audit logs in AWS RDS Oracle database


I have a requirement to capture config changes in the logs. I tried it and it is not writing to AWS RDS audit logs. example

CREATE USER test IDENTIFIED BY "test123!" default tablespace users temporary tablespace TEMP_DBPRODB profile DEFAULT;


alter user test profile SERVICE_ACCOUNT;

it is not getting captured

I tried it on a non AWS RDS Oracle database and the above changes are gettting written to the audit log

here is what I see in the audit log

Tue Jun 13 11:47:53 2023 -04:00 LENGTH : '254' ACTION :[101] 'CREATE USER test IDENTIFIED BY * default tablespace users temporary tablespace TEMP profile DEFAULT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA'

Tue Jun 13 11:48:13 2023 -04:00 LENGTH : '183' ACTION :[31] 'GRANT CONNECT, RESOURCE to test' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA'

Tue Jun 13 11:50:15 2023 -04:00 LENGTH : '191' ACTION :[39] 'alter user test profile SERVICE_ACCOUNT' DATABASE USER:[1] '/' PRIVILEGE :[6] 'SYSDBA' CLIENT USER:[6] 'oracle'

The parameter setting for this database I see is SQL> show parameter audit_trail NAME TYPE VALUE

audit_trail string DB, EXTENDED

Whereas for AWS RDS database that value is null.

Is that the reason the audit logs is not capturing those changes?

posta un anno fa1393 visualizzazioni
2 Risposte
Risposta accettata

The fact that AUDIT_TRAIL is NULL in your RDS instance shows that auditing is not turned on. You need to turn on auditing. Please see the blog and relevant documentation from both AWS and Oracle to get what you want.

profile pictureAWS
con risposta un anno fa
profile picture
verificato un anno fa
profile picture
verificato un anno fa

Hi there!

You can see Oracle's audit logs in the RDS Console and also publish them to CloudWatch Logs for further analysis and retention. The following documentation page has all the information about it.

I hope this helps.

profile pictureAWS
con risposta un anno fa
profile picture
verificato un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande