Skip Headers
Oracle® Database Vault Administrator's Guide
10g Release 2 (10.2)

Part Number B25166-23
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Master Index
Master Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

16 Monitoring Oracle Database Vault

This chapter contains:

Note:

To make the charts used in the Monitor page accessible for to users of assistive technology, see "Enabling Oracle Database Vault Accessibility" in Oracle Database Vault Installation Guide.

Security Violation Attempts

You can check for security violations, such as realm or command rule violations. This feature displays data such as the user name of the person committing the violation, the action they committed, and a time stamp of the activity.

Before you can view these events, you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED.

To check for security violations:

  1. Log in to Oracle Database Vault Administrator as a user who has been granted the DV_OWNER, DV_ADMIN, or DV_SECANALYST role.

    "Starting Oracle Database Vault" explains how to log in.

  2. In the Administration page, click Monitor.

  3. At the top of the Monitor page, set a period of time for the monitoring action by selecting from the Show Records For list and clicking Go.

    This section of the Monitor page also indicates the last time the data on the page was refreshed.

  4. In the Monitor page, click Security Violation Attempts.

    A table appears, listing security policy changes.

    Description of security_violation_attempts.gif follows
    Description of the illustration security_violation_attempts.gif

Database Configuration and Structural Changes

You can view structural changes to the database or database schema objects. This feature also audits statements such as CREATE TABLE, ALTER TABLE, DROP TABLE, and ALTER DATABASE. It audits all commands, not just commands that are used in command rules. For example, if someone has unexpectedly altered a table on a production system, you can use this feature to determine what is happening.

Before you can view these events, you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED.

Follow these steps:

  1. Log in to Oracle Database Vault Administrator as a user who has been granted the DV_OWNER, DV_ADMIN, or DV_SECANALYST role.

    "Starting Oracle Database Vault" explains how to log in.

  2. In the Administration page, click Monitor.

  3. At the top of the Monitor page, set a period for the monitoring action by selecting from the Show Records For list and clicking Go.

    This section of the Monitor page also indicates the last time the data on the page was refreshed.

  4. In the Monitor page, click Database Configuration and Structural Changes.

    A table similar to the following appears:

    Database Configuration and Structural Changes table
    Description of the illustration config_struct_changes.gif

Security Policy Changes by Category

You can check the number of policy changes for the categories in the following list. These categories reflect changes to the database security policy (that is, its configuration) in any given environment. If something changes that is security related, you can use the chart and tables to drill down to find unexpected changes that should be investigated.

Before you can view these events, you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED.

To monitor security policy changes by category:

  1. Log in to Oracle Database Vault Administrator as a user who has been granted the DV_OWNER, DV_ADMIN, or DV_SECANALYST role.

    "Starting Oracle Database Vault" explains how to log on.

  2. In the Administration page, click Monitor.

  3. At the top of the Monitor page, set a period for the monitoring action by selecting from the Show Records For list and clicking Go.

    This section of the Monitor page also indicates the last time the data on the page was refreshed.

  4. In the Monitor page, check the graph under Security Policy Changes by Category.

    A graph similar to the following appears, which shows the number of security policy changes based on the following categories: Oracle Database Vault policy, Oracle Label Security policy, audit policy, privilege grants and revokes, database accounts, and database roles.

    Graph showing Security Policy Changes.
    Description of the illustration sec_policy_changes.gif

Security Policy Changes Detail

You can check the details of security policy changes, such the user who made the change, the action that occurred, the time stamp of the change, and so on.

Before you can view these events, you must ensure that the AUDIT_TRAIL initialization parameter is set to DB or DB, EXTENDED.

To monitor security policy changes by detail:

  1. Log in to Oracle Database Vault Administrator as a user who has been granted DV_OWNER, DV_ADMIN, or DV_SECANALYST role.

    "Starting Oracle Database Vault" explains how to log in.

  2. In the Administration page, click Monitor.

  3. At the top of the Monitor page, set a period for the monitoring action by selecting from the Show Records For list and clicking Go.

    This section of the page also indicates the last time the data on the page was refreshed.

  4. In the Monitor page, click Security Policy Changes by Detail.

    A table appears, listing the details for security policy changes.

    Description of sec_policy_changes_detail.gif follows
    Description of the illustration sec_policy_changes_detail.gif