1 Reply Latest reply on Sep 24, 2012 1:10 PM by nicole pauls

    Problem with Oracle Auditor

    Parad0x

      Hi all,

       

      I have problem with Oracle Auditor. I configure oracle connector as described in  SolarWinds Knowledge Base :: Integrating your Oracle database with SolarWinds LEM

       

      On LEM  (you can see configuration on image (On LEM).

      On server (RHEL 5) there is content in /var/log/local6.log but nothing goes to LEM

       

      [root@hostname ContegoSPOP]# cat /var/log/local6.log | more

      Sep  3 12:43:31 hostname Oracle Audit[8594]: LENGTH: "243" SESSIONID:[8] "19657952" ENTRYID:[3] "177" STATEMENT:[2] "24" USERID:[7] "username" USERHOST:[15] "domain\username" TERMINAL:[6] "username" ACTION:[1] "3" RETURNCODE:[1] "0" OBJ$CREATOR:[7] "username" OBJ$NAME:[4] "TEST" OS$USERID:[7] "username"

      Sep  3 12:44:00 hostname Oracle Audit[8710]: LENGTH: "334" SESSIONID:[8] "19658003" ENTRYID:[1] "1" STATEMENT:[1] "1" USERID:[7] "CRPCLUB" USERHOST:[21] "hostname.domain.hr" TERMINAL:[7] "unknown" ACTION:[3] "100" RETURNCODE:[1] "0" C

      OMMENT$TEXT:[96] "Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=X.X.X.X)(PORT=5849))" OS$USERID:[4] "root" PRIV$USED:[1] "5"

      Sep  3 12:44:07 hostname Oracle Audit[8712]: LENGTH: "334" SESSIONID:[8] "19658004" ENTRYID:[1] "1" STATEMENT:[1] "1" USERID:[7] "CRPCLUB" USERHOST:[21] "hostname.domain.hr" TERMINAL:[7] "unknown" ACTION:[3] "100" RETURNCODE:[1] "0" C

      OMMENT$TEXT:[96] "Authenticated by: DATABASE; Client address: (ADDRESS=(PROTOCOL=tcp)(HOST=X.X.X.X)(PORT=5851))" OS$USERID:[4] "root" PRIV$USED:[1] "5"

      Sep  3 12:44:16 hostname Oracle Audit[8594]: LENGTH: "243" SESSIONID:[8] "19657952" ENTRYID:[3] "178" STATEMENT:[2] "25" USERID:[7] "username" USERHOST:[15] "domain\username" TERMINAL:[6] "username" ACTION:[1] "3" RETURNCODE:[1] "0" OBJ$CREATOR:[3] "SYS" OBJ$NAME:[8] "X$OPTION" OS$USERID:[7] "username"

      Sep  3 12:44:16 hostname Oracle Audit[8594]: LENGTH: "244" SESSIONID:[8] "19657952" ENTRYID:[3] "179" STATEMENT:[2] "25" USERID:[7] "username" USERHOST:[15] "domain\username" TERMINAL:[6] "username" ACTION:[1] "3" RETURNCODE:[1] "0" OBJ$CREATOR:[3] "SYS" OBJ$NAME:[9] "GV$OPTION" OS$USERID:[7] "username"

       

      Can u please advice.

       

      We also have oracle database on AIX servers, as i can see in document only windows and linux agent support this connector. Is it possible to monitor Oracle DB on AIX?

       

      Best regards,

      Branko

        • Re: Problem with Oracle Auditor
          nicole pauls

          Those log lines look good and should indeed be caught by the Oracle Auditor tool (the one you are configuring). I can't quite tell how you're configured from the screenshot, but:

          • If you're syslogging from Oracle on your RHEL box to the appliance, you'll want to configure the tool on the appliance.
          • If you're syslogging locally from Oracle on the RHEL box itself, you'll want to install an agent on your RHEL box and configure the tool on the RHEL Agent.

           

          Regarding AIX,

          • as long as it can syslog the Oracle Audit data, we should be able to support it.
          • Oracle 11 on Solaris works as well, so it's not just Linux and Windows.
          • Oracle 9 didn't support syslogging the Audit data on Solaris or Linux, so I'd imagine it doesn't on AIX either.
          • We do have an AIX agent if you want to pick up the syslog data on the AIX system not on the LEM Appliance