the files in the adump directory.
I've confirmed that the parameter is set for the test_user:
SQL> show parameter audit;
NAME TYPE VALUE
------------------------ ------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/XE/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string XML, EXTENDED
I also tried restarting my sqlplus session (i.e., reconnecting with the test_user), as well as disabling audit_sys_operations, and the issue remains.
Version info: Oracle Database 11g Express Edition Release 11.2.0.2.0 - 64bit Production (via this docker image).

My issue was that, in addition to enabling auditing, I also needed to specify what to audit with the AUDIT command. In my case, I wanted everything, so I added the following (commands mentioned in this tutorial):
SQL> AUDIT ALL; # note: it seems like the next two statements would be included with "all", but I didn't verify this.
SQL> AUDIT SELECT TABLE, UPDATE TABLE, INSERT TABLE, DELETE TABLE;
SQL> AUDIT EXECUTE PROCEDURE;
Note that with AUDIT_TRAIL=XML,EXTENDED (and maybe all the file-based auditing settings?), it looks there is some buffering of writing the XML file, as I didn't get a query showing up until my test user disconnected, so if you are missing a log entry, try logging the user out to see if it shows up.

Related

Set audit parameters with no startup

I want to activate an audit operation on a table or two in my oracle db,
and for that I need to set the audit parameters.
alter system set AUDIT_SYS_OPERATIONS=true scope=spfile;
alter system set AUDIT_TRAIL=db, extended scope=spfile;
But those parameters not realy changed becuase startup of DB is needed.
Is there a way to skip over the startup to apply those changes?
This is realy important DB in production Env, and startup is almost-impossible.
Thank you.
If you just want to enable auditing on a selected objects then you can do it without bouncing your database instance. Audit trail is set to DB by default.
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/orcl/adu
mp
audit_sys_operations boolean FALSE
audit_syslog_level string
audit_trail string DB
All you need to do is to enable required auditing on that object.
SQL> conn jay
Enter password:
Connected.
SQL> audit select on my_table;
Audit succeeded.
SQL> conn system
Enter password:
Connected.
SQL> select * from jay.my_table;
no rows selected
Audit information can be accessed from USER_AUDIT_OBJECT view.
SQL> conn jay
Enter password:
Connected.
SQL> select username, action_name from user_audit_object where obj_name='MY_TABLE';
USERNAME ACTION_NAME
------------------------------ ----------------------------
SYSTEM SESSION REC
However, if you need to enable auditing for sysdba/sysoper privileged users such as sys then you need to set audit_sys_operations parameter to true which in turn requires database shutdown.
Moreover, if you are using Oracle 12c then AUDIT_SYS_OPERATIONS is set to true by default.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.2.0.1.0 - 64bit Production
SQL> show parameter audit
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
audit_file_dest string /u01/app/oracle/admin/orcl/adump
audit_sys_operations boolean TRUE
audit_syslog_level string
audit_trail string DB
you cant use it with no startup
look this (Auditing Administrative Users)

Unable to alter Oracle Parameters

I am unable to add more than 200 datafiles in my database because of these parameters:
select records_total from v$controlfile_record_section where type = 'DATAFILE';
select value from v$parameter where name = 'db_files';
Both of these give me an output of 200. I need to increase this to 400 so I have tried:
alter system set records_total = 400 where name = 'db_files';
alter system set value= 400 where type = 'DATAFILE';
but I am getting
S
QL Error: ORA-02065: illegal option for ALTER SYSTEM
02065. 00000 - "illegal option for ALTER SYSTEM"
*Cause: The option specified for ALTER SYSTEM is not supported
*Action: refer to the user manual for option supported
Am I able to change these parameters and how?
You probably want to use commands like this:
C:\Users\jonearles>sqlplus / as sysdba
SQL*Plus: Release 12.1.0.2.0 Production on Fri Jul 10 13:07:16 2015
Copyright (c) 1982, 2014, Oracle. All rights reserved.
Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options
SQL> show parameter db_files
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
db_files integer 200
SQL> alter system set db_files=400 scope=spfile;
System altered.
SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.
Total System Global Area 1048576000 bytes
Fixed Size 3053584 bytes
Variable Size 662702064 bytes
Database Buffers 377487360 bytes
Redo Buffers 5332992 bytes
Database mounted.
Database opened.
SQL> show parameter db_files
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
db_files integer 400
SQL>
This assumes you are using an SPFILE (or else you will need to manually edit the init.ora file and restart) and you are not using RAC (or else you will need to use a command like srvctl stop database -d my_sid).
As ditto mentioned, it can help to look at the ALTER syntax. It may also help to look at the Oracle Database Reference, which will tell you if the command is dynamic (meaning it can be run without restarting the database).

Oracle 12c extended to support varchar2 > 4000 bytes doesn't work for user who is not sysdba

On oracle 12c compatible 12.0.0, changed to extended with sysdba privileges.
I can create a table with varchar2(16000) as column now and insert a string > 4000 bytes; but only when connected as sysdba.
When connected as a normal user rather than sysdba, I cannot play with varchar2 >4000 bytes, an error ORA-60019 is thrown. Can anyone explain why?
the param max_string_size= extended and compatible=12.0.0 when logged in as a user who is not a sysdba.
Do following steps and let me know if the issue is resolved. I am asking to set the parameter again just to make sure
everything is in order.
1) Back up your spfile ( get location of spfile)
sqlplus / as sysdba
show parameter spfile;
2) Shut down the database.
sqlplus / as sysdba
shutdown immediate
3) Restart the database in UPGRADE mode.
startup upgrade
4) Change the setting of MAX_STRING_SIZE to EXTENDED.
alter system set MAX_STRING_SIZE ='EXTENDED' scope=spfile;
5)
sqlplus / as sysdba
#%ORACLE_HOME%\RDBMS\ADMIN\utl32k.sql
#%ORACLE_HOME%\RDBMS\ADMIN\utlrp.sql
Note: The utl32k.sql script increases the maximum size of the
VARCHAR2, NVARCHAR2, and RAW columns for the views where this is
required. The script does not increase the maximum size of the
VARCHAR2, NVARCHAR2, and RAW columns in some views because of the way
the SQL for those views is written.
rdbms/admin/utlrp.sql script helps to recompile invalid objects. You
must be connected AS SYSDBA to run the script.
6) Restart the database in NORMAL mode.
sqlplus / as sysdba
shutdown immediate
startup;
show parameter MAX_STRING_SIZE;
7) create new table with column datatype varchar2 having more than 4000 size.
You must change your file "TNSNAMES.ORA" to connect by PDB.
I was with the same problem.
I have solved with the information of link bellow.
https://dba.stackexchange.com/questions/240761/in-oracle-12c-tryiyng-to-create-table-with-columns-greater-than-4000
The reason for that behaviour is that you are in a multi-tenant environment, i.e. a master container called the CDB ("Container Database"), and any number of PDBs ("Pluggable Databases").
The CDB ("container") is a kind of "system" database that is there to contain the actual customer databases ("pluggable databases" or PDBs). The CDB is not intended to receive any customer data whatsoever. Everything goes into one or more PDBs.
When you connect without specifying any service, you are automatically placed in the CDB. The extended strings parameter is ignored for the CDB: the limit remains 4000 bytes. The following connects to the CDB. Creating a table with a long string is rejected, just like in your case:

Access control monitoring in Oracle

Is there any table or log that shows the connection attempts to an oracle database (I don't mean the active sessions, but attempts, even though they've failed or been denied)?
The information I need is the IP from which has been done the attempt, the user used, the executable used (sqlplus, toad, sqldeveloper, java ...), etc.
I guess you need Oracle Listener logging.
You can use a DATABASE TRIGGER, see CREATE TRIGGER
Example:
CREATE OR REPLACE TRIGGER MY_TRIGGER
AFTER LOGON ON DATABASE
DECLARE
BEGIN
INSERT INTO LOG_TABLE
SELECT
USERNAME, OSUSER, MACHINE, PROGRAM, --> columns in V$SESSION
ora_client_ip_address, ora_login_user, ora_sysevent --> Event Attributes from Trigger
FROM V$SESSION
WHERE SID = SYS_CONTEXT('USERENV', 'SID')
COMMIT;
END;
/
Here you see a list of all System-Defined Event Attributes: Coding Triggers
However, as stated this is a AFTER LOGON trigger, so failed attempts due to wrong password are not covered!

How to change schema name?

I have created a user:
CREATE USER gds_map
IDENTIFIED BY gds_map;
And now I need to change a name. I tried to update or find other way but have not found nothing yet.
I will be glad of any hint.
If you want to modify a schema's name,you should have the preveledegs on USER$
1. Get Id of a schema's name
SQL> select user#,NAME from SYS.user$ WHERE NAME='TEST';
USER# NAME
---------- ------------------------------
*93* TEST
2. modify the schema's name
SQL> UPDATE USER$ SET NAME='NEW_SCHEMA_NAME' WHERE USER#=93;
3. finished commit
SQL> COMMIT;
4. modify the system SCN
SQL> ALTER SYSTEM CHECKPOINT;
5.Then refresh shared_pool
SQL> ALTER SYSTEM FLUSH SHARED_POOL;
6. Modify the new schema's password
SQL> ALTER USER new_schema IDENTIFIED BY new_pass;
You can't (at least not in a supported or vaguely responsible way). You'd need to create a new user with the new username and drop the old user.
No methods exists to rename an oracle schema.
Try,
1-Create new schema
2-Export the old schema,
$exp owner=test2
3-Import old schema to new schema,
$imp fromuser=test2 touser=newuser_name
do this
1- login as sys
2- execute this:
update sys.user$
set name= 'new_name'
where name = 'old_name';
3- then restart the database
I've needed to do this so often that I even wrote an article about this topic
The workaround that I use is to "clone" the user to the same DB with a different name, using loopback dblink.
It's very fast and in the end, after a successful checkup, you can drop the old schema.
Check it here: http://www.dbarj.com.br/en/2014/11/rename-schema-oracle-11g-loopback-dblink/
Regards,
Rodrigo Jorge
In oracle database you cannot rename your username but you can change your password.
alter user USER_NAME identified by <enter_new_password>;

Resources