There are two types of Auditing
1. File Based 2. Database Audit.File Based:
1)Login http://hostname:port/em console
2) From the Identity and Access menu, select ovd1 ,select Security, then Audit Policy Settings
3) From the Audit Policy list, select Custom to configure your own filters, or one of the filter presets, None, Low, or Medium.
4) To audit only failures, click Select Failures Only.
5) To configure a filter, click the Edit icon next to its name. The Edit Filter dialog for the filter appears.
6) To add a condition, click the Add icon.
7) When you have completed the filter, click OK. and Apply it.
8) Location of Audit logs
ORACLE_INSTANCE\auditlogs\OVD\ovd1\audit.log
Database Audit
Please note that configuring the audit to file is a pre-requisite for DB store confiugration.
1) Install Audit schema using RCU -> Select component name as Audit services and schema owner as XXX_IAU while creating schema. For detail steps of RCU follow below link.
Click Here
2) Login on database and check whether XXX_IAU schema has been created with below query.
"select USERNAME,DEFAULT_TABLESPACE,TEMPORARY_TABLESPACE from dba_users where USERNAME='XXX_IAU'"
3) Login to Weblogic console and create a new JDBC Data Source with user XXX_IAU
3.1) Click Lock & Edit
3.2) In Domain Structure->select Services->Select Data Sources->select New Generic Data Source
3.3)Enter Datasource Name,JNDI Name and click Next.
3.4)Database Name=Name of database
3.5)Hostname=server where database is installed
3.6)Port= Port no where database is listening
3.7)Database User = XXX_IAU (created at time of RCU)
3.8)Password = *****
3.9) Target datasource to wls_ods server
3.10) Done
3.11) Click Activate Changes
4) From EM console-->Farm-->DomainName-->Security-->Audit store-->Choose
By Default it will be blank since file based store is used.Browse and select AUDITDBDataSource that we created in above step.
5) Open the opmn.xml file, which resides at:
$ORACLE_INSTANCE/config/OPMN/opmn/opmn.xml
6) Locate the rmd-definitions element, which looks like this:
<rmd-definitions>
<rmd name="AuditLoader" interval="15">
<conditional>
<![CDATA[({time}>=00:00)]]>
</conditional>
<action value="exec $ORACLE_HOME/jdk/bin/java -classpath
$COMMON_COMPONENTS_HOME/modules/oracle.osdt_11.1.1/osdt_cert.jar:
$COMMON_COMPONENTS_HOME/modules/oracle.osdt_11.1.1/osdt_core.jar:
$ORACLE_HOME/jdbc/lib/ojdbc5.jar:
$COMMON_COMPONENTS_HOME/modules/oracle.iau_11.1.1/fmw_audit.jar:
$COMMON_COMPONENTS_HOME/modules/oracle.pki_11.1.1/oraclepki.jar
-Doracle.home=$ORACLE_HOME
-Doracle.instance=$ORACLE_INSTANCE
-Dauditloader.jdbcString=jdbc:oracle:thin:@host:port:sid
-Dauditloader.username=username
oracle.security.audit.ajl.loader.StandaloneAuditLoader"/>
<exception value="exec /bin/echo PERIODICAL CALL For Audit Loader FAILED"/>
</rmd>
</rmd-definitions>
7) Replace the existing RMD definition for audit loader; you need to modify only these values:
jdbcString - this is the database JDBC connection string; change this from the default string to a valid connection string.(jdbc:oracle:thin:@Hostname:PortNo:DBName)
username - XXX_IAU
interval - by default the interval value is set very high (31536000 seconds) so that the audit loader is effectively disabled. Change this to a reasonable interval such as 15 seconds.
8) Save and exit the file.
Ensure that ORACLE_HOME, ORACLE_INSTANCE , and COMMON_COMPONENTS_HOME are defined. For example:
COMMON_COMPONENTS_HOME = $MW_HOME/oracle_common
9) Login to http://Hostname:Port/oamconsole
Select System Configuration -->Common Setting->Audit Setting and select low,medium or high and Save it.
10)Bounce all services
1)ODS server
2)OAM server
3)OPMN services
4)Admin server
11) Execute a scenario in an audited component to generate an audit event .
-->Database tables to be checked are:
XXX_IAU.IAU_BASE & XXX_IAU.OVDCOMPONENT
-->Location of Audit logs
ORACLE_INSTANCE\auditlogs\OVD\ovd1\audit.log
NOTE: SAME Steps can be followed for OID Auditing.
No comments:
Post a Comment